On Thu, Mar 12, 2015 at 4:00 PM, Sigbjorn Lie sigbj...@nixtra.com
mailto:sigbj...@nixtra.com wrote:
Hi,
Yes the DUA profile needs manually editing and updating as IPA servers are
added or removed. Ideally this would be managed by ipa-replica-manage,
however as I was advised in the BZ
On 12/03/14 22:52, Rob wrote:
Hi,
I have configured an AIX 6.1 server to connect to a RHEL 6.5 IPA server. The
AIX server is configured to use netgroups and all that works for existing the
users.
The problem is when a users password expires or when a new user is created.
They cannot change
On Wed, February 19, 2014 13:45, Sigbjorn Lie wrote:
On Tue, February 18, 2014 20:45, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On what machine are you trying to use the ipa tool? Is it one of the
masters, all of them, enrolled clients?
It's the same error message when the ipa
On 20/02/14 21:19, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Wed, February 19, 2014 13:45, Sigbjorn Lie wrote:
On Tue, February 18, 2014 20:45, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On what machine are you trying to use the ipa tool? Is it one of the
masters, all of them
On 20/02/14 21:38, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 20/02/14 21:19, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Wed, February 19, 2014 13:45, Sigbjorn Lie wrote:
On Tue, February 18, 2014 20:45, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On what machine are you trying
On 20/02/14 23:08, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 20/02/14 21:38, Rob Crittenden wrote:
I am surprised too. I dumped the PKI CA certificate from
/etc/pki/nssdb
before and after I updated it into text files, and diff'ed them. No
differences was reported.
I can't think
On Mon, February 17, 2014 17:59, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Mon, February 17, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering some issues. The date has now
passed for when
the old certificate expired
On Mon, February 17, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering
On Mon, February 17, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering
On Mon, February 17, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering
On Fri, January 31, 2014 20:32, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, January 17, 2014 16:37, Rob Crittenden wrote:
Sigbjorn Lie wrote:
This worked better than expected. Thank you! :)
ipa01 and ipa02 seem to be happy again, getcert list no longer displays
any
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering some issues. The date has now
passed for when the
old certificate expired, and the ipa cli command no longer works. The
webui is still working
just fine
On Fri, January 17, 2014 16:37, Rob Crittenden wrote:
Sigbjorn Lie wrote:
This worked better than expected. Thank you! :)
ipa01 and ipa02 seem to be happy again, getcert list no longer displays
any certificates out
of date, and all certificates in need of renewal within 28 days has
Sure thing! I'll send them to you in private.
Regards
Siggi
Dmitri Pal d...@redhat.com wrote:
On 01/31/2014 10:00 AM, Sigbjorn Lie wrote:
On Fri, January 17, 2014 16:37, Rob Crittenden wrote:
Sigbjorn Lie wrote:
This worked better than expected. Thank you! :)
ipa01 and ipa02 seem
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts in the
IPA WEBUI on any of the IPA servers says Certificate format error: [Errno
-8015] error (-8015)
unknown.
I also notice that hosts says the certificate system is unavailable.
certmonger:
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts in
the IPA WEBUI on any of the IPA servers says Certificate format error:
[Errno -8015] error
(-8015)
unknown
On Mon, January 13, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts
in the IPA WEBUI on any of the IPA
Hi,
Thank you for your prompt reply Rob.
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts in
the IPA WEBUI on any of the IPA servers says Certificate format error
On Mon, January 13, 2014 16:17, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
Thank you for your prompt reply Rob.
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking
On 13/01/14 19:13, Nalin Dahyabhai wrote:
On Mon, Jan 13, 2014 at 04:07:16PM +0100, Sigbjorn Lie wrote:
After I restarted dirsrv, pki-cad and then the httpd on ipa01 the status of the
request is now:
Request ID '20120119194518':
status: CA_UNREACHABLE
ca-error: Server failed
On 13/01/14 19:37, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Mon, January 13, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA
On 06/01/14 21:53, Alexandre Ellert wrote:
Do you see any messages complaining about broken connection or
something like that? Did the server worked fine before the reload?
The server worked fine before reload (caused by logrotate).
I've searched in log file /var/log/dirsrv/*,
Hi.
I've done the kerberos part with several Apache Web servers with success. I've
not done the fallback to ldap basic auth.
Set KrbServiceName to Any in httpd.conf and put a HTTP service kerberos keytab
from AD and one from IPA in the same keytab file. Reference this keytab file in
Hi,
A while back I got some help writing a python script who extends the user
classes in ipalib to run
a custom command when a user is added/modified/deleted. This has been working
perfectly in our
production environment for a few years now, until I upgraded to IPA 3.0 last
week. The custom
On Thu, May 23, 2013 17:23, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I opened a RFE request almost 2 years ago for automount cross-location
support, and recently I
discovered how it can be integrated.
https://fedorahosted.org/freeipa/ticket/1699
It is possible to reference
Me too. +1 for ipa to ipa migration.
Martin Kosek mko...@redhat.com wrote:
On 05/24/2013 03:34 PM, Simo Sorce wrote:
On Fri, 2013-05-24 at 07:44 -0400, Ainsworth, Thomas wrote:
Greetings,
I was told to bring my issue to this distribution.
Six months or so ago I was tasked with setting up
On 04/15/2013 05:45 PM, Adam Bishop wrote:
Hi,
I've just had a go at deploying FreeIPA v3.1.3 and have hit a minor road bump.
The server hostname resolves to more than one address:
:::::4
xxx.xxx.xxx.180
Please provide the IP address to be used for this host
Your syntax seem correct but you need to quote the value.
Natxo Asenjo natxo.ase...@gmail.com wrote:
hi,
apparently what I am trying to do is not very usual because I do not
get
any answer on the omnios (opensolaris derivative) mailing list.
I have successfully joined a host to the ipa domain,
to
invalid options
--
Groeten,
natxo
On Fri, Apr 12, 2013 at 11:30 PM, Sigbjorn Lie sigbj...@nixtra.com
wrote:
Your syntax seem correct but you need to quote the value.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.___
Freeipa
On 04/06/2013 08:49 PM, Dmitri Pal wrote:
On 04/06/2013 01:45 PM, Sigbjorn Lie wrote:
Hi,
I am having some issues with the new ipa-client-automount utility. It
complains that my nsswitch.conf is in an unknown format. Not sure what
format that is?
ipa-client-automount --location=svg1 -U
Hi,
I am trying to install the IPA client on a CentOS 6.4 host, however the
auto discovery of the IPA server is failing, from what seem to be caused
by my IPA servers having anonymous binds switched off.
Is this expected behaviour?
# rpm -qa|grep ^ipa|sort
Hi,
I am having some issues with the new ipa-client-automount utility. It
complains that my nsswitch.conf is in an unknown format. Not sure what
format that is?
ipa-client-automount --location=svg1 -U
Searching for IPA server...
IPA server: DNS discovery
Location: svg1
Installation failed.
On Fri, March 29, 2013 22:25, Dmitri Pal wrote:
On 03/29/2013 02:59 PM, Sigbjorn Lie wrote:
On Fri, March 29, 2013 19:10, Dmitri Pal wrote:
On 03/28/2013 05:11 AM, Petr Spacek wrote:
On 28.3.2013 09:38, Philipp Richter wrote:
Am 26.03.2013 um 16:55 schrieb Rob Crittenden rcrit
On Fri, March 29, 2013 19:10, Dmitri Pal wrote:
On 03/28/2013 05:11 AM, Petr Spacek wrote:
On 28.3.2013 09:38, Philipp Richter wrote:
Am 26.03.2013 um 16:55 schrieb Rob Crittenden rcrit...@redhat.com:
Petr Spacek wrote:
On 26.3.2013 15:10, Rob Crittenden wrote:
Philipp Richter
Hi,
Do you have the Solaris Encryption Kit installed? I believe you need this to
gain any more
encryption than DES on pre-Solaris 10. Even the early Solaris 10 releases were
delivered without
proper crypto by default.
We have a few Solaris 8 hosts where I had to limit the number of enctypes in
is changing when I add
the passwd_compat to nsswitch. Why would it suddenly stop
authenticating? It still sees the ldap users.
-E
On Fri, Mar 1, 2013 at 4:48 PM, Sigbjorn Lie sigbj...@nixtra.com
mailto:sigbj...@nixtra.com wrote:
Have you considered using allowgroups in sshd_config for restricting
Have you considered using allowgroups in sshd_config for restricting ssh logins
instead?
By using allowgroups you could use the same user group for ssh access to
Solaris and for Linux hosts using sssd and hbac.
Regards
Siggi
Eli J. Elliott eli.elli...@moser-inc.com wrote:
I have a problem
Hi,
I am trying to add a new DNS zone to our IPA server, but I receive the
following error:
$ ipa dnszone-add example.com --name-server=ns01.example.com
--admin-email=hostmaster.example.com
ipa: ERROR: attribute idnsAllowTransfer not allowed
I get the same error no matter if I attempt to add
On Mon, February 25, 2013 12:59, Christian Horn wrote:
Hi,
On Mon, Feb 25, 2013 at 09:46:49AM +0100, Sigbjorn Lie wrote:
$ ipa dnszone-add example.com --name-server=ns01.example.com
--admin-email=hostmaster.example.com
ipa: ERROR: attribute idnsAllowTransfer not allowed
On 02/15/2013 03:17 PM, Rodney L. Mercer wrote:
On Thu, 2013-02-14 at 21:44 +0100, Sigbjorn Lie wrote:
I agree with schema support being enough for now. I do not expect the
ipa mgmt tools to support Solaris rbac mgmt.
The ipa mgmt tools are great, but I already have other data in the ipa
On 02/15/2013 10:31 PM, Dmitri Pal wrote:
On 02/15/2013 09:17 AM, Rodney L. Mercer wrote:
On Thu, 2013-02-14 at 21:44 +0100, Sigbjorn Lie wrote:
I agree with schema support being enough for now. I do not expect the
ipa mgmt tools to support Solaris rbac mgmt.
The ipa mgmt tools are great
On 02/13/2013 04:10 PM, Rob Crittenden wrote:
Also since we also require compatibility with Solaris, and roles (RBAC)
is currently used on Solaris, does IPA support RBAC on Solaris ? (We
noticed that RBAC mentioned in the IPA web interface only relates to IPA
management).
No, IPA doesn't
On 02/06/2013 09:47 PM, KodaK wrote:
On Wed, Feb 6, 2013 at 2:13 PM, Shawn taaj.sh...@gmail.com wrote:
Is their any centos5/centos6 packages available?
Yup. yum search ipa should show you them. I don't run Centos here,
so I don't know if the packages are called ipa or freeipa.
They are
On 01/24/2013 11:17 PM, KodaK wrote:
On Thu, Jan 24, 2013 at 4:03 PM, Rob Crittenden rcrit...@redhat.com wrote:
It is a 32-bit time problem.
I'd set the maxlife no higher than 5000 for now.
Thanks. Is there a way to apply this policy retroactively without
requiring my users to reset
Try to browse the user again after you've authenticated using the directory
manager account.
Rgds
Siggi
Jan-Frode Myklebust janfr...@tanso.net wrote:
On Wed, Jan 2, 2013 at 4:11 PM, Dmitri Pal d...@redhat.com wrote:
Would it be simpler and cleaner to start with a fresh install?
From: freeipa-users-boun...@redhat.com
[freeipa-users-boun...@redhat.com] on behalf of Johan Petersson
[johan.peters...@sscspace.com]
Sent: Friday, December 28, 2012 13:40
To: Sigbjorn Lie
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Does Solaris 11 work as client
The automount map is called auto.nethome
key is: * -rw,soft server.example.org:/nethome/
Is it that Solaris automount dont like asterisk(*) in a automount key?
Regards,
Johan.
From: Sigbjorn Lie [sigbj...@nixtra.com]
Sent: Thursday, December 20, 2012 15:20
quickly but then it waits for about 20 seconds until i get a
prompt.
Regards,
Johan.
From: Sigbjorn Lie [sigbj...@nixtra.com]
Sent: Wednesday, December 26, 2012 17:10
To: Johan Petersson
Cc: freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Does Solaris 11 work
On 12/22/2012 10:24 AM, Johan Petersson wrote:
I can't get automount to work for some reason on a CentOS 6.3
testserver with the NFS and IPA server on the same server.
Was going to set this up for some other configuration testing but are
stuck on this instead. :)
Feels like i am missing
[d...@redhat.com]
Sent: Tuesday, December 18, 2012 17:50
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
On 12/18/2012 04:06 AM, Sigbjorn Lie wrote:
On Tue, December 18, 2012 08:28, Johan Petersson wrote:
Hi,
We are implementing
:)
From: Sigbjorn Lie [sigbj...@nixtra.com]
Sent: Thursday, December 20, 2012 10:13
To: Johan Petersson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
Hi,
This is interesting. When I tested
On Tue, December 18, 2012 08:28, Johan Petersson wrote:
Hi,
We are implementing IPA Server and are gong to need to be able to
authenticate properly with a
number of Solaris 11 servers. I have browsed the archives and found a few
threads mentioning some
problems with Solaris 11 and IPA
On 12/18/2012 06:24 AM, Johan Petersson wrote:
Hi,
Unfortunately i still get the same error from the Appliance even after having
added both host and nfs principals in the IPA web interface.
failed to create principal 'host/zfs1.home@HOME': libkadm5clnt error:
43787522 (Operation requires
Hi,
Is it possible to lock out an user account on a set date?
Regards,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On Mon, December 17, 2012 18:40, Simo Sorce wrote:
On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
Hi,
Is it possible to lock out an user account on a set date?
You should be able to set the krbPrincipalExpiration attribute to expire
an account on a set date.
However note
On Mon, December 17, 2012 19:32, Simo Sorce wrote:
On Mon, 2012-12-17 at 19:08 +0100, Sigbjorn Lie wrote:
On Mon, December 17, 2012 18:40, Simo Sorce wrote:
On Mon, 2012-12-17 at 16:04 +0100, Sigbjorn Lie wrote:
Hi,
Is it possible to lock out an user account on a set date?
You
for NetApp support, too so if anyone is going to bug NetApp about
this, I am happy to
join you.
Ondrej
On 09/07/2012 10:07 AM, Sigbjorn Lie wrote:
Yes it would be great if NetApp would do that. The ldap.ADdomain option is
used to configure
the NetApp LDAP client from AD SRV DNS records
Hi,
There was an issue with Solaris 11. I can't remember of the top of my head, I
believe it had to do
with logins. So ldapclient would run successfully, and kerberos would set up
successfully as well,
however there we're some issue when logging in.
I suppose it's time to have a closer look at
On 09/27/2012 03:58 PM, Dmitri Pal wrote:
On 09/25/2012 04:18 PM, Sigbjorn Lie wrote:
On 09/25/2012 12:17 AM, James James wrote:
Hi guys,
we are planning to install 150 freeipa clients and I was wondering
if there is a way to easily install (from kickstart) nfsv4 client.
I can add host
On Tue, October 9, 2012 01:13, Dmitri Pal wrote:
On 10/08/2012 06:04 PM, Sigbjorn Lie wrote:
Hi,
Thank you for the report!
I've been testing the sudo integration with IPA and I came across some
questions:
1. When I disable or delete a sudo rule, it's not removed from the
ou
On 10/09/2012 04:08 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Tue, October 9, 2012 01:13, Dmitri Pal wrote:
On 10/08/2012 06:04 PM, Sigbjorn Lie wrote:
Hi,
Thank you for the report!
I've been testing the sudo integration with IPA and I came across some
questions:
1. When
Hi,
I've been testing the sudo integration with IPA and I came across some
questions:
1. When I disable or delete a sudo rule, it's not removed from the
ou=sudoers until I restart the directory server. Am I doing something
wrong? (389-ds-base-1.2.10.2-20.el6_3.x86_64,
On 09/25/2012 12:17 AM, James James wrote:
Hi guys,
we are planning to install 150 freeipa clients and I was wondering if
there is a way to easily install (from kickstart) nfsv4 client.
I can add host with
# ipa host-add --password=secret
But to get the keytab (host and service), I have to
On 09/26/2012 12:21 AM, James James wrote:
Hi, I don't know if this is the right place to ask this question but I
will try.
I have :
- a freeipa server + autofs maps
- a nfsv4 server
- a web server
from the webserver I can mount my nfs4 exported home dir. Everything
works well.
I want to
On 09/21/2012 02:47 PM, Rob Crittenden wrote:
Simo Sorce wrote:
- Original Message -
Sigbjorn Lie wrote:
On 09/20/2012 10:17 PM, Rob Crittenden wrote:
bind isn't my strongest suite.
My guess is that this file is the ccache for bind. I'm guessing
that
25 is the UID of the named user
On 09/21/2012 10:29 AM, Martin Kosek wrote:
On 09/20/2012 10:35 PM, Sigbjorn Lie wrote:
Hi,
I see that I can add hosts with either an IPv4 or an IPv6 address when using
ipa host-add --ip-address=.
Is there a way to add a host specifying both an IPv4 and an IPv6 address at the
same time
On 09/21/2012 10:45 AM, Petr Spacek wrote:
Hello users,
we have a question for client machine administrators:
On 09/21/2012 10:12 AM, Martin Kosek wrote:
snip
..., that it may be useful to implement a script
like ipa-client-update which would be capable of updating client
information
(and
On 09/20/2012 12:08 AM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/19/2012 11:05 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/19/2012 10:48 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I noticed an updated krb5-server package today advertising that it's
fixing the issue
Hi,
I see that I can add hosts with either an IPv4 or an IPv6 address when
using ipa host-add --ip-address=.
Is there a way to add a host specifying both an IPv4 and an IPv6 address
at the same time?
Adding the --ip-address option twice yells this error:
ipa: ERROR: invalid 'ip_address':
On 09/20/2012 10:34 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/20/2012 10:17 PM, Rob Crittenden wrote:
bind isn't my strongest suite.
My guess is that this file is the ccache for bind. I'm guessing that
25 is the UID of the named user. If this is the case, then it should
be safe
Hi,
I noticed an updated krb5-server package today advertising that it's
fixing the issue with slow GSSAPI binds discussed earlier, so I
installed it in my test environment, set SElinux back to enforcing in
/etc/sysconfig/selinux and rebooted.
The named daemon does not start now. The error
Ok. I'm fairly new to selinux but I will give it a go tomorrow.
Thanks.
Rgds
S.
Rob Crittenden rcrit...@redhat.com wrote:
Sigbjorn Lie wrote:
On 09/19/2012 10:48 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I noticed an updated krb5-server package today advertising that
it's
fixing
On 09/19/2012 11:05 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/19/2012 10:48 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I noticed an updated krb5-server package today advertising that it's
fixing the issue with slow GSSAPI binds discussed earlier, so I
installed it in my test
Hi,
I opened a request a while ago for Automount cross-location support.
https://bugzilla.redhat.com/show_bug.cgi?id=768177
https://fedorahosted.org/freeipa/ticket/1699#
I see from the comments that it's uncertain how this can be implemented.
Could the Virtual Views in 389-ds be used to
On 09/13/2012 03:55 PM, Sigbjorn Lie wrote:
Hi,
I opened a request a while ago for Automount cross-location support.
https://bugzilla.redhat.com/show_bug.cgi?id=768177
https://fedorahosted.org/freeipa/ticket/1699#
I see from the comments that it's uncertain how this can be implemented
On Tue, September 11, 2012 01:16, Nalin Dahyabhai wrote:
On Mon, Sep 10, 2012 at 10:06:38PM +0200, Sigbjorn Lie wrote:
Hi,
We are using pam_ldap + pam_krb5 on our RHEL 5 workstations.
Sometimes when the user logs in, or unlocks his workstation the
users kerberos keytab is not created
Hi,
I added indexes for automountKey, and automountmapname yesterday in my
test environment to see if that would speed the automounters up a bit,
and now the automounters does not always work. They manage to look up
the map, but not the keys in the map.
Restarting the automounter sometimes
Hi,
We are using pam_ldap + pam_krb5 on our RHEL 5 workstations. Sometimes
when the user logs in, or unlocks his workstation the users kerberos
keytab is not created or updated.
Often, just locking the screen with the screensaver and unlocking again
creates or updates the keytab file.
On 09/10/2012 10:36 PM, Rich Megginson wrote:
On 09/10/2012 01:59 PM, Sigbjorn Lie wrote:
Hi,
I added indexes for automountKey, and automountmapname yesterday in
my test environment to see if that would speed the automounters up a
bit, and now the automounters does not always work
On 09/08/2012 01:34 AM, Dmitri Pal wrote:
On 07/26/2012 09:37 AM, Sigbjorn Lie wrote:
On 07/26/2012 02:53 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Wed, July 25, 2012 09:54, Sigbjorn Lie wrote:
On Tue, July 24, 2012 20:29, Simo Sorce wrote:
On Tue, 2012-07-24 at 10:22 +0200
On 09/07/2012 08:38 PM, Dmitri Pal wrote:
On 09/02/2012 12:58 PM, Sigbjorn Lie wrote:
On 09/02/2012 04:37 PM, Natxo Asenjo wrote:
hi,
Recently I have been playing with the zfs for its native nfs4 acl
capabilities. I have used openindiana for this. For those wondering
about openindiana
On Fri, September 7, 2012 00:10, Natxo Asenjo wrote:
On Thu, Sep 6, 2012 at 10:31 PM, Sigbjorn Lie sigbj...@nixtra.com wrote:
On 09/05/2012 08:12 PM, Natxo Asenjo wrote:
hi,
the subject says it all, I guess.
I know from another thread that with nexanta it is possible using
On Fri, September 7, 2012 09:36, Petr Spacek wrote:
On 09/07/2012 12:10 AM, Natxo Asenjo wrote:
On Thu, Sep 6, 2012 at 10:31 PM, Sigbjorn Lie sigbj...@nixtra.com
mailto:sigbj...@nixtra.com wrote:
On 09/05/2012 08:12 PM, Natxo Asenjo wrote:
hi,
the subject says it all, I guess.
I
Thanks. I believe Rob already created the account. I got some emails regarding
a wiki account. Haven't had time to check it out yet.
Rgds
Siggi
Dmitri Pal d...@redhat.com wrote:
On 09/06/2012 09:32 PM, KodaK wrote:
Thank you everyone. We finally had our meeting today (it was delayed
from
On 09/05/2012 08:12 PM, Natxo Asenjo wrote:
hi,
the subject says it all, I guess.
I know from another thread that with nexanta it is possible using
nsswitch.conf, but I was wondering if somene (Siggi :-) ? ) has (had)
this setup working.
--
Groeten,
natxo
On 09/02/2012 04:37 PM, Natxo Asenjo wrote:
hi,
Recently I have been playing with the zfs for its native nfs4 acl
capabilities. I have used openindiana for this. For those wondering
about openindiana, it is a distribution of the former opensolaris code.
I got the ldap client to work for
On 09/02/2012 08:21 PM, Natxo Asenjo wrote:
On Sun, Sep 2, 2012 at 6:58 PM, Sigbjorn Lie sigbj...@nixtra.com
mailto:sigbj...@nixtra.com wrote:
On 09/02/2012 04:37 PM, Natxo Asenjo wrote:
One thing I have not yet gotten to work is that these changes are
not persistent accross
On 08/19/2012 04:39 PM, Franklin Catoni wrote:
Greetings community.
I do not speak English so I will do my best.
I have two environments in my company, a domain ejemplo.com
http://ejemplo.com with Windows Active Directory running on Windows
Server 2003 Enterprise Edition SP2 and domain
On 08/16/2012 09:08 PM, Rich Megginson wrote:
On 08/16/2012 11:46 AM, Erinn Looney-Triggs wrote:
On 08/15/2012 05:13 PM, Rich Megginson wrote:
On 08/15/2012 03:58 PM, Erinn Looney-Triggs wrote:
After a restart of the system I received the following errors:
Starting dirsrv:
Did you try using the ipa-replica-manage command to remove the IPA server?
There is a force option to removal of an inactive IPA server when using that
command.
Rgds,
Siggi
On Thu, August 2, 2012 01:56, Kline, Sara wrote:
One of the other admins that I work with re-installed one of our test
On Tue, July 31, 2012 10:20, Petr Spacek wrote:
On 07/30/2012 10:37 PM, Sigbjorn Lie wrote:
Hi,
I've been having performance issues after I upgraded to RHEL 6.3 / IPA 2.2. I
still have a LDAP server having unusual high cpu usage even after it's been
removed from the SRV
records
On 07/31/2012 01:50 PM, Simo Sorce wrote:
On Tue, 2012-07-31 at 10:50 +0200, Sigbjorn Lie wrote:
On Tue, July 31, 2012 10:20, Petr Spacek wrote:
On 07/30/2012 10:37 PM, Sigbjorn Lie wrote:
Hi,
I've been having performance issues after I upgraded to RHEL 6.3 / IPA 2.2. I
still have a LDAP
Hi,
I've been having performance issues after I upgraded to RHEL 6.3 / IPA
2.2. I still have a LDAP server having unusual high cpu usage even after
it's been removed from the SRV records and is serving almost no clients
anymore, but it would seem as my main issues is with the kerberos server.
On 07/26/2012 02:53 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Wed, July 25, 2012 09:54, Sigbjorn Lie wrote:
On Tue, July 24, 2012 20:29, Simo Sorce wrote:
On Tue, 2012-07-24 at 10:22 +0200, Sigbjorn Lie wrote:
Hi,
I keep seing this error message in our production environment
Hi,
I keep seing this error message in our production environment Request is a
replay in variuos
services using kerberos like ssh, sssd, automounter, squid +++ after the
upgrade to RHEL 6.3 / IPA
2.2.
Jul 24 10:16:11 server027 sssd_be: GSSAPI Error: Unspecified GSS failure.
Minor code may
Hi,
Does a users kerberos tickets become invalid after a restart of the KDC
who granted the tickets?
Regards,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
I've seen cron jobs on some of our machines not being run after they we're
migrated to IPA. The
machines in question has not been restarted after they we're migrated from NIS
to IPA.
These are RHEL 6 machines. The users that has the crontab that's not run, was
in NIS, and the same
account
On 06/15/2012 04:24 PM, Stephen Gallagher wrote:
On Fri, 2012-06-15 at 15:19 +0200, Sigbjorn Lie wrote:
Hi,
I've seen cron jobs on some of our machines not being run after they we're
migrated to IPA. The
machines in question has not been restarted after they we're migrated from NIS
to IPA
On Mon, June 11, 2012 12:21, Martin Kosek wrote:
On Sat, 2012-06-09 at 14:12 +0200, Sigbjorn Lie wrote:
Hi,
Is there a supported method for converting a posix user group to a
non-posix user group?
Regards,
Siggi
I am not aware of any supported method. This step is more tricky than
1 - 100 of 265 matches
Mail list logo