On 02/20/2015 06:56 AM, Les Stott wrote:
Hi all,
The following is blocking the ability for me to install a CA replica.
Environment:
RHEL 6.6
IPA 3.0.0-42
PKI 9.0.3-38
On the master the following is happening:
ipa-getcert list
Number of certificates and requests being tracked: 5.
(but it
On 02/20/2015 09:36 AM, Günther J. Niederwimmer wrote:
Hello,
have any a functional Link for this Problem.
I found nothing that is working correct ? :-(.
I only know about Dovecot HOWTOs on
http://www.freeipa.org/page/HowTos#Mail_Services
If there is a problem with the instructions and you
On 02/19/2015 01:06 AM, Martin Minkus wrote:
Hello all,
Am wondering what support FreeIPA has for Application Specific
Passwords? My research seems to indicate 'none'. I've seen quite a few
people ask about this, usually the example is wanting a separate
password for dovecot etc.
Google
On 02/18/2015 07:46 PM, Dmitri Pal wrote:
On 02/18/2015 12:17 PM, Cory Carlton wrote:
Hey all.
We are in the process of essentially moving data centers while additionally
changing to new OS(rhel from centos) - so we are building replica with master
option servers to the new networks.
On 02/19/2015 05:23 PM, Dmitri Pal wrote:
On 02/19/2015 05:06 AM, Jan Pazdziora wrote:
On Wed, Feb 18, 2015 at 04:06:39PM -0800, Martin Minkus wrote:
Except where we don't want single sign on, and separate passwords are
advantageous or even required:
- Web logins
Could you elaborate on
On 02/19/2015 05:14 PM, Dmitri Pal wrote:
On 02/19/2015 10:07 AM, Jani West wrote:
Trying to migrate from CentOS 6.6 with FreeIPA 3.0.0-42 to CentOS 7.0 with
FreeIPA 3.3.3-28 by using replication.
I have prepared replication file and moved it to the new replica server.
Configured the
On 02/17/2015 12:08 AM, Rob Crittenden wrote:
Steven Jones wrote:
?
[root@xx ipa]# ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX
SASL/GSSAPI authentication started
SASL username:
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base
On 02/13/2015 01:32 PM, David Kupka wrote:
Hello Bryan,
I'm currently working on this. This feature should be available in
freeipa-4.2.
Right. Until this is done, you should be anyway able to setup chrony yourself
before running ipa-client-install. It would respect your choice (unless you
or can it be installed after
machine has been setup and is running ipa?
Bryan
On Fri, Feb 13, 2015 at 9:01 AM, Martin Kosek mko...@redhat.com wrote:
On 02/13/2015 01:32 PM, David Kupka wrote:
Hello Bryan,
I'm currently working on this. This feature should be available in
freeipa-4.2
On 02/12/2015 08:20 AM, Dmitri Pal wrote:
On 02/12/2015 01:25 AM, Michael Lasevich wrote:
Ok, after a few awkward questions from an auditor, I am starting to face the
uncomfortable truth that my understanding about how FreeIPA works is a lot
fuzzier than I would like.
Specifically, the
On 02/09/2015 05:16 PM, Chris Mohler wrote:
On 02/09/2015 10:18 AM, Martin Kosek wrote:
On 02/07/2015 12:27 AM, Chris Mohler wrote:
I'm having some troubles. I have an older IPA install Version 3.0.0. on
Centos
6.6. It's currently the only master for my domain. I have about 4k user
accounts
On 02/07/2015 12:27 AM, Chris Mohler wrote:
I'm having some troubles. I have an older IPA install Version 3.0.0. on Centos
6.6. It's currently the only master for my domain. I have about 4k user
accounts on here and it's a live system called idm
I'm trying to upgrade to V4.x as I am hoping
On 02/09/2015 03:31 PM, Dmitri Pal wrote:
On 02/09/2015 08:34 AM, alireza baghery wrote:
yes try ssh admin@hostname but do not work
log secure-
Feb 9 15:42:20 ipasrv sshd[13414]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20
Did you try the ssh admin@`hostname` command? It should show if ssh to admin
via SSSDFreeIPA really works.
On 02/09/2015 11:18 AM, alireza baghery wrote:
account admin recognize and show uid gid and groups
On Feb 9, 2015 1:42 PM, Martin Kosek mko...@redhat.com wrote:
Ok. When on the server
at 11:19 AM, Martin Kosek mko...@redhat.com wrote:
On 02/09/2015 07:42 AM, alireza baghery wrote:
i check on both server ssh each other's name and ssh successful and
resolve
name was also correct on each server
but i can not login with user admin from ipareplica via ssh
(root@ipareplica]#
ssh
On 02/09/2015 07:42 AM, alireza baghery wrote:
i check on both server ssh each other's name and ssh successful and resolve
name was also correct on each server
but i can not login with user admin from ipareplica via ssh (root@ipareplica]#
ssh admin@ipasrv === failed)
[root@ipareplica ~]#
On 02/06/2015 12:53 AM, Christopher Young wrote:
Obvious next question: Any plans to implement that functionality or advice
on how one might get some level of functionality for this? Would it be
possible to create another command-line based openssl CA that could issue
these but using IPA as
On 02/06/2015 06:59 AM, Les Stott wrote:
Hi,
I found a bug in the pki packages and CA replica installation.
Environment:
Rhel 6.6
IPA Server 3.0.0-42
Pki components:
pki-symkey-9.0.3-38.el6_6.x86_64
pki-common-9.0.3-38.el6_6.noarch
pki-setup-9.0.3-38.el6_6.noarch
On 02/05/2015 01:21 PM, Dmitri Pal wrote:
On 02/05/2015 05:54 AM, Matt . wrote:
In the past we have done some testsetups with password expiring after
we added a user, at the moment I have difficulties with this on 4.1.2
What I need is the following:
- We add a user using json/kinit
- The
Also, when upgrading, please make sure to upgrade to the 6.6.z version of SSSD
- there were couple important fixes. AFAIK, the version should be
sssd-1.11.6-30.el6_6.3
Martin
On 02/02/2015 10:35 PM, Genadi Postrilko wrote:
Thank you for your reply.
I think ill go with the first option, it
On 01/20/2015 04:49 PM, Quayle, Bill wrote:
...
Hm, this is definitely not how the migrate-ds is supposed work :-/ I wish we
can find the problem to avoid such difficulties for other users.
As this is an evaluation setup, I can tear-down and rebuild to try to capture
more data, if you want.
On 01/16/2015 11:38 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 01/16/2015 02:21 PM, Quayle, Bill wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Friday, January 16, 2015 12:51 PM
To: Quayle, Bill; Ludwig Krispenz
Cc: 'freeipa-users@redhat.com
On 01/16/2015 08:21 PM, Quayle, Bill wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Friday, January 16, 2015 12:51 PM
To: Quayle, Bill; Ludwig Krispenz
Cc: 'freeipa-users@redhat.com'
Subject: Re: [Freeipa-users] migrate-ds aborts
On 01/16/2015 04
On 01/19/2015 08:01 PM, Dmitri Pal wrote:
On 01/19/2015 01:50 PM, sipazzo wrote:
I am having trouble finding relevant documentation on using freeipa to manage
sudoers for a Solaris client. Has anyone successfully set this up without
adding a bunch of non-standard packages? I am running freeipa
On 01/16/2015 09:14 AM, Ludwig Krispenz wrote:
On 01/16/2015 08:43 AM, Martin Kosek wrote:
On 01/15/2015 06:31 PM, Quayle, Bill wrote:
I am migrating an openLDAP tree into ipa, and when I run ipa migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect
if there is anything interesting when the migration breaks.
HTH,
Martin
Bill
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Friday, January 16, 2015 2:25 AM
To: Ludwig Krispenz
Cc: Quayle, Bill; 'freeipa-users@redhat.com'
Subject: Re: [Freeipa-users] migrate-ds aborts
On 01
On 01/15/2015 06:31 PM, Quayle, Bill wrote:
I am migrating an openLDAP tree into ipa, and when I run ipa migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect to 'ldap://10.x.x.x:389’:
It has transferred 9762 records, but seems to hit a timeout that causes
On 01/13/2015 04:53 PM, Bram Vandoren wrote:
Hi All,
We run a FreeIPA server (3.0.0) on SL6. Fedora 21 clients are unable to
complete freeipa-client-install. It fails due to a parsing error of the CA
certificate. I tracked down the error and it seems our cn=CACert,cn=ipa,cn=etc
entry is
On 01/12/2015 03:53 PM, dbisc...@hrz.uni-kassel.de wrote:
Hi,
no ideas about this one?
I'm unsure if I did something wrong, but since I installed both systems the
same way, I really don't know, what could be wrong.
One thing that may be related: The working system (the one that doesn't
On 01/13/2015 10:38 AM, Brian Topping wrote:
On Jan 13, 2015, at 1:56 PM, Brian Topping brian.topp...@gmail.com wrote:
Hi folks, really pleased with the latest versions of FreeIPA. Very robust,
quite impressive!
Good to hear! :-)
In the process of setting it up, I ended up having to move
On 01/12/2015 10:04 AM, Petr Spacek wrote:
On 11.1.2015 22:16, Dale Macartney wrote:
Morning folks
I am currently working on a little pet project which I think some would
find useful.
I would like to introduce some group policy like functionality into a
FreeIPA domain.
For example:
In
On 01/08/2015 10:45 AM, Pavel Březina wrote:
On 01/07/2015 06:32 PM, Craig White wrote:
Still struggling with this...
$ sudo /sbin/service pe-puppet restart
[sudo] password for rundeck:
Stopping puppet: [ OK ]
Starting puppet:
On 01/07/2015 06:43 PM, John Desantis wrote:
Hello all,
Just an update on this issue for anyone else who experiences a similar issue.
It looks like the automatic renewal of the certificates failed on our
master due the certmonger service being stuck. I stopped the
service, stopped IPA
On 01/08/2015 09:12 PM, John Desantis wrote:
Martin, Rob, and Nalin,
The patch worked for me
(https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=1357eade4c5086e6c837a49f3008616317f88e5f),
thank you so much for the assistance!
The process was simple. I'll quickly outline it for other
like
adding *your* FreeIPA related blogs to the list! Please just send as a link to
the RSS feed of your blog (or rather category/tag devoted to the FreeIPA
project) and we will add it to the list.
Enjoy!
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management Team
On 01/07/2015 02:51 PM, Janelle wrote:
Hello fellow IPAers
I know this has been written about before - the python scripts and
fedora-domain vs rhel-domain on RHEL/CentOs 7. The question is - was there a
permanent fix yet? I continue to run into it during installs and have to edit
python
On 1/7/15 7:19 AM, Martin Kosek wrote:
On 01/07/2015 02:51 PM, Janelle wrote:
Hello fellow IPAers
I know this has been written about before - the python scripts and
fedora-domain vs rhel-domain on RHEL/CentOs 7. The question is - was there a
permanent fix yet? I continue to run
On 12/29/2014 09:54 PM, Dmitri Pal wrote:
On 12/20/2014 05:02 AM, Ben .T.George wrote:
Hi
I was trying to configure centos as ipa client and got failed with that,.
anyone please help me to configure centos as ipa client through manual
configuration.
Regards,
Ben
Sorry for a delayed
On 01/02/2015 07:47 PM, Craig White wrote:
Subject pretty much says it all.
Starting to play around with rundeck and was thinking it would be nice if I
could create a user that had the ability to sudo, without password, a public
key and the ability to run commands.
But the use of 'sudo'
On 01/04/2015 12:29 AM, Anthony Messina wrote:
I was hoping to migrate from F20 to F21 using:
http://www.freeipa.org/page/Howto/Migration
http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
The migration procedure is only needed if you run FreeIPA server with PKI based
on
Thanks, I just changed it to follow Mediawiki syntax and renamed it to
http://www.freeipa.org/page/Howto/Centralised_Logging_with_Logstash/ElasticSearch/Kibana
to keep current Howto structure. Please feel free encouraged to fill up any
more details as you go with your adventures that the
On 01/05/2015 02:05 PM, Anthony Messina wrote:
Quoting Martin Kosek mko...@redhat.com:
On 01/04/2015 12:29 AM, Anthony Messina wrote:
I was hoping to migrate from F20 to F21 using:
http://www.freeipa.org/page/Howto/Migration
http://www.freeipa.org/page/Howto
it baked in your configs
directly:
# cat /root/enrollman_password | ipa-client-install --unattended --principal
enrollman
HTH.
~J
On 1/5/15 3:27 AM, Martin Kosek wrote:
On 12/29/2014 09:54 PM, Dmitri Pal wrote:
On 12/20/2014 05:02 AM, Ben .T.George wrote:
Hi
I was trying
On 12/15/2014 10:16 AM, dbisc...@hrz.uni-kassel.de wrote:
Hi,
On Tue, 25 Nov 2014, Rich Megginson wrote:
On 11/25/2014 12:32 PM, dbisc...@hrz.uni-kassel.de wrote:
with the help of Thierry and Rich I managed to debug the running ns-slapd on
Server1 (see below). The failing attempt of
On 12/11/2014 04:38 PM, Dmitri Pal wrote:
On 12/11/2014 08:08 AM, Martin Kosek wrote:
On 12/11/2014 01:57 PM, Chris Card wrote:
On 12/11/2014 09:42 AM, Chris Card wrote:
On 12/10/2014 04:54 PM, Chris Card wrote:
On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
I've installed
On 12/11/2014 06:19 PM, Matt Chesler wrote:
I have a cluster of four IPA masters that should be performing fully meshed
replication. I discovered yesterday that a recently created user only existed
on a single master. After looking through all four masters, it appears that
several recent
On 12/11/2014 09:42 AM, Chris Card wrote:
On 12/10/2014 04:54 PM, Chris Card wrote:
On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
freeipa server and a freeipa client machine.
I've set up a user with ssh
On 12/10/2014 08:20 PM, Dmitri Pal wrote:
On 12/10/2014 06:55 AM, Gianluca Cecchi wrote:
On Tue, Dec 9, 2014 at 10:50 AM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
On 12/09/2014 12:50 AM, Gianluca Cecchi wrote:
On Mon, Dec 8, 2014 at 7:17 PM, Gianluca Cecchi
On 12/11/2014 01:57 PM, Chris Card wrote:
On 12/11/2014 09:42 AM, Chris Card wrote:
On 12/10/2014 04:54 PM, Chris Card wrote:
On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
freeipa server and a freeipa client
On Tue, Dec 9, 2014 at 4:18 AM, Martin Kosek mko...@redhat.com wrote:
On 12/08/2014 08:00 PM, Megan . wrote:
I looked through the logs on the server and i see the below error in
the apache error log when i try to register a client:
[Mon Dec 08 12:20:38 2014] [error] SSL Library Error: -12195 Peer
On 12/10/2014 03:36 AM, Dmitri Pal wrote:
On 12/09/2014 08:43 PM, Thomas Lau wrote:
Hi All,
FreeIPA Default is using 60days password expiry, how could I change it?
You go to password policies and change the global password policy.
You change MAX lifetime.
This is a global setting it will
On 12/10/2014 12:57 PM, Chris Card wrote:
Hi,
I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a freeipa
server and a freeipa client machine.
I've set up a user with ssh keys, and can successfully ssh onto the client
machine.
I'm trying to setup sudo rules so that if the
On 12/10/2014 04:54 PM, Chris Card wrote:
On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
freeipa server and a freeipa client machine.
I've set up a user with ssh keys, and can successfully ssh onto the client
On 12/07/2014 07:29 PM, Gianluca Cecchi wrote:
On Sun, Dec 7, 2014 at 3:44 PM, Gianluca Cecchi gianluca.cec...@gmail.com
wrote:
Hello,
I'm quite near to have users and groups working using ipa 3.3 as in CentOS
7 as this gives ability to do binds against compat tree.
This is with the use of
On 12/08/2014 04:17 PM, Gianluca Cecchi wrote:
On Mon, Dec 8, 2014 at 3:47 PM, Gianluca Cecchi gianluca.cec...@gmail.com
wrote:
Hello,
I followed the guide here to migrate IPA from CentOS 6.6 to CentOS 7.0:
On 12/07/2014 03:01 PM, Niranjan M.R wrote:
On 12/06/2014 12:24 AM, Dmitri Pal wrote:
Hello,
WE NEED HELP!
The biggest and the most interesting feature of FreeIPA 4.1.2 is support for
the two factor authentication using HOTP/TOTP compatible software tokens
like FreeOTP (open source
On 12/09/2014 10:05 AM, Martin Kosek wrote:
On 12/07/2014 07:29 PM, Gianluca Cecchi wrote:
On Sun, Dec 7, 2014 at 3:44 PM, Gianluca Cecchi gianluca.cec...@gmail.com
wrote:
Hello,
I'm quite near to have users and groups working using ipa 3.3 as in CentOS
7 as this gives ability to do binds
AM, Martin Kosek wrote:
On 12/07/2014 03:01 PM, Niranjan M.R wrote:
On 12/06/2014 12:24 AM, Dmitri Pal wrote:
Hello,
WE NEED HELP!
The biggest and the most interesting feature of FreeIPA 4.1.2 is support
for the two factor authentication using HOTP/TOTP compatible software
tokens like
On 12/09/2014 12:50 AM, Gianluca Cecchi wrote:
On Mon, Dec 8, 2014 at 7:17 PM, Gianluca Cecchi gianluca.cec...@gmail.com
wrote:
OK. I will check requirements to write into The wiki
When I try to login with my Fedora OpenID account and choose as nickname my
real name and press login
On 12/09/2014 11:15 AM, thierry bordaz wrote:
On 12/09/2014 10:48 AM, Niranjan M.R wrote:
On 12/09/2014 02:57 PM, thierry bordaz wrote:
Hello,
Niranjan, may I have access to your test machine.
It's a vm on my laptop. I am trying to reproduce on another VM
to which i can give access. I will
On 12/03/2014 06:23 PM, Janelle wrote:
Hi all..
Was on vacation - now I'm back. Have a new problem I thought I would run by you
--
I have replica agreements between a server and 3 others. They all show up in
ipa-replica-manage list, BUT when I try to disconnect one of them :
ipa: INFO:
On 12/05/2014 10:00 AM, Martin Kosek wrote:
On 12/03/2014 06:23 PM, Janelle wrote:
Hi all..
Was on vacation - now I'm back. Have a new problem I thought I would run by
you --
I have replica agreements between a server and 3 others. They all show up in
ipa-replica-manage list, BUT when I try
On 12/01/2014 05:46 AM, Eldo Joseph wrote:
Thanks Guys :)
Date: Sat, 29 Nov 2014 12:24:12 -0500
From: rcrit...@redhat.com
To: pvobo...@redhat.com; jeld...@live.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA V3 Backup and recovery
Petr Vobornik wrote:
On 11/28/2014 10:39
On 11/26/2014 08:33 AM, Vaclav Adamec wrote:
Hi,
I'm encounter strange behavior, I run host removing from web UI and it
failed with error Some entries were not deleted : host not found but
it's still showing in list. Via cmd:
ipa host-find
--
1 host matched
On 11/25/2014 03:07 AM, Rolf Nufable wrote:
Goodmorning
So I've solved my Time error (I think) in my fedora 20, but even though I'm
having the correct time and configured the browser for kerberos
authentication I still can't log in my admin account in the web UI
is there a work around for
On 11/25/2014 08:12 AM, Rolf Nufable wrote:
Well I tried to kinit the admin account and then reboot the server.. then
after that it worked, admin account could then log in the ipa web ui.. but
does this mean that everytime I want to log in to the UI i need to kinit
manually?
Sent from
On 11/20/2014 08:10 AM, Rolf Nufable wrote:
I've installed freeipa 4.1.1 --setup-dns --no-forwarders so far the
installation went well .. but I need to configure freeipa server as a
forwarder right?
so I used te web UI and added the freeipaserver ip as a forwarder, then I
rebooted the
with chkconfig )
TIA
On Thursday, November 20, 2014 12:34 AM, Martin Kosek
mko...@redhat.com wrote:
On 11/20/2014 08:10 AM, Rolf Nufable wrote:
I've installed freeipa 4.1.1 --setup-dns --no-forwarders so far the
installation went well .. but I need to configure freeipa
On 11/19/2014 11:37 AM, Tamas Papp wrote:
hi All,
-- Finished Dependency Resolution
Error: Package: freeipa-server-4.1.1-1.1.el7.centos.x86_64 (mkosek-freeipa)
Requires: pki-ca = 10.2.0-3
Available: pki-ca-10.0.5-3.el7.noarch (base)
pki-ca =
On 11/19/2014 11:57 AM, Tamas Papp wrote:
I am good in waiting;)
Thanks for the prompt reply.
Ok Tamas, I think we *finally* got somewhere. Can you please try the
mkosek/freeipa Copr repo now?
I was able to install upstream freeipa-server 4.1.1 package on my RHEL-7.0
machine (should be the
-
From: Bill Peck b...@pecknet.com
To: Martin Kosek mko...@redhat.com
Cc: Tamas Papp tom...@martos.bme.hu, freeipa-users@redhat.com
Sent: Wednesday, November 19, 2014 5:34:10 PM
Subject: Re: [Freeipa-users] freeipa-server from copr repo
Hi Marin,
I was able to install from the copr repo now
to permissive allowed me to install and configure IPA 4.1
on CentOS 7.
:-)
On Wed, Nov 19, 2014 at 11:41 AM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
It is highly probable the issue is caused by SELinux (check for AVCs in
/var/log/audit/audit.log).
Can you try
On 11/19/2014 09:23 PM, Tamas Papp wrote:
hi Martin,
Much better:)
Unfortunately not perfect yet.
[...]
Done configuring DNS key synchronization service (ipa-dnskeysyncd).
Restarting ipa-dnskeysyncd
Restarting named
ipa : ERRORNamed service failed to start (Command
On 11/19/2014 10:24 PM, Tamas Papp wrote:
On 11/19/2014 09:29 PM, Martin Kosek wrote:
Ah, yes. This one is not a problem with the CentOS port, but rather existing
problem in FreeIPA 4.1.1 which will be fixed in FreeIPA 4.1.2 on all
platforms, including Fedora 21 and CentOS.
See upstream
On 11/14/2014 08:02 AM, pki tech wrote:
Dear All,
In our Issuing CA, all the subsystem certificates are expired except the
caSigningCert.
I can generate the new certificate requests via certutil, but how can i get
them signed?
your swift response is appreciated.
Regards,
Kamal
What IPA
On Fri, Nov 14, 2014 at 3:50 PM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
On 11/14/2014 08:02 AM, pki tech wrote:
Dear All,
In our Issuing CA, all the subsystem certificates are expired except the
caSigningCert.
I can generate the new
On Tuesday, November 11, 2014 3:28 PM, Martin Kosek mko...@redhat.com wrote:
On 11/11/2014 08:07 AM, Rolf Nufable wrote:
well I dont know how or what command to use to display the logs, could you
teach me how?
There should be HOWTO articles on how to do that. Jakub may have better
sources
On 11/10/2014 06:58 PM, Janelle wrote:
Hi --
Has anyone seen this before?
# ipa-replica-manage del kermit.xyzzy.com --force
unexpected error: [Errno -2] Name or service not known
?? Very confused as to What service or name is not known?
This is 4.0.5 running on CentOS 7.
~J
This
On 11/11/2014 08:48 AM, Natxo Asenjo wrote:
Hi Nalin,
On Mon, Nov 10, 2014 at 5:19 PM, Nalin Dahyabhai na...@redhat.com wrote:
On Mon, Nov 10, 2014 at 04:17:49PM +0100, Natxo Asenjo wrote:
How can I debug this?
First thing would be to run the daemon with additional logging - I
usually use
On 11/11/2014 01:28 PM, Natxo Asenjo wrote:
hi Nali,
On Tue, Nov 11, 2014 at 12:57 PM, Martin Kosek mko...@redhat.com wrote:
So if the lurking double encoded certificate is in LDAP, and thus Apache DS
shows is invalid (it shows as OK in my RHEL-7.0 server), maybe the easiest
way
to fix
On 11/11/2014 01:29 PM, Petr Spacek wrote:
On 11.11.2014 13:13, Walter van Lille wrote:
SASL encrypted packet length exceeds
maximum allowed limit
Martin, do you remember where is the appropriate knob?
Do you mean nsslapd-sasl-max-buffer-size setting in cn=config? This is a
related ticket
On 11/11/2014 02:47 PM, Natxo Asenjo wrote:
hi,
On Tue, Nov 11, 2014 at 2:13 PM, Martin Kosek mko...@redhat.com wrote:
I meant IPA server running on RHEL/CentOS 6.5 or older... This is the one
that
can regenerate CAcert entry without double encoding.
ok.
So I removed the cacert
in DNS as well.
Hmm..
~J
Martin Kosek mailto:mko...@redhat.com
November 11, 2014 at 3:01 AM
This is usually DNS resolution error, though the command should not crash
this
way.
Does follow resolution work?
$ host `hostname`
$ host kermit.xyzzy.com
Alternatively, if you are not sure
, try to run:
$ authconfig --disablesssd --update
$ authconfig --enablesssd --update
if it helps, please tell me. I'm curious if you suffer from one issue I
experienced.
On Tuesday, November 11, 2014 5:56 PM, Martin Kosek mko...@redhat.com
wrote:
It is still really hard to give
On 11/08/2014 12:16 AM, Andrew Powell wrote:
Is there a way to add a Bind $GENERATE directive line to FreeIPA to
automatically name DHCP-assigned ranges?
In a file-based Bind installation, I can have the following line in the
forward
example.com zone file:
$generate 80-250/1
On 11/10/2014 08:34 AM, Les Stott wrote:
Hi all,
I have a standard freeipa environment under rhel6.
One of my replica servers, lets call it serverB had issues and I eventually
rebuilt it.
I rebuilt and restored data, but something wasn't right. Replication wasn't
working. I had tried
On 11/10/2014 07:46 AM, Les Stott wrote:
Hi all,
I have a FreeIPA environment with standard rhel6 package sets.
Everything is working well.
I would like to get our Cisco UCS 5108 authenticating via ldap with TLS using
ldap group based checks. The ucs manager runs the latest 2.2(3a)
On 11/10/2014 02:05 AM, Rolf Nufable wrote:
Hello
I have tons of questions on why free ipa wont't work on my network , I've
been using fedora 20 as the os for the server and client free ipa .
I deployed freeipa 4.0.3 at the server side and freeipa 4.1.0 for the client
side using 2 VM's
On 11/10/2014 02:48 PM, Dmitri Pal wrote:
On 11/10/2014 03:25 AM, Martin Kosek wrote:
On 11/08/2014 12:16 AM, Andrew Powell wrote:
Is there a way to add a Bind $GENERATE directive line to FreeIPA to
automatically name DHCP-assigned ranges?
In a file-based Bind installation, I can have
TIA
On Monday, November 10, 2014 8:41 PM, Jakub Hrozek jhro...@redhat.com wrote:
On Mon, Nov 10, 2014 at 12:56:00PM +0100, Martin Kosek wrote:
On 11/10/2014 02:05 AM, Rolf
Nufable wrote:
Hello
I have tons of questions on why free ipa wont't work on my network , I've
been
PM, Martin Kosek mko...@redhat.com wrote:
On 11/11/2014 06:37 AM, Rolf Nufable wrote:
or could you guys direct me or guide me on how to deploy this ipa server?
I've been successful deploying ipa version 3.3.5 before but this 4.0 and
above series is really giving me a headache
Hm
On 11/05/2014 09:20 PM, Natxo Asenjo wrote:
On Wed, Nov 5, 2014 at 7:45 PM, Natxo Asenjo natxo.ase...@gmail.com wrote:
And I think I found it:
https://fedorahosted.org/freeipa/ticket/3727
permissions of that folder:
$ ls -ld publish/
drwxr-xr-x. 2 root root 73728 Jun 13 2013 publish/
I
On 11/05/2014 09:43 PM, Alexander Bokovoy wrote:
Hi,
Heads up for those who are using 2FA feature of FreeIPA 4.0 and 4.1.
A security issue was identified in the released versions of FreeIPA 4.0
and 4.1 that makes possible for users with enabled OTP token to
authenticate using only the second
On 11/07/2014 03:05 PM, Rob Verduijn wrote:
Yup that solved it.
Everything looks ok now :-)
Thank you for you great effort.
Well, thank you for your patience. It will allow us to fix this bug in next
FreeIPA release, the patch was already submitted on freeipa-devel.
Thanks again!
Martin
On 10/24/2014 05:17 AM, Michael Lasevich wrote:
While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one of the two
boxes:
Upgrade failed with attribute allowWeakCipher not allowed
IPA upgrade failed.
Unexpected error
DuplicateEntry: This entry already exists
It seems the ipa no
On 10/17/2014 10:21 AM, Alexander Bokovoy wrote:
On Fri, 17 Oct 2014, Vaclav Adamec wrote:
Thanks for your time. Man pages were the first, but it's not working just
base on that. Find out that libsss_sudo is desperately needed and it's not
required by ipa-client rpm. So now I only need to
On 10/17/2014 01:01 PM, Orkhan Gasimov wrote:
That format is not simple for me, as I'm not a programmer. But after I check,
double-check and triple-check my FreeBSD - FreeIPA integration via SSSD and
assure that it works without unexpected behaviors, I'll probably write a
HOW-TO
on this
do not need to be
configured automatically and can use autodiscover features of
ipa-client-install. But this is even farther future :-)
17-Oct-14 16:17, Martin Kosek пишет:
On 10/17/2014 01:01 PM, Orkhan Gasimov wrote:
That format is not simple for me, as I'm not a programmer. But after I
On 10/07/2014 11:58 AM, Alexander Bokovoy wrote:
Hi!
As Andrea Veri describes in the blog[1], GNOME Project's infrastructure
is now powered by FreeIPA. While GNOME was already using SSSD since very
early days of SSSD project, move to FreeIPA on the server side took more
time.
[1]
On 09/23/2014 05:06 PM, Martin Kosek wrote:
Hello everyone!
It's been over a year now since we announced [1] that the Technical Writer
working on FreeIPA upstream guide [2] can no longer maintain the upstream
version of it. FreeIPA project developers wanted to carry the torch and forked
401 - 500 of 867 matches
Mail list logo