I have tested this but the hosts don't get an enrolled status. I have
tried _kerberos TXT "MYREAL.DOMAIN.TLD" and without the quotes. I
can't see any logging about it. Any idea ?
Thanks!
Matt
2017-04-04 20:50 GMT+02:00 Matt . <yamakasi@gmail.com>:
> Hi Alexander,
>
useraccess
on systems.
2017-04-07 23:24 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt . wrote:
>> Nope, I provision my servers and they are added to my FreeIPA
>> environment which auths my systeadmins. But on a server I provisioned
>> I need to install FreeIPA as
he network at all but I think it's nice when I don't have to
maintain my local users there to login to the box for maintenance so I
thought it would be nice when SSSD checked my default IPA-environment
server for that.
2017-04-07 23:24 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt
and the clientconfig for sssd is not there
anymore because of the 'ipa-client-install --uninstall'
2017-04-07 23:11 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt . wrote:
>> When I have a full ipa setup and I want to add a host to it that is
>> installed or needs t
faster the IPA LDAP only server is installed ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi Alexander,
Superb, thanks a lot for this quick fix!
Matt
2017-04-04 20:48 GMT+02:00 Alexander Bokovoy <aboko...@redhat.com>:
> On ti, 04 huhti 2017, Matt . wrote:
>>
>> Hi guys,
>>
>> Is it possible to create in a simple way the SRV domains for kerberos
>
Hi guys,
Is it possible to create in a simple way the SRV domains for kerberos
on subdomains ? it's a pain to add them all manually when you have a
lot of subdomains.
I hope someone has a solution.
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https
Hi Rob,
I have this solved, I think it was an issue in the foreman-proxy.
The reason why there are two users in the role was to test other
usernames, as you cannot use foreman-proxy for this for an example.
I need to update the Foreman ticket about it.
Thanks for helping out.
Cheers,
Matt
Hi Rob,
Thanks for the update, the same error happens when I add a new host,
so I'm lost, the same for the Foreman devs.
What can I check/test further ?
Thanks,
Matt
2017-03-10 21:20 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt . wrote:
>> Hi Rob,
>>
>> T
Hi Rob,
Thanks, but what do you mean here ? The Foreman has a script which
should be OK for it:
https://github.com/theforeman/smart-proxy/blob/develop/sbin/foreman-prepare-realm
Can you check this maybe ?
Thanks,
Matt
2017-03-10 17:21 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
ule type: permission
Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
Type: host
Permission flags: V2, MANAGED, SYSTEM
Number of entries returned 3
Can anyone help me out as I'm unsure where this goes wrong.
IPA CA renewal master: server1.lci.devdomain.com
On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <mba...@redhat.com> wrote:
>
>
> On 01.03.2017 22:00, Matt Wells wrote:
>
> I have two new IPA 4.4 servers on CentOS7 installed in a lab. I built the
> first, joined
I have two new IPA 4.4 servers on CentOS7 installed in a lab. I built the
first, joined the second and promoted it to be a master. Thus far all went
well.
I then ran the ipa-ca-install and when I log back in I see that it has
"domain,CA" attached to it. However when I hit the main IPA page it
Hi Flo,
Yes it does! Thanks for that. Is it not possible to remove a
certificate fully as it always syncs this way ? Or remove it from
/etc/httpd/alias, then from ldap and then sync again ?
Cheers,
Matt
2017-02-21 9:03 GMT+01:00 Florence Blanc-Renaud <f...@redhat.com>:
> On 02/20/2017
Oh sorry, I thought I did, must have been some conceptmail then :)
2017-02-20 21:21 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt . wrote:
>> Hi All,
>>
>> Yes as I stated I see software, multiple, having issues with usernames
>> larger then 28 chara
Hi All,
Yes as I stated I see software, multiple, having issues with usernames
larger then 28 characters.
Cheers,
Matt
2017-02-20 15:53 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> David Kupka wrote:
>> On Sat, Feb 18, 2017 at 03:06:21PM +0100, Matt . wrote:
>>&g
Hi Rob,
Yes it does, I understood that there was some reason the duplicate
might exist, but I wonder more why does the RootCA show up when I
removed it and comes back after adding the two intermediates ?
Thanks
Matt
2017-02-20 15:20 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
Hi,
The install seems to be OK this way, but I'm still confused about the
duplicated and the RootCA.
Cheers,
Matt
2017-02-18 14:47 GMT+01:00 Matt . <yamakasi@gmail.com>:
> Hi Florance,
>
>
> I'm actually stil investigating this as the following occurs.
>
> I have re
Hi Guys,
Does anyone know what the max length is for a sysaccount username is ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi Flo,
Sure I can, I will look through the steps closely tomorrow and will
create some lineup here.
Cheers,
Matt
2017-02-16 23:55 GMT+01:00 Florence Blanc-Renaud <f...@redhat.com>:
> On 02/16/2017 09:55 PM, Matt . wrote:
>>
>> Hi Flo! (if I may call you like that,
Hi Flo! (if I may call you like that, saves some characters in typing
but with this extra line it doesn't anymore :))
This works perfectly, thank you very much.
No questions further actually :)
Cheers,
Matt
2017-02-16 11:17 GMT+01:00 Florence Blanc-Renaud <f...@redhat.com>:
> On 02/1
Hi,
Is there any update on this ? I need to install 3 other instances but
I would like to know upfront if it might be a bug.
Thanks,
Matt
2017-02-14 17:59 GMT+01:00 Matt . <yamakasi@gmail.com>:
> Hi Florance,
>
> Sure I can, here you go:
>
> Fedora 24
> Freeipa VER
Certs are valid, I will check what you mentioned.
I'm also no fan of bundles, more the seperate files but this doesn't
seem to work always. At least for the CAroot a bundle was required.
Matt
2017-02-14 14:51 GMT+01:00 Sullivan, Daniel [CRI] <dsulliv...@bsd.uchicago.edu>:
> Have you
Hi Dan,
Ues i have tried that and I get the message that it misses the full
chain for the certificate.
My issue is more, why is the Server-Cert being removed on a certupdate ?
Cheers,
Matt
2017-02-14 2:18 GMT+01:00 Sullivan, Daniel [CRI] <dsulliv...@bsd.uchicago.edu>:
> Is
Directory Manager password:
Enter private key unlock password:
list index out of range
The ipa-server-certinstall command failed.
If I do a #ipa-certupdate the Server-Cert is removed from
/etc/httpd/alias and the install fails because of this.
What can I do to solve this ?
Thanks,
Matt
--
Manage
Hi,
Is it possible to create a user that can/is allowed (to) only add
hosts using the ipa-client-install ?
Would be nice to know.
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org
synced users
so they can login on both environments (servers).
Would there be some way to accomplish this ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Doesn't get the user a default mailaddress when you add him under the
REALM domain ?
2017-01-02 17:50 GMT+01:00 Petr Vobornik :
> On 01/02/2017 05:00 PM, nirajkumar.si...@accenture.com wrote:
>> Hi Team,
>>
>> Is there any way to make email as mandatory field before creating
and fine. I also had some weird
DNS error and bind didn't want to start anymore because of expecting a
; I thought this had something todo with a forwarder which wasn't.
For now I'm good, but do you want extra info ?
Thanks,
Matt
2016-10-18 7:49 GMT+02:00 Martin Babinsky <mbabi...@redhat.
Hi Guys,
I'm having a failure on my upgrade for 4.4.2-1 on Fedora 24
I already checked some info and:
ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX
Gives me TU instead of MII as expected.
Any suggestions further ?
Thanks,
Matt
2016-10-17T22:19:10Z DEBUG Starting external process
,u,u
auditSigningCert cert-pki-ca u,u,Pu
caSigningCert cert-pki-caCTu,Cu,Cu
COMODORSAAddTrustCA C,C,C
I hope this helps.
Cheers,
Matt
2016-10-01 17:04 GMT+02:00 Matt . <yamak
TED_ISSUER) Peer's certificate
issuer has been marked as not trusted by the user.)
What can cause this ?
I'm on FreeIPA, version: 4.4.1
I hope we can sort this out.
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeip
Hey all I hoped anyone may be able to assist. I had 2 dead replica's and
use the cleanallruv.pl as they refused to leave otherwise.
` /usr/sbin/cleanallruv.pl -v -D "cn=directory manager" -w - -b
'dc=mosaic451,dc=com' -r 17 `
17 being the bad guy. Well it ran `woohoo` but deleted all of my
and
that works, FreeIPA itself is now trusted. But how to do this for
other webservices no matter what software I use ?
I hope someone can give me direction here.
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go
Hi all!
I had a question about something that I'm sure has been covered. I promise
that I'm trying to find those articles but thus far I've found some pieces
but nothing 100%; however I'm still looking.
I have two networks
- ad.example.com ( active directory )
- linux.example.com ( IPA )
And then allow the ip of the ipa server for update or tranfser on the slave ?
Because I don't see anything coming in.
2016-08-23 12:47 GMT+02:00 Petr Spacek <pspa...@redhat.com>:
> On 23.8.2016 12:43, Matt . wrote:
>> OK, but what kind of records are you talking about then ?
&
OK, but what kind of records are you talking about then ?
2016-08-23 12:25 GMT+02:00 Petr Spacek <pspa...@redhat.com>:
> On 23.8.2016 09:07, Martin Basti wrote:
>>
>>
>> On 23.08.2016 02:08, Matt . wrote:
>>> Hi Guys,
>>>
>>> What is the wa
Hi Guys,
What is the way to notify or update a Bind slave which is not an IPA server ?
Do I need to manuallu add an also-notify to the /etc/bind.conf on the
IPA master or is there a different way how to accomplish this ?
I hope this is possible and anyone can explain me how.
Thanks!
Matt
through a Forest Trust.
FWIW, I'm using CentOS 7 with FreeIPA 4 (tried Ubuntu 16.04, but couldn't get
Trust established at all) and Server 2012 for AD.
I also can't see anyone else doing it this way round... is what I'm trying to
do impossible?
Thanks in advanced for any help
Thanks
Matt
--
Manage
Hi,
I have some issue with the ipa-server-upgrade command where PKI fails.
This seems to be a known issue but I'm unsure where to report it as
it's fixed in FC
https://bugzilla.redhat.com/show_bug.cgi?id=1328522
Does someone have a clue how to get around this ?
Thanks!
Matt
--
Manage your
, 2016 at 12:37 AM Petr Spacek <pspa...@redhat.com> wrote:
> On 8.3.2016 15:29, Matt Wells wrote:
> > For my use case it is. Essentially the system will be application auth
> for
> > separate groups that have no need to know of one another, almost a
> > multi-te
you can read /etc/passwd file
> which has info about all users on that box. This doesn't cause issues.
>
> On 8 March 2016 at 03:03, Matt Wells <matt.we...@mosaic451.com> wrote:
>
>> Hi all, I had a quick question. I swear I had this before but that could
>> be the
Hi all, I had a quick question. I swear I had this before but that could
be the voices telling me it's true
A normal user is logging into IPA (4.2.0) and filling in their phone number
and info no problem. However when that user clicks on accounts above they
are then able to peruse the entire
because
it just does it that way.
2016-02-18 16:08 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> David Kupka wrote:
>> On 17/02/16 10:47, Matt . wrote:
>>> Hi David,
>>>
>>> I have tested your way out and it seems to be OK.
>>>
>>&g
to check that out further.
An ipactl start is not needed it seems as the ipa-backup command seems
to start ipa at any time again.
Do you understand/agree here ?
2016-02-17 8:00 GMT+01:00 David Kupka <dku...@redhat.com>:
> On 16/02/16 20:26, Matt . wrote:
>>
>> Hi,
>>
Hi,
I'm fugiring out if it's possible to strip the ipa start and stop from
the backup method and actually do a fullbackup manually started.
Any idea ?
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http
way
by lots of logins or tries, etc and be able to test it functions
allright ?
Thanks.
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-01-14 16:58 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt . wrote:
>> OK, nice,but this user failed on kinit but is in the group where the
>> policy is set to 0.
>>
>> Can I check on the commandline if it applies to that setting by
>> querying ldap in
My fault from the maxfail, I was referencing some doc from
side_control and mixed it up.
For the sysaccount part sounds doable. I will report back for that!
thanks a lot!
2016-01-14 19:06 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt . wrote:
>> OK, this looks good, but
with too many
logins, and this concerns me as they are not POSIX.
2016-01-14 15:16 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt . wrote:
>> Hi Guys,
>>
>> I'm having an issue that a user which I use for the API is getting
>> locked out from time to time
in minutes :)
Thanks and have a great new year ! (With MIT!)
Matt
2015-12-30 16:38 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>:
> On Wed, 30 Dec 2015, Matt . wrote:
>>
>> Hi John,
>>
>> With which OS, package version and config ? On Ubuntu 15.10 I'm not
>
Hi John,
With which OS, package version and config ? On Ubuntu 15.10 I'm not
able it seems.
Thanks!
2015-12-30 9:43 GMT+01:00 John Obaterspok <john.obaters...@gmail.com>:
> Hi Matt,
>
> It already works fine to use kerberos ticket to access samba shares.
>
> -- john
>
&
Hi guys,
How is the progres on the Samba (Share) Authentication for FreeIpa ?
I hope we already have some work around to use the FreeIPA credentials
for authing network shares.
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo
Hi guys,
I'm testing out some installation and want to update my docs.
I'm using a self signed cert and need to talk to the json/api.
Which certs do I need to combine for my request, as I need an issuer too.
The /etc/ipa/ca.crt combined with an export of the webcert ?
Matt
--
Manage your
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting atop a Fedora 21 server. The initial plan
was to replicate users+passwords with Windows 2012R2 server but following
some of the information in the other posts and docs we've moved to a
trust. The trust
make this more clear as I think this is good
knowledge to have upfront anything and any case.
Thanks!
matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi Guys,
Please keep this topic updated as many people seem to have this question.
What's the status at your side ?
Cheers,
Matt
2015-09-04 15:27 GMT+02:00 Matt . <yamakasi@gmail.com>:
> Hi,
>
> Does everyone have this working or gived up on it ?
>
> Chers,
>
>
Is the fix in CentOS or RHEL yet?
On Fri, Sep 11, 2015 at 1:34 PM, Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On Fri, 11 Sep 2015, Matt Wells wrote:
>
>> I've been working on an AD trust with our freeipa servers but have run
>> into
>> some of the same issues
Hi,
Does everyone have this working or gived up on it ?
Chers,
Matt
2015-08-26 20:07 GMT+02:00 Matt . <yamakasi@gmail.com>:
> Chris,
>
> How far are you on this ? I'm stuck atm :(
>
> I hope you have some reference notes to follow and check out.
>
> Thanks!
&g
Chris,
How far are you on this ? I'm stuck atm :(
I hope you have some reference notes to follow and check out.
Thanks!
Matt
2015-08-20 22:15 GMT+02:00 Matt . yamakasi@gmail.com:
Hi Chris,
Would be great to see!
If I have it working and we have 2-3 testcases I think we can add
HI Guys,
Anyone still a working clue/test here ?
I didn't came further as it seems there need to be some domain join /
match following the freeipa devs.
Thanks!
Matt
2015-08-13 13:09 GMT+02:00 Matt . yamakasi@gmail.com:
Hi,
I might have found somthing which I already seen in the logs
Hi Chris,
Would be great to see!
If I have it working and we have 2-3 testcases I think we can add it
to the IPA docs!
Keep me updated!
Thanks
Matt
2015-08-20 8:49 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Matt
Once I got Samba and FreeIPA integrated (by the good old
discussion about what's best, What's best ?
The ksetup as known on the IPA pages doesn't let me login on Windows
10, so if people can share their working ways for the current version
with would be great!
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https
~]$ smbclient //smb-01.domain.local/shares
...
Checking NTLMSSP password for MSP\myusername failed: NT_STATUS_WRONG_PASSWORD
...
SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
Maybe I have an issue with encrypted passwords ?
When we have this all working, I think we have a howto :D
Thanks!
Matt
2015-08
,
Matt
2015-08-13 12:02 GMT+02:00 Matt . yamakasi@gmail.com:
Hi Youenn,
OK thanks! this takes me a little but futher now and I see some good
stuff in my logging.
I'm testing on a Windows 10 Machine which is not member of an AD or
so, so that might be my issue for now ?
When testing
DOMAIN\username
as username
So, the IPA way should work.
Any comments here ?
Cheers,
Matt
2015-08-12 19:00 GMT+02:00 Matt . yamakasi@gmail.com:
HI GUys,
I'm testing this out and I think I almost setup, this on a CentOS samba
server.
I'm using the ipa-adtrust way of Youeen but it seems we
Hi,
Yes that is known for SSSD, but there must be another way maybe ?
I wonder what the future is there, as it seems there is non when this
is not changed I guess.
2015-08-09 9:11 GMT+02:00 Jakub Hrozek jhro...@redhat.com:
On Fri, Aug 07, 2015 at 11:49:24PM +0200, Matt . wrote:
Hi Alexander
Hi Chris,
This sounds great!
What are you using now, both CentOS ? So Samba and FreeIPA ?
Maybe it's good to explain which way you used now in steps too, so we
can combine or create multiple howto's ?
At least we are going somewhere!
Thanks,
Matt
2015-08-09 14:54 GMT+02:00 Christopher Lamb
Hi,
Yes I know about anything but which way did you use now ?
2015-08-09 20:56 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Hi Matt
I am on OEL 7.1. - so anything that works on that should be good for RHEL
and Centos 7.x
I intend to add a how-to to the FreeIPA Wiki over
Hi Alexander,
Yes this is know, but it's not usable yet, at least not on an Ubuntu
Samba server as far as I know ?
If so, maybe you can help us out here to clear this up how to do it.
Thanks!
Matt
2015-08-07 23:09 GMT+02:00 Alexander Bokovoy aboko...@redhat.com:
On Thu, 06 Aug 2015
Hi Alexander,
Yes I'm on the same path, but for now I would like to get it working
on Ubuntu for the time being.
Are you sure Ubuntu is no MIT ? We have discusses that some time ago
on IRC and it seemed to be that Ubuntu was build against MIT.
Cheers,
Matt
2015-08-07 23:37 GMT+02:00 Alexander
Hi Chris,
OK, than we might create two different versions of the wiki, I think
this is nice.
I'm still figuring out why I get that:
IPA Error 4205: ObjectclassViolation
missing attribute sambaGroupType required by object class sambaGroupMapping
Matt
2015-08-06 16:09 GMT+02:00 Christopher
Hi,
OK, this sounds already quite logical, but I'm still refering to the
old howto we found earlier, does that one still apply somewhere or not
at all ?
Thanks,
Matt
2015-08-06 12:23 GMT+02:00 Youenn PIOLET piole...@gmail.com:
Hey guys,
I'll try to make a tutorial soon, sorry I'm quite
name, this is not OK also.
We sure need to make some howto, I think we can nail this down :)
Thanks for the heads up!
Matthijs
2015-08-05 7:51 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Hi Matt
If I use Apache Directory Studio to add an attribute ipaCustomFields to
cn
Hi,
This sounds great to me too, but a howto would help to make it more
clear about what you have done here. The thread confuses me a little
bit.
Can you paste your commands so we can test out too and report back ?
Thanks!
Matt
2015-08-05 15:18 GMT+02:00 Christopher Lamb christopher.l
]
../source3/auth/auth.c:288(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [username] -
[username] FAILED with error NT_STATUS_NO_SUCH_USER
I also wonder if I shall still sync the users local, or is it needed ?
Thanks again,
Matt
2015-08-04 14:16 GMT+02:00 Christopher
it manually as an attribute it still fails when I add a user on this
sambagrouptype as it's needed by the other attributes
So that is my issue I think so far.
Any clue about that ?
No problem you don't know something or are no guru we are all learning! :)
Cheers,
Matt
2015-08-04 21:22 GMT+02:00
Hi,
Yes, log is anonymised.
It's strange, my user doesn't have a SambaPwdLastSet, also when I
change it's password it doesn't get it in ldap.
There must be something going wrong I guess.
Matt
2015-08-04 17:45 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Hi Matt
I assume
In my previous reply, I ment no group.js at all .
2015-08-03 12:17 GMT+02:00 Matt . yamakasi@gmail.com:
Hi Chris,
Thanks for that verification!
It seems that:
/usr/share/ipa/ui/group.js
Is not there on IPA.4.1, also there is no .js at all on the whole system.
Any idea
Hi Chris,
Thanks for that verification!
It seems that:
/usr/share/ipa/ui/group.js
Is not there on IPA.4.1, also there is no .js at all on the whole system.
Any idea there ?
Thanks again!
Matt
2015-08-03 9:53 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Hi Matt
Thankfully I
) ?
Thanks again!
Matt
2015-08-03 13:20 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
HI Matt
It looks like I skipped that step ... (And as we already had samba groups
in place, did not need to make new ones via the WebUI).
However a quick google trawled up this old thread that has
are they are sligtly different on 4.1
Thanks!
2015-08-01 19:51 GMT+02:00 Matt . yamakasi@gmail.com:
Hi,
Yes I found that earlier, that looks good and even better when you
confirm this as really usable.
For Samba 4 the IPA devs are very busy but I wonder indeed what
happends when we need to move
way to go for now, even when this thread is such old ?
Thanks!
Matt
2015-08-01 9:48 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Hi Matt
For a how to of Samba FreeIPA integration using schema extensions, see
this previous thread
https://www.redhat.com/archives/freeipa-users/2015
Hi Guys,
I'm doing a replica install there my admin password for the SSH check
to the master is not accepted.
The password is not expired, I can use it on the GUI and even changing
it in the GUI doesn't fix this.
What can I check ?
Cheers,
Matt
--
Manage your subscription for the Freeipa
Hi,
This didn't fix it yet.
I wonder if there are any checks I can do as in the very past I was
able to do a simple replica without any issues.
Matt
2015-08-01 21:34 GMT+02:00 Janelle janellenicol...@gmail.com:
Double check you do not have AllowGroups set in your /etc/ssh/sshd_config
file
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle janellenicol...@gmail.com:
lastly -- on the master - do you get the same error if you kinit admin?
~J
On 8/1/15 1:05 PM, Matt . wrote:
This actually the most important part, and the GSS Failure concerns
there are no AllowGroups in sshd, it has to be in
one of those 2 places.
~J
On 8/1/15 1:26 PM, Matt . wrote:
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle janellenicol...@gmail.com:
lastly -- on the master - do you get the same error if you kinit admin?
~J
On 8/1/15
NTLMSSP authentication.
It might not be that easy to have a Samba Shares only server.
Any idea here how to accomplish ?
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info
Hi,
This is nice to have confirmed.
Is it possible for you to descrive what you do ? It might be handy to
add this to the IPA documentation also with some explanation why...
Cheers,
Matt
2015-07-31 16:55 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Hi
We use the Samba extensions
Hi Lucas,
Thank you for this reply.
In this case it simply should work as it shoul by creating the
symlinks, Or are there other issues we might get ?
Thanks,
Matt
2015-07-31 17:21 GMT+02:00 Lukas Slebodnik lsleb...@redhat.com:
On (31/07/15 16:03), Matt . wrote:
Hi Guys,
I'm really
is valid
4) Initiate a kerberos password-change to set the kerberos password equal to
the LDAP password.
Thanks for your help!
-Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info
is incorrect.
[Wed Jul 08 22:55:11.742301 2015] [:error] [pid 9243] NSS
initialization failed. Certificate database: /etc/httpd/alias.
[Wed Jul 08 22:55:11.742350 2015] [:error] [pid 9243] SSL Library
Error: -8177 The security password entered is incorrect
Cheers,
Matt
--
Manage your subscription
Hi,
No I'm testing some recovering strategies for the docs, so I need to
have that checked.
I have emailed Martin Kosek if he can enable the olders repo's again,
would be great!
Thanks,
Matt
2015-07-09 3:23 GMT+02:00 Nigel Sollars nsoll...@gmail.com:
Would it not be wise to keep with current
I now get: [Thu Jul 09 02:50:18.815219 2015] [:error] [pid 16615]
Certificate not found: 'Server-Cert'
So, it's no good at all :)
2015-07-09 3:27 GMT+02:00 Nigel Sollars nsoll...@gmail.com:
Fair enough :)
On Wed, Jul 8, 2015 at 9:25 PM, Matt . yamakasi@gmail.com wrote:
Hi,
No I'm
to a TLS/SSL issue in this thread,
http://www.linuxquestions.org/questions/linux-server-73/centos-5-5-5-6-ssl-problem-874090/
Hope this helps,
Regards
On Wed, Jul 8, 2015 at 5:04 PM, Matt . yamakasi@gmail.com wrote:
I'm facing a httpd server which won't start with ipa, so IPA fails
Hi Martin,
No problem I thought you guys needed a vacation but you are working on
4.2, wow sounds great!
I can provide that but it will take some time as I cannot see when it
happens so need to check.
I might can post it tomorrow!
Good luck there with the release!
Cheers,
Matt
2015-07-07 13
to check but I thought I did what you said which didn't work...
I need to debug it an report you this evening.
Thanks,
Matt
2015-07-06 17:54 GMT+02:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
Hi All,
I'm cleaning up and playing around with some old dev setups and
reviewing
Rob,
Isn't it impossible to install a CA on a replica when it's master died ?
I know there is normally one CA, but this is kinda confusing me so I'm
testing out scenarios.
Thanks,
Matt
2015-07-06 18:10 GMT+02:00 Matt . yamakasi@gmail.com:
Hi Rob,
OK, I had difficulties
installation between 2
servers which only has one CA.
Discussing this with Simo on IRC it seems to be some nice writing to
have in the docs and now I found out... I'm trying to create this
using my tests.
But some unclear things have to be made clear first.
Cheers,
Matt
2015-07-06 19:01 GMT+02
of that I can setup a replica again.
What is my best approach to test this ?
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
1 - 100 of 211 matches
Mail list logo