On 02/04/2013 11:31 AM, Jorick Astrego wrote:
Hi,
Running the installer of the latest stable on a fresh Fedora 18, I get the
following error during install:
[30/36]: Upload CA cert to the directory
ipa : CRITICAL Failed to load upload-cacert.ldif: Command
'/usr/bin/ldapmodify
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone), and after using the
`ipa-replica-install` script to configure the replica server, the
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29/2013 07:26 PM, free...@stormcloud9.net wrote:
Using ipa-server 2.2.0-17 on Amazon linux (RHEL6 clone
On 01/30/2013 03:22 PM, free...@stormcloud9.net wrote:
On 2013/30/01 09:19, Martin Kosek wrote:
On 01/30/2013 03:16 PM, Patrick Hemmer wrote:
On 2013/30/01 03:33, Martin Kosek wrote:
On 01/30/2013 02:05 AM, free...@stormcloud9.net wrote:
On 01/29/2013 07:49 PM, Dmitri Pal wrote:
On 01/29
On 01/28/2013 12:14 PM, James James wrote:
Hi, in 389-ds there is a nice plugin I love, it's account policy. You can set
account expiration date and the account will be inactive at this day.
http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
On 01/15/2013 05:29 AM, Tim Hildred wrote:
Should it take several hours for me to be able to ping a host at it's new IP
address when I update the DNS record in the WebUI?
I deleted the old records (A and PTR), and added new records for the same FQDN,
with a different IP address. But I can't
On 01/14/2013 09:09 AM, Petr Viktorin wrote:
On 01/11/2013 09:57 PM, John Dennis wrote:
On 01/11/2013 03:52 PM, Dmitri Pal wrote:
On 01/11/2013 03:27 PM, John Dennis wrote:
On 01/11/2013 03:10 PM, Dmitri Pal wrote:
On 01/10/2013 11:00 AM, John Dennis wrote:
On 01/10/2013 08:15 AM, Petr
On 01/08/2013 11:20 PM, Erinn Looney-Triggs wrote:
On 01/08/13 12:45, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 01/08/13 11:44, Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 2013-01-08 at 19:31 +, Steven Jones wrote:
HI,
I assume RHEL 6.4 is GA shortly just how straigh
On 01/09/2013 04:39 PM, Petr Vobornik wrote:
On 01/09/2013 03:27 PM, Umarzuki Mochlis wrote:
i'm interested on patch
https://fedorahosted.org/freeipa/changeset/1eab43d29244f6e0b8d6f3146317624715d84af7/
so i can have user to be able to reset own password
do i manually edit each listed files or
On 12/20/2012 04:43 PM, Han Boetes wrote:
Hi,
I discovered that using this recipe makes setting up sudo-ldap very simple.
Even when anonymous binds is disabled.
TLS_CACERT /etc/ipa/ca.crt
TLS_REQCERT demand
SASL_MECH GSSAPI
BASE dc=domain,dc=com
URI ldap://auth-ipa.domain.com
On 12/21/2012 01:07 PM, Артур Файзуллин wrote:
HI!
What about adding this functionality to IPA-server:
create backup
# ipa backup-create --create --output-file=pathtofile
restore from backup
# ipa-server-install --restore-from-backup=pathtofile
I think this feature will be very usefull :)
Hello David,
FreeIPA 3.1 requires several major dependencies that are not available in RHEL
6.x versions - the most notable ones are PKI-CA of version 10.0 and 389-ds-base
of version 1.3.0 which introduced transaction support.
I think the easiest way to get version 3.1 would be to wait for
On 12/20/2012 12:34 AM, David Copperfield wrote:
Hi Howdy,
Two questions on IPA usage are listed below. Please help.
1, How to reset a normal IPA user's password through web interface when the
password is expired?
when the normal user's password is close to expiration but still not
On 12/19/2012 11:24 PM, David Copperfield wrote:
Hi howdy,
This is trying to confirm whether we still need to perform the steps of
cleaning RUV records, when a freeIPA master, or a replica is removed. Months
back it was rumored that some work was being done on underlying 389 LDAP and
the RNV
On 12/11/2012 05:25 PM, Dmitri Pal wrote:
On 12/11/2012 10:53 AM, Bret Wortman wrote:
My replica install fails to create a DS instance:
:
[2/30]: creating directory server instance
ipa : CRITICAL failed to create ds instance Command
'/usr/sbin/setup-ds.pl http://setup-ds.pl --silent
On 11/16/2012 12:48 AM, Qing Chang wrote:
On 15/11/2012 6:10 PM, John Dennis wrote:
On 11/15/2012 04:21 PM, Qing Chang wrote:
Adding group produces error message Type or value exists and fails.
As shown below, I tried a few different group name to ensure that there
is no duplicates:
On 11/16/2012 04:11 PM, Bret Wortman wrote:
Using FreeIPA on a private network (where it's easier to just alias our own
servers to these names than to edit config file after config file). Any idea
what I'm doing wrong here?
# ipa dnszone-add 0.pool.ntp.org http://0.pool.ntp.org
On 11/13/2012 02:01 PM, Martin Kosek wrote:
On 11/12/2012 05:44 PM, Anthony Messina wrote:
On Monday, November 12, 2012 09:51:14 AM Anthony Messina wrote:
On Monday, November 12, 2012 09:17:17 AM Anthony Messina wrote:
I also find that when I do a manual ldapsearch for the
non-upgraded
On 11/12/2012 05:44 PM, Anthony Messina wrote:
On Monday, November 12, 2012 09:51:14 AM Anthony Messina wrote:
On Monday, November 12, 2012 09:17:17 AM Anthony Messina wrote:
I also find that when I do a manual ldapsearch for the
non-upgraded clients as
follows:
ldapsearch -x -D
On 11/06/2012 10:38 AM, Petr Spacek wrote:
Hello Mike,
are you talking about IPA WebUI or CLI or DNS dynamic update mechanism? On
which distribution and IPA version?
On 11/05/2012 10:35 PM, Michael Mercier wrote:
Hello,
A couple of questions regarding DNS / Allow PTR sync.
1. If you
On 10/22/2012 08:28 PM, Fred van Zwieten wrote:
Hello,
I have a problem. My setup:
- IPA server for domain example.com http://example.com on ipa.example.com
http://ipa.example.com
- DNS server sub.example.com http://sub.example.com on host.sub.example.com
http://host.sub.example.com
You
permission.
Jan Cholasta (1):
* SSH configuration fixes.
Martin Kosek (1):
* Become IPA 2.2.1
Petr Viktorin (2):
* replica-install: Don't copy Firefox config extension files if they're not in
the replica file
* Create Firefox extension on upgrade and replica-install
Petr Vobornik (8
Hello Bret,
This may be a long shot, but when I sometimes hit this kind of errors when CA
installation crashed and there is still some remaining CA configuration (in
/var/lib/pki-ca). I usually fix this with standard ipa-server-install
--uninstall -U and then running this command:
On 10/18/2012 01:23 PM, Bret Wortman wrote:
Tomcat is definitely not running and there's no log in /var/log/pki-ca.
SELinux
is disabled and not running. The same RPMs are installed on both my
functioning
and nonfunctioning system, at least as far as # rpm -qa | grep tomcat | sort
revealed.
On 10/12/2012 08:06 PM, Rob Crittenden wrote:
The FreeIPA team is proud to announce version FreeIPA v3.0.0.
It can be downloaded from http://www.freeipa.org/Downloads.
Correction:
FreeIPA 3.0.0 can be downloaded from http://www.freeipa.org/page/Downloads
Martin
From: Martin Kosek [mko...@redhat.com]
Sent: Tuesday, 9 October 2012 7:54 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] confusing users
On 10/09/2012 12:59 AM, Steven Jones wrote:
Hi,
When a user logs in for the first time nad they have to set a new
On 10/09/2012 12:59 AM, Steven Jones wrote:
Hi,
When a user logs in for the first time nad they have to set a new password, if
it doesnt meet the passowrd standard/policy it fails with a authentication
token manipulation error is it possible to get that changed so it says
password does not
On 09/22/2012 01:22 AM, Sigbjorn Lie wrote:
On 09/21/2012 10:45 AM, Petr Spacek wrote:
Hello users,
we have a question for client machine administrators:
On 09/21/2012 10:12 AM, Martin Kosek wrote:
snip
..., that it may be useful to implement a script
like ipa-client-update which would
Hello Nathan,
you can file the bug on Red Hat Bugzilla (bugzilla.redhat.com), you can use
this link:
https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%206
Thanks in advance!
Martin
On 09/21/2012 05:53 PM, Nathan Lager wrote:
Sure thing, can you point me to where
On 09/20/2012 10:35 PM, Sigbjorn Lie wrote:
Hi,
I see that I can add hosts with either an IPv4 or an IPv6 address when using
ipa host-add --ip-address=.
Is there a way to add a host specifying both an IPv4 and an IPv6 address at
the
same time?
Adding the --ip-address option twice
On 09/20/2012 02:55 PM, Rob Crittenden wrote:
Pieter Baele wrote:
Hi,
I have a known problem when using the migration tool.
Is there already a solution for this?
As in:
https://www.redhat.com/archives/freeipa-users/2012-January/msg00200.html
ipa migrate-ds ldap://x.x.x.x:389
On 08/30/2012 05:38 AM, george he wrote:
Hello all,
I have free-ipa set up on my lab machines all running Fedora 17.
Today the lab was moved to another building on campus and the IPs have to be
changed.
Now that the IPs are changed, I cannot even run kinit on the ipa-server.
The error
On 07/30/2012 05:00 PM, george he wrote:
Hello all,
I'm trying to change the krb ticket life time for myself, so I used
ipa krbtpolicy-mod MYUSERNAME --maxlife 36
but then after I do kinit, my new ticket is still going to expire after 24
hours, which is the default ticket life, even
On 07/27/2012 12:48 AM, Steven Jones wrote:
I have tried to reset my admin password (admjonesst1) using the admin account
toa temp password,
So I run a kinit admjonesst1 to reset it to a perm one and I get,
[jonesst1@8kxl72s ~]$ kinit admjonesst1
Password for
On 07/30/2012 02:57 PM, Simo Sorce wrote:
On Mon, 2012-07-30 at 12:11 +0200, Robert Bowell wrote:
Hi Simo,
Thanks for your reply.
Yes the IPA server has been updated from 2.1 to 2.2. Prior to the
update, DNS zones could be created without any issues.
I have also noticed that the command
On 07/30/2012 03:21 PM, John Blaut wrote:
Hi
I am following the same issue with Robert.
In /etc/dirsrv/slapd-DOMAIN/schema/99user.ldif we can see that these new
attributes have been added.
Hello John,
I assume that the new attributes were not added to the MAY list in idnsZone
On 07/11/2012 12:02 PM, James Hogarth wrote:
Hi all,
Having just spent an hour debugging this during my centos6.2 to
centos6.3 updates here's a heads up for others and a correction to the
documentation at docs.redhat.com
The update to sudo mentioned changed sudo to use
On Thu, 2012-06-28 at 16:42 -0700, Joe Linoff wrote:
Hi Petr:
I implemented what you suggested and everything worked pretty well but I
ran into three issues that you might be able to help me with.
ISSUE #1
The first issue (and the most important) is that the password is only
temporary. I
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Friday, June 29, 2012 12:31 AM
To: Martin Kosek
Cc: Joe Linoff; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] How can I change my password from a python
script?
On Fri, 29 Jun 2012, Martin Kosek wrote
On 06/28/2012 03:34 AM, Joe Linoff wrote:
Hi Everybody:
I need to add a lot of users to an LDAP system for testing and I would like to
do it in batch mode. For my small tests have been doing something like this:
#!/bin/bash
# Script to create a new user.
ipa user-add bigbob
On 06/27/2012 01:56 AM, Joe Linoff wrote:
Hi Everybody:
Here is a python approach that I am experimenting with based on reading the
source code. It seems to work but it is re-entrant? Does this make sense? Is
there a better way (like ldapmodify)?
#!/usr/bin/env python
#
#
On 06/25/2012 11:37 PM, Dan Scott wrote:
Hi,
I'm trying to install a new Fedora 17 replica of my existing Fedora 16
FreeIPA servers as part of my migration process.
I first attempted the installation using an old replica file, but ran
into some issues so I uninstalled and generated a new
On Sat, 2012-06-09 at 14:12 +0200, Sigbjorn Lie wrote:
Hi,
Is there a supported method for converting a posix user group to a
non-posix user group?
Regards,
Siggi
I am not aware of any supported method. This step is more tricky than
making a non-posix group a posix one, because you
On Mon, 2012-06-11 at 13:05 +0200, Sigbjorn Lie wrote:
On Mon, June 11, 2012 12:53, Sigbjorn Lie wrote:
On Mon, June 11, 2012 12:21, Martin Kosek wrote:
On Sat, 2012-06-09 at 14:12 +0200, Sigbjorn Lie wrote:
Hi,
Is there a supported method for converting a posix user group
On Sat, 2012-06-02 at 06:52 -0700, Joe Linoff wrote:
Hi:
I am a newbie that is trying out FreeIPA for the first time. So far I
am extremely impressed with this system but I ran into a problem that
I need some help with. I am trying to figure out how to HBAC to
restrict a set of users
On Mon, 2012-05-28 at 10:21 +0400, free...@noboost.org wrote:
Hi All,
This one has me stumped!
For some reason my Centos 5.8 x64 Linux server hangs during
ipa-client-install
Server:
* ipa-admintools-2.1.3-9.el6.x86_64
* ipa-client-2.1.3-9.el6.x86_64
*
On Wed, 2012-05-30 at 08:02 +0400, free...@noboost.org wrote:
On Tue, May 29, 2012 at 09:00:43AM +0200, Martin Kosek wrote:
On Mon, 2012-05-28 at 10:21 +0400, free...@noboost.org wrote:
Hi All,
This one has me stumped!
For some reason my Centos 5.8 x64 Linux server hangs during
Hi Steven,
thanks for reporting this, I created a Bugzilla for the doc:
https://bugzilla.redhat.com/show_bug.cgi?id=824768
Martin
On Thu, 2012-05-24 at 04:26 +, Steven Jones wrote:
Hi,
Page 381 section 18.7.2 says,
ipa replica-manage connect srv2.example.com srv4.example.com
when
On Thu, 2012-05-24 at 05:50 +, Steven Jones wrote:
Hi,
Just windering but I thought that whether I did change son the
original master, or on the replica that changes would flow to the
other both ways? or do changes only flow original master to replica?
Since we use multi-master
On Wed, 2012-05-23 at 19:27 -0400, Dmitri Pal wrote:
On 05/23/2012 05:40 PM, Jan-Frode Myklebust wrote:
We have quite strict firewalls, so I need to specify the IPA network
ports accurately. So, we have now opening for:
80/tcp, 88/tcp, 389/tcp, 443/tcp, 464/tcp, 636/tcp
88/udp,
On Tue, 2012-05-01 at 18:31 -0400, Dmitri Pal wrote:
On 05/01/2012 06:15 PM, Steven Jones wrote:
So this opens a chicken and egg?
ie when RHEL6.3 comes out and I upgrade the IPA server(s) to 6.3 all the
older 6.2 clients will break? but I cant upgrade the clients until after
the
On Tue, 2012-03-27 at 01:15 +, Steven Jones wrote:
Hi,
I just started adding hosts/clients but DNS isnt being updated for the
client(s).
Screenshot of error is attached
Hello Steven,
there is something wrong with your host keytab. As written in the
output, ipa-client-install
On Sun, 2012-03-25 at 15:55 +0200, Marco Pizzoli wrote:
Hi Martin,
On Thu, Mar 22, 2012 at 11:50 AM, Martin Kosek mko...@redhat.com
wrote:
Hello Marco,
judging from the output you sent, it looks like you had an
installed
replica on freeipa03
Hello Marco,
judging from the output you sent, it looks like you had an installed
replica on freeipa03, then stopped it with ipactl stop and after that
tried to run ipa-replica-install again - krb5.conf and /var/log/messages
you sent would support this theory.
IPA replica agreement should be
On Tue, 2012-03-20 at 12:44 +0100, Marco Pizzoli wrote:
Hi guys,
I don't know if you already know this, but in my logs I can find this:
Mar 20 12:14:47 freeipa01 setroubleshoot: SELinux is
preventing /usr/bin/memcached from create access on the sock_file
ipa_memcached. For complete
On Tue, 2012-03-20 at 13:14 +0100, Marco Pizzoli wrote:
Hi Martin,
On Tue, Mar 20, 2012 at 1:02 PM, Martin Kosek mko...@redhat.com
wrote:
On Tue, 2012-03-20 at 12:44 +0100, Marco Pizzoli wrote:
Hi guys,
I don't know if you already know this, but in my logs I can
On Thu, 2012-03-15 at 03:57 -0400, Tim Hildred wrote:
Hey all;
I preparing to use IPA as the Directory Server for my RHEV installation.
Formerly in RHEV, you could change users passwords using the RHEV User Portal
itself. With RHEV 3.0, this is no longer posssible. Instead, users need to be
, Mar 12, 2012 at 7:19 AM, Rich Megginsonrmegg...@redhat.com
wrote:
On 03/12/2012 01:34 AM, Martin Kosek wrote:
On Sun, 2012-03-11 at 17:55 -0400, Dmitri Pal wrote:
On 03/11/2012 04:22 PM, Stephen Ingram wrote:
Now I've made it to the WebUI. Login works great (also via the new
form auth
On Wed, 2012-02-22 at 22:07 +0100, Marco Pizzoli wrote:
Hi guys,
in a previous question about FreeIPA 2.1.90 I submitted to you, I
received from Martin the answer to use the command:
ipa dnszone-mod my_zone --dynamic-update=TRUE
other_parameters
I used it and I successfully achieved my
On Mon, 2012-02-20 at 17:08 +0100, Marco Pizzoli wrote:
On Mon, Feb 20, 2012 at 9:46 AM, Martin Kosek mko...@redhat.com
wrote:
On Sun, 2012-02-19 at 17:23 +0100, Marco Pizzoli wrote:
Hi,
During my setup today I'm always failing in enrolling
On Tue, 2011-10-11 at 22:10 +, Steven Jones wrote:
Hi,
Looks like the IPA server on RHEL6.2beta is setting user logins, I need this
to be a manually editable field so I can follow company policy
So at the moment adding steven jones works out as sjones when I need jonesst1
set by
On Fri, 2011-06-24 at 10:28 +0200, Pieter Baele wrote:
On Thu, Jun 23, 2011 at 19:59, Rob Crittenden rcrit...@redhat.com wrote:
Pieter Baele wrote:
My new freeipa installation is working (server + kinit on a host where
I configured krb5.conf manually)
but ipa-client-install gives the
On Wed, 2011-06-08 at 17:55 -0700, Stephen Ingram wrote:
I've disabled an account in FreeIPA using the UI and I don't see any
changes in the directory. Are there supposed to be changes there or is
this something that is accomplished in Kerberos? I was hoping to be
able to search the directory
On Mon, 2011-03-28 at 23:45 +, Steven Jones wrote:
Just tried to make a replica and the install failed with,
[4/11]: configuring certificate server instance
root: CRITICAL failed to configure ca instance Command '/usr/bin/perl
/usr/bin/pkisilent ConfigureCA -cs_hostname
On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:
Trying to set up a fed14 cleint and since DNS is on the AD server (dc0002)
there is no dns_discoveryso as per doc I ran the install and it should
ask me for the infobut it fails with,
Complete!
[root@fed14-64-cli01
On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote:
On 2011-03-29, at 10:20, Martin Kosek wrote:
On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:
What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record
On Fri, 2011-03-25 at 20:13 +0100, Sigbjorn Lie wrote:
Hi,
Using --gidnumber when adding a new user with ipa user-add does not
seem to have any effect. A gid number with the same value as what I
specify in with the --uid parameter is chosen.
I presume this is not the way user-add is
801 - 867 of 867 matches
Mail list logo