On 09/27/2013 06:45 AM, Mohan Cheema wrote:
Hi,
We have setup FreeIPA within our environment the setup is master slave. We want
to know how we can configure clients to look to slave incase master server is
no available to authenticate the user.
Regards,
**
*Mohan Cheema*
FreeIPA replicas
On 09/27/2013 09:31 AM, Innes, Duncan wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Sumit Bose
Sent: 26 September 2013 17:36
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Force IPA to accept
On 09/27/2013 11:03 AM, Innes, Duncan wrote:
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: 27 September 2013 09:28
To: Innes, Duncan
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Force IPA to accept password?
On 09/27/2013 09:31 AM, Innes, Duncan wrote:
From: freeipa-users
On 09/27/2013 11:14 AM, Sumit Bose wrote:
On Fri, Sep 27, 2013 at 10:27:30AM +0200, Martin Kosek wrote:
On 09/27/2013 09:31 AM, Innes, Duncan wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Sumit Bose
Sent: 26
On 09/27/2013 03:08 PM, Mohan Cheema wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Friday, September 27, 2013 9:22 AM
To: Mohan Cheema
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FreeIPA Master Slave Setup Client
Configuration
On 09/27/2013
On 09/26/2013 01:05 PM, Innes, Duncan wrote:
Hi,
Can I force IPA to accept a new password that I have chosen?
What password do you have in mind? A password of an IPA user?
Today I've had to change my password in 2x AD domains and other places
according to policy. I've done this.
But
On 09/25/2013 10:30 AM, Alexander Bokovoy wrote:
On Wed, 25 Sep 2013, Martin Kosek wrote:
On 09/24/2013 04:40 PM, Alexander Bokovoy wrote:
On Tue, 24 Sep 2013, Alexandre Ellert wrote:
Hi,
I've successfully setup a testing environment with an IPA server (RHEL 6.4)
and a cross realm trust
On 09/25/2013 05:32 PM, Bret Wortman wrote:
Does it make a difference which replica (or master) a new client registers
with? I've traditionally tried to match them up with the closest ones, but
if it doesn't make any real difference, I'll just grab whoever answers
first and be done with it.
On 09/12/2013 09:16 AM, kevint...@umac.mo wrote:
Dear all,
I have two domain, one is Windows AD domain, another is IPA domain. Both
two domain already have two-ways trust, and Windows AD user can logon
under IPA Client PC successfully.
Since user account in Windows AD can logon IPA
On 09/12/2013 08:29 PM, Thomas Raehalme wrote:
Hi!
On Thu, Sep 12, 2013 at 4:33 PM, Martin Kosek mko...@redhat.com wrote:
Well, LDAP is the data backend for all FreeIPA identity data, you can certainly
use plain LDAP binds with them (though Kerberos/GSSAPI auth is preferred).
# ldapsearch -h
On 09/12/2013 01:46 PM, Thomas Raehalme wrote:
Hi,
Previously we have used Atlassian Crowd as a source for user data in
various applications, both in-house built and proprietary such as JIRA
or Confluence. As we have deployed FreeIPA, I would like to start
using it as the identity source.
On 09/12/2013 02:54 PM, Thomas Raehalme wrote:
Hi!
On Thu, Sep 12, 2013 at 3:28 PM, Martin Kosek mko...@redhat.com wrote:
When using FreeIPA LDAP as identity source, you could ideally use
Kerberos/GSSAPI authentication. But if that is not available, you can use
simple LDAP binds too. You
On 09/12/2013 03:18 PM, Thomas Raehalme wrote:
Hi!
On Thu, Sep 12, 2013 at 4:06 PM, Martin Kosek mko...@redhat.com wrote:
I was just referring to fact, that when a system or application uses LDAP as
an
identity and authentication source, it often use simple LDAP Bind operation
(i.e
On 09/04/2013 04:02 PM, Rich Megginson wrote:
On 09/04/2013 07:58 AM, John Moyer wrote:
It was our opinion that it wasn't an index issue. I cleared the logs from
the IPA server, and then just ran a JIRA sync with the server. I gave Rich
the log file from my IPA for that sync. I can't find
www.digitalreasoning.com
On Sep 4, 2013, at 3:44 AM, Martin Kosek mko...@redhat.com wrote:
On 08/30/2013 11:08 PM, John Moyer wrote:
Well IPA has machine entries on some test clusters that I'm rolling
IPA out on (20 machines maybe) but the user base is the same (about 80
~ 100) accounts with maybe
: Martin Kosek mko...@redhat.com
To: freeipa-de...@redhat.com
Hello all,
This is a follow up for upstream doc maintenance questions I had on
freeipa-users in June:
http://www.redhat.com/archives/freeipa-users/2013-June/msg00202.html
As Content Writer taking care of the User Guide
prototype for thread function
* Remove unused variable
* Remove unused variable
=== Martin Kosek (17): ===
* Set KRB5CCNAME so that dirsrv can work with newer krb5-server
* Handle DIR type CCACHEs in test_cmdline properly
* Avoid exporting KRB5_KTNAME in dirsrv env
* Remove redundant u'' character
On 08/06/2013 10:48 AM, NEVEU Stephane wrote:
Hi guys,
New trying to install FreeIPA-server with the online documentation on a
fresh fedora 19... I've got this error message :
Any idea is welcome :)
Thank you
...
Continue to configure the system with these values? [no]: yes
The
org.apache.catalina.core.StandardService stopInternal
INFO: Stopping service Catalina
-Message d'origine-
De : Martin Kosek [mailto:mko...@redhat.com]
Envoyé : mardi 6 août 2013 13:48
À : NEVEU Stephane
Cc : freeipa-users@redhat.com
Objet : Re: [Freeipa-users] Install error pkispawn
On 07/31/2013 01:36 PM, James Hogarth wrote:
Hi,
We're looking to add monitoring to our IPA replicas and want to provide a
user with the minimum possible permissions to do so.
Allowing the user to have the Replication Administrators role works but for
monitoring the ability to
On 08/01/2013 03:56 PM, James Hogarth wrote:
On 1 August 2013 09:36, Martin Kosek mko...@redhat.com wrote:
The patch for this would do basically this:
- remove the following aci:
(targetattr != aci)(version 3.0; aci replica admins read access; allow
(read,
search, compare) groupdn = ldap
On 07/30/2013 05:52 PM, Alexander Bokovoy wrote:
On Tue, 30 Jul 2013, Dmitri Pal wrote:
On 07/30/2013 08:17 AM, Matt . wrote:
Hi Dimitri,
It's a good tuturial but I'm kinda stuck (and new to that part)
What we seem to need is:
A - B - C - D
A= user(running one) B= Webserver C=IPAserver
On 07/26/2013 02:04 PM, Martin Kosek wrote:
On 07/26/2013 12:23 PM, Schmitt, Christian wrote:
Hello,
currently I'm trying to get ipa working on a virtual environment, after we
updated the kernel and restarted ipa, we can't login to our web ui.
The time is totally correct, and nothing has
On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote:
On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote:
On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
I'm trying to install an IPA server using an external CA.
I ran the ipa-server-install --external-ca command, and got my
On 07/25/2013 06:53 PM, Armstrong, Kenneth Lawrence wrote:
On Thu, 2013-07-25 at 11:51 -0400, Rob Crittenden wrote:
Armstrong, Kenneth Lawrence wrote:
On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote:
On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote:
On Fri, 2013-07-19 at 17
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
Let me know
Regards,
AB
On Tue, Jul 23, 2013 at 12:13 AM, Martin Kosek mko...@redhat.com wrote:
On 07/23/2013 01:31 AM, Aissa Brahimi wrote:
[abrahimi@ipa02 ipa]$ sudo ipa-replica-install --setup-dns
--forwarder
after receiving EOF in installutils.read_password.
=== Lukas Slebodnik (1): ===
* Use pkg-config to detect cmocka
=== Martin Kosek (11): ===
* Set KRB5CCNAME so that dirsrv can work with newer krb5-server
* Handle DIR type CCACHEs in test_cmdline properly
* Avoid exporting KRB5_KTNAME in dirsrv
Please note that the FreeIPA Fedora 19 Test Day is happening tomorrow!
Thanks in advance to all volunteers helping us test the new Active Directory
Trust features.
The FreeIPA Team
On 07/19/2013 11:56 PM, Dmitri Pal wrote:
Hello,
The FreeIPA team is happy to welcome you to a Fedora Test Day
On 07/23/2013 01:31 AM, Aissa Brahimi wrote:
[abrahimi@ipa02 ipa]$ sudo ipa-replica-install --setup-dns
--forwarder=1.1.1.1 --no-reverse replica-info-ipa02.company.com gpg
--skip-conncheck
[sudo] password for abrahimi:
Directory Manager (existing master) password:
Your system may be
described
on FreeIPA.org site:
http://www.freeipa.org/page/Howto/Dogtag9ToDogtag10Migration
We will answer any questions or comments.
Sorry for the inconvenience.
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc
On 07/19/2013 02:59 AM, Alexandre Ellert wrote:
Hi,
I have these 3 errors/warnings message when I join a Debian client to a RHEL
6.4 server (ipa-server-3.0.0-26.el6_4.4.x86_64):
= certmonger failed to stop: [Errno 2] No such file or directory:
'/var/run/ipa/services.list'
There is no
On 07/19/2013 03:28 PM, Alexandre Ellert wrote:
Le 19 juil. 2013 à 10:20, Martin Kosek mko...@redhat.com a écrit :
On 07/19/2013 02:59 AM, Alexandre Ellert wrote:
Hi,
I have these 3 errors/warnings message when I join a Debian client to a
RHEL 6.4 server (ipa-server-3.0.0-26.el6_4.4
public keys.
- Key are correctly uploaded on the new VM.
Le 19 juil. 2013 à 16:30, Alexandre Ellert aell...@numeezy.com a écrit :
Le 19 juil. 2013 à 16:24, Martin Kosek mko...@redhat.com a écrit :
On 07/19/2013 03:28 PM, Alexandre Ellert wrote:
Le 19 juil. 2013 à 10:20, Martin Kosek mko
On 07/17/2013 07:03 PM, Joseph, Matthew (EXP) wrote:
Hello,
I’ve seem to run into an issue with our admin account on our FreeIPA server.
Our password expired (I thought I disabled the password expiration for this
account) and when I run kinit admin it prompts me for a new password.
On 07/17/2013 11:14 PM, Shapiro, Matthew E CTR DODHRA DMDC (US) wrote:
Hi ,
While running the ipa-client-install script on a RHEL 6.4 server, I get the
following output (please note the indicated line with the arrow):
[root@[hostname]]# ipa-client-install
Discovery was
when encrypting/decrypting files.
=== Lukas Slebodnik (1): ===
* Use pkg-config to detect cmocka
=== Martin Kosek (7): ===
* Remove entitlement support
* Enable SASL mapping fallback.
* Drop SELinux subpackage
* Drop redundant directory /var/cache/ipa/sessions
* Run server upgrade and restart
On 07/16/2013 01:50 AM, Dmitri Pal wrote:
On 07/15/2013 12:57 PM, diaulas...@primeinformatica.com.br wrote:
Hi,
Im trying to reinstall a unsuccessful instalation...
ipa-client-install tells me to uninstall first
ipa-client-install --uninstall return that error:
Failed to remove
Just checking, did you try troubleshooting hints from JR I found at the top of
the thread? I did not find an information about that.
Can you confirm that the output of the following commands:
1. $ domainname
* does it match your domain?
2. $ hostname
* does match match your fqdn?
3. $ getent
On 07/13/2013 05:28 AM, Ian Chapman wrote:
Hi,
I've just recently upgrade my F18 server to F19 and IPA is failing to start:
Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Aborting ipactl
Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting Directory Service
Jul 13 10:52:30
On 06/24/2013 08:32 PM, Vitaly wrote:
Sorry for probably stupid question, but if in general
ipaclient.staging.example.com http://ipaclient.staging.example.com
host may be a member in prod.example.com http://prod.example.com
domain?
Sure, you just need to have properly configured
On 06/18/2013 02:28 AM, Dmitri Pal wrote:
On 06/14/2013 11:59 AM, Erinn Looney-Triggs wrote:
So my CA certificate in IPA is a subordinate certificate of an AD CS
instance. These certificates by default are only valid for two years,
and mine will be up come this December.
So, I am looking for
): ===
* Prompt for nameserver IP address in dnszone-add
* Do not display success message on failure in web UI
* Prevent error when running IPA commands with su/sudo
=== Diane Trout (1): ===
* Fix log format not a string literal.
=== Martin Kosek (4): ===
* Set KRB5CCNAME so that dirsrv can work with newer
On 06/05/2013 10:20 AM, Martin Kosek wrote:
Hello FreeIPA and SSSD users,
Our team just published FreeIPASSSD training presentations created in the
event of finishing FreeIPA 3.0 and SSSD 1.9.2 back in beginning of 2013.
I would like to welcome you to look at the presentations
On 06/06/2013 04:37 PM, Jakub Hrozek wrote:
On Thu, Jun 06, 2013 at 10:30:34AM -0400, Rob Crittenden wrote:
Natxo Asenjo wrote:
hi,
just interested. We have noticed that ldap users have this PS1 envvar:
PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$
This is a confusing moment. Changing
with understanding, configuring or even
debugging the features. All presentations were uploaded to the FreeIPA.org wiki:
http://www.freeipa.org/page/Documentation#FreeIPA_Training_Series
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc
Bokovoy (1)
* Fix cldap parser to work with a single equality filter (NtVer=...)
Martin Kosek (1):
* Become IPA 3.1.5
Petr Viktorin (1):
* Remove leading zero from IPA_NUM_VERSION
Simo Sorce (2):
* CLDAP: Fix domain handling in netlogon requests
* CLDAP: Return empty reply on non-fatal errors
On 05/31/2013 09:37 AM, Sumit Bose wrote:
On Fri, May 31, 2013 at 06:52:27AM +, Ondrej Valousek wrote:
Hi List,
I have a question - is it possible to use AD trust the way that:
1. All users are stored in AD
2. All Unix specific information (automount maps, sudo rules, HBAC rules)
are
On 05/25/2013 08:01 PM, Dmitri Pal wrote:
On 05/25/2013 11:07 AM, Dean Hunter wrote:
A couple of months ago I found in the Test Day pages of the Fedora
Project Wiki a wealth of How to instructions in the prerequisites and
the test cases. In my experience, reference manuals, man pages and help
On 05/27/2013 12:50 PM, Sigbjorn Lie wrote:
Hi,
A while back I got some help writing a python script who extends the user
classes in ipalib to run
a custom command when a user is added/modified/deleted. This has been working
perfectly in our
production environment for a few years now,
On 05/24/2013 03:34 PM, Simo Sorce wrote:
On Fri, 2013-05-24 at 07:44 -0400, Ainsworth, Thomas wrote:
Greetings,
I was told to bring my issue to this distribution.
Six months or so ago I was tasked with setting up a Kerberos/LDAP
Authentication server. After a
month of headaches I
On 05/23/2013 04:56 PM, Sigbjorn Lie wrote:
Hi,
I opened a RFE request almost 2 years ago for automount cross-location
support, and recently I
discovered how it can be integrated.
https://fedorahosted.org/freeipa/ticket/1699
It is possible to reference a LDAP map from outside what
On 05/16/2013 07:32 PM, Natxo Asenjo wrote:
On Thu, May 16, 2013 at 6:48 PM, William Muriithi william.murii...@gmail.com
mailto:william.murii...@gmail.com wrote:
Afternoon,
Got a question, I know FreeIPA does not allow anonymous binding so if one
need to create an account to
On 05/15/2013 12:48 AM, Christian Hernandez wrote:
Not sure if anyone noticed that the site is down
http://www.freeipa.org/
Thank you,
Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax: 818-265-3152
christi...@4over.com
On 05/13/2013 10:27 AM, Martin Kosek wrote:
Hello FreeIPA users!
We are now in process of migrating our old mediawiki running on
www.freeipa.org
to a new hosting which will run an updated mediawiki software along with
updated theme and front page (more changes will come in future
On 05/12/2013 03:59 PM, Arthur wrote:
11.05.2013 21:23, Dean Hunter пишет:
Please help me find instructions on configuring NFS auto-mount user home
directories. The FreeIPA Guide very carefully says:
IMPORTANT
FreeIPA does not set up or configure autofs. That must be done
separately.
wiki was put to read only
mode. I will update this thread when the migration is finished.
Thanks for understanding.
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
___
Freeipa-users mailing
On 05/07/2013 04:51 AM, Peter Brown wrote:
On 6 May 2013 17:07, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
I am glad you made it working. Just for the record, CRL and OCSP
revocation
URIs in FreeIPA v3.1 were flawed, there are relevant fixes in FreeIPA 3.2
in ipa-ca on ipa-csreplica-manage del.
* Do not use new LDAP API in old code.
* Use correct zone when removing DNS records of a master.
* Add support for OpenSSH 6.2.
Martin Kosek (4):
* Require 389-base-base 1.3.0.5
* Add userClass attribute for hosts
* Update pki proxy configuration
* Become IPA
I am glad you made it working. Just for the record, CRL and OCSP revocation
URIs in FreeIPA v3.1 were flawed, there are relevant fixes in FreeIPA 3.2 that
will make it working again.
More information can be found out in FreeIPA.org wiki:
http://www.freeipa.org/page/V3/Single_OCSP_and_CRL_in_certs
On 04/24/2013 10:30 PM, Chris Evich wrote:
On 04/24/2013 08:32 AM, Tomas Babej wrote:
On 04/24/2013 01:53 PM, Arturo Borrero wrote:
Hi there.
I'm wondering if it's possible to get FreeIPA with a 'public user
interface'.
This is: a place where a standar user can update his password and
On 04/18/2013 03:12 PM, Rob Crittenden wrote:
The FreeIPA team is happy to welcome you to a Fedora Test Day that is being
held today, Thursday, April 18th.
We invite you to take part in testing of the new features that will become
available in upcoming FreeIPA 3.2 upstream release and will
On 04/16/2013 09:13 AM, Arturo Borrero wrote:
Hi there!
My problem was:
I had some old registers of an old Microsoft AD in my DNS servers.
The ipa-server-installer detected this and was being misconfigured.
I deleted the AD references in the DNS, reinstall, and all went fine.
On 04/16/2013 03:16 AM, Dmitri Pal wrote:
On 04/15/2013 07:42 PM, Chandan Kumar wrote:
I agree it won't be a security feature nor you are doing wrong by not adding
it. However, it might come as nice to have feature. Let me explain you my
condition.
We host web application where lot of DNS
On 04/16/2013 04:25 PM, Dmitri Pal wrote:
On 04/16/2013 03:38 AM, Martin Kosek wrote:
On 04/16/2013 03:16 AM, Dmitri Pal wrote:
On 04/15/2013 07:42 PM, Chandan Kumar wrote:
I agree it won't be a security feature nor you are doing wrong by not
adding
it. However, it might come as nice
On 04/15/2013 03:16 PM, Arturo Borrero wrote:
Hi there,
In a freshly installed server, I try:
# ipa-server-install
[...]
[12/13]: restarting httpd
[13/13]: configuring httpd to start on boot
Done configuring the web interface (httpd).
Applying LDAP updates
Restarting the directory
On 04/15/2013 03:50 PM, Rob Crittenden wrote:
Arturo Borrero wrote:
On 15/04/13 15:33, Martin Kosek wrote:
On 04/15/2013 03:16 PM, Arturo Borrero wrote:
Hi there,
In a freshly installed server, I try:
# ipa-server-install
[...]
[12/13]: restarting httpd
[13/13]: configuring httpd
On 04/12/2013 01:07 AM, Chandan Kumar wrote:
Hello,
I have a question regarding Uer Roles and Access in GUI. What I have found
that
irrespective of Role assigned to a user, he gets read only access across the
directory.
For example, I created one user say dnsadmin with only Roles
On 04/09/2013 01:28 PM, Martin Kosek wrote:
Hello FreeIPA users!
We would like to give you a heads up about a OCSP/CRL certificate validation
issue introduced in FreeIPA 3.1 release (ticket 3074) we have discovered.
ISSUE:
Certificates issued by FreeIPA server 3.1 and later contains 2 CRL
On 04/06/2013 07:38 PM, Sigbjorn Lie wrote:
Hi,
I am trying to install the IPA client on a CentOS 6.4 host, however the auto
discovery of the IPA server is failing, from what seem to be caused by my IPA
servers having anonymous binds switched off.
Is this expected behaviour?
# rpm
versioning
* Fixed the catch of the hostname option during ipa-server-install
* Raise ValidationError when CSR does not have a subject hostname
Martin Kosek (58):
* Add Lynn Root to Contributors.txt
* Enable SSSD on client install
* Fix delegation-find command --group handling
* Do not crash when Kerberos
On 03/27/2013 02:11 AM, David Redmond wrote:
Hi again,
I've got a bit more information. I've found that I can successfully kinit on
the Solaris 9 clients if, on the server, I change the user's password by:
ipa-getkeytab -s SERVER -p USER@REALM -k krb5.keytab -P
This works even if I
in suppress_netgroup_memberof.
* Remove disabled entries from sudoers compat tree.
* Fix internal error in output_for_cli method of sudorule_{enable,disable}.
Martin Kosek (33):
* Fix migration for openldap DS
* Remove unused krbV imports
* Use fully qualified CCACHE names
* Fix permission_find test error
* Add
We already have a bug filed:
https://bugzilla.redhat.com/show_bug.cgi?id=924395
This should be fixed along with ticket adding sudo configuration support to
ipa-client-install:
https://fedorahosted.org/freeipa/ticket/3358
Martin
On 03/22/2013 07:13 AM, Brian Cook wrote:
no problem, thanks for
On 03/21/2013 06:59 AM, Brian Cook wrote:
Is there something equivalent to 'getattr' for ipa host-mod?
I see setattr, addattr and delattr but to get attributes you have to do
host-show --all. There is no way to ask for one specific attribute?
Thanks,
Brian
No, I am afraid there is
On 03/19/2013 01:12 PM, Bret Wortman wrote:
Preparation of the replica data file went without a hitch, but on
installation:
# ipa-replica-install --setup-dns --no-forwarders
replica-info-jsipa.damascusgrp.com http://replica-info-jsipa.damascusgrp.com
--skip-conncheck
Directory Manager
On Tue, Mar 19, 2013 at 8:48 AM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
Ok. This looks like dirsrv errors from the master machine. Are there
also any
interesting errors on the replica machine?
Martin
On 03/19
On 03/13/2013 11:02 PM, Natxo Asenjo wrote:
On Wed, Mar 13, 2013 at 10:45 PM, Dale Macartney
d...@themacartneyclan.com wrote:
I've just deployed a RHEL 6.4 proxy and the guide is still accurate and
works.. however I agree a config file would be a better place for the
options. Both work at the
On 03/14/2013 09:41 AM, Dale Macartney wrote:
On 03/14/2013 08:11 AM, Dale Macartney wrote:
On 03/14/2013 08:07 AM, Martin Kosek wrote:
On 03/13/2013 11:02 PM, Natxo Asenjo wrote:
...
Dale, do you plan to update the howto on FreeIPA wiki to fix the
configuration
section? If not, I can try
On 03/13/2013 09:55 AM, Petr Spacek wrote:
On 12.3.2013 14:41, Stijn De Weirdt wrote:
...
i guess the timestamps are somehwere in the ldap schema, i would like to know
where or how i can find them.
and if possible, how to do that using the ipalib python api.
btw, is it correct for me to
log gives this:
Fri Mar 08 11:52:48 2013] [error] ipa: ERROR: 500 Internal Server
Error: xmlserver.__call__: KRB5CCNAME not defined in HTTP request environment.
I have no idea what that means. Can you help?
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent
On 03/07/2013 10:26 AM, Dale Macartney wrote:
Hi all
I've been trying to document the domain trust process for the past two
days and I am seeing the same results no matter the configuration.
Basically I have nuked and rebuilt my environment several times and all
yields the same
On 03/05/2013 10:13 PM, Matthew Barr wrote:
On Mar 5, 2013, at 9:15 AM, Rob Crittenden rcrit...@redhat.com wrote:
Артур Файзуллин wrote:
What rule must be present for replica to work? :) (in order to remove
allow-all rule)
I mean may be there is somewhere a guide to write rules for strict
On 03/06/2013 11:08 PM, Kanwar Ranbir Sandhu wrote:
On Wed, 2013-03-06 at 16:50 -0500, Rob Crittenden wrote:
A re-install should not be necessary. Just be sure that forward and
reverse name resolution works after making the change (something we test
for during install).
Thanks. I'll give
On 03/05/2013 04:21 PM, David Fitzgerald wrote:
Hello everyone,
I have been running a freeIPA server on Scientific Linux 6.2 for about a
year.
Yesterday I started not being able to run any ipa- commands. Running kinit
admin gives me the proper tickets, but when I run any ipa-
On 02/28/2013 11:34 PM, KodaK wrote:
On Thu, Feb 28, 2013 at 3:27 PM, John Dennis jden...@redhat.com wrote:
On 02/28/2013 04:18 PM, KodaK wrote:
When performing an operation with the IPA tools, I get a message every
time similar to this:
ipa: INFO: Forwarding 'hbactest' to server
The main purpose of this isolation is that your production clients for example
do not autodiscover testing IPA instance via DNS SRV records and do not use it
instead of the production instance.
Martin
On 02/26/2013 09:43 PM, Guy Matz wrote:
Thanks! Is it a matter of isolating the networks? Or
On 02/25/2013 03:38 PM, Sigbjorn Lie wrote:
On Mon, February 25, 2013 12:59, Christian Horn wrote:
Hi,
On Mon, Feb 25, 2013 at 09:46:49AM +0100, Sigbjorn Lie wrote:
$ ipa dnszone-add example.com --name-server=ns01.example.com
--admin-email=hostmaster.example.com
ipa: ERROR: attribute
On 02/26/2013 09:01 AM, Umarzuki Mochlis wrote:
hi,
on tried to create a free-ipa replica on fedora 18 with
freeipa-server-3.1.2-1.fc18.x86_64
below is last few lines of /var/log/ipareplica-install.log
2013-02-25T16:16:33Z DEBUG retrieving schema for SchemaCache
On 02/25/2013 04:38 PM, Brian Smith wrote:
It seems that regardless of the global password expiry setting, that setting a
password via the methods
user-add
passwd
i will always have a password that expires in 90 days. I followed the
instructions here
on the current Fedora 18 389-ds-base version
(389-ds-base-0:1.3.0.2-1.fc18)
Thanks,
Martin
On 02/26/2013 09:36 AM, Umarzuki Mochlis wrote:
2013/2/26 Martin Kosek mko...@redhat.com:
Hi Martin,
I found below on errors file
[26/Feb/2013:00:16:14 +0800] - 389-Directory/1.3.0.3 B2013.045.10 starting up
On 02/26/2013 04:29 PM, Dmitri Pal wrote:
On 02/21/2013 12:31 PM, Dmitri Pal wrote:
On 02/21/2013 11:44 AM, Erinn Looney-Triggs wrote:
On 02/21/2013 09:40 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 02/21/2013 09:34 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On
On 02/26/2013 06:05 PM, Erinn Looney-Triggs wrote:
On 02/26/2013 10:29 AM, Dmitri Pal wrote:
On 02/21/2013 12:31 PM, Dmitri Pal wrote:
On 02/21/2013 11:44 AM, Erinn Looney-Triggs wrote:
On 02/21/2013 09:40 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 02/21/2013 09:34 AM, Rob
On 02/26/2013 06:10 PM, Erinn Looney-Triggs wrote:
On 02/26/2013 12:08 PM, Martin Kosek wrote:
On 02/26/2013 06:05 PM, Erinn Looney-Triggs wrote:
On 02/26/2013 10:29 AM, Dmitri Pal wrote:
On 02/21/2013 12:31 PM, Dmitri Pal wrote:
On 02/21/2013 11:44 AM, Erinn Looney-Triggs wrote:
On 02/21
On 02/15/2013 07:23 PM, Chuck Lever wrote:
...
(I also note that ipa-client-install does not disable chronyd, but I've
only tried the client install script on Fedora 16).
Hello Chuck,
I would just like to comment that we address chronyd/ntpd in FreeIPA in Fedora
18. We do check if chronyd
On 02/14/2013 08:20 AM, Rajnesh Kumar Siwal wrote:
IPA is going to be very critical Server for any environment.
Do we have proper logging of who as locked whom, Who has created a
sudo policy, who has allowed access to whom etc ?
Hello Rajnesh,
the audit component of IPA collecting and
certificate to LDAP
Jan Cholasta (1):
* Pylint cleanup
John Dennis (1):
* Use secure method to acquire IPA CA certificate
Martin Kosek (3):
* Run index task for new indexes
* Filter suffix in replication management tools
* Become IPA 2.2.2
Rob Crittenden (1):
* Do SSL CA verification and hostname
On 02/10/2013 08:15 AM, bin.e...@gmail.com wrote:
Here is what I did:
Install Fedora 17 XFCE spin.
yum upgrade
yum install freeipa-client
enroll machine (it enrolls just fine)
However, when I reboot the machine, I find the ipa.service isn't running. So I
manually try to start it:
On 02/08/2013 07:43 AM, Rajnesh Kumar Siwal wrote:
We migrated the users from openldap to IPA.
We are getting the following error after the User has been migrated
(after he changes the password through https://ipa1/ipa/migration/)
and he tries to change passwd :-
Account is not locked and
On 02/07/2013 08:46 PM, Steven Jones wrote:
Hi,
I have had little to do with permissions until now so bear with me if the Qs
are obviously stupid, probably not really IPA but a linux blind spot I
haveanyway,
So I have a service account with its group this runs a database.
So
On 02/07/2013 08:31 AM, James James wrote:
Thanks Rob. I have one more question. Is it possible to add a field in the ui,
and get the field's value in a custom add user hook script ?
James
I know that Petr Vobornik is already working in better extensibility of the UI,
but that would be
701 - 800 of 867 matches
Mail list logo