[Freeipa-users] Unable to access systems

2014-02-11 Thread Terry Soucy
access_provider = ipa krb5_store_password_if_offline = True ipa_server = _srv_ ldap_tls_cacert = /etc/ipa/ca.crt krb5_realm = SFMC.CO krb5_changepw_principle = kadmin/changepw krb5_auth_timeout = 15 ipa_hostname = vm3118.dev.ca1.sfmc.co -- Terry Soucy - Systems Engineer Salesforce MarketingCloud - http

Re: [Freeipa-users] Export DNS to external

2014-01-28 Thread Terry Soucy
A DNS slave here is no different. The slave does not get its information from IPA. It gets it from a basic zone update from the master. Configure your slave like you would configure any other DNS slave. Terry Sent from my iPhone On Jan 28, 2014, at 7:48 AM, Choudhury, Suhail

Re: [Freeipa-users] sssd errors in Ubuntu 12.04

2013-12-03 Thread Terry Soucy
___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Terry Soucy - Systems Engineer Salesforce MarketingCloud - http://www.salesforce.com (o) 506.631.7445 (c) 506.609.3247 | (e) tso...@salesforce.com

[Freeipa-users] out of sync replicas

2013-11-20 Thread Terry Soucy
to no replication, etc, etc. I need to sync the ldap/serverB service principal on Server A with the ldap/serverB service principal on Server B. Is there a way to do that, or am I looking at a re-init of server B? Terry -- Terry Soucy - Systems Engineer Salesforce MarketingCloud - http

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Terry Soucy
I have the keytab with the oldest version number shown in the kvno command, but when I put that into place, I get no joy. Terry On Wed, Nov 20, 2013 at 4:05 PM, Terry Soucy tso...@salesforce.com wrote: The service principal ldap/serverB was exported but not put into place at /etc/dirsrv

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Terry Soucy
file, I get one version number. If I export from server B, I get an older version number. When I use the kvno command, I get an even older number. Terry On Wed, Nov 20, 2013 at 3:56 PM, Rich Megginson rmegg...@redhat.com wrote: On 11/20/2013 12:37 PM, Terry Soucy wrote: I am currently

Re: [Freeipa-users] out of sync replicas

2013-11-20 Thread Terry Soucy
' Terry On Wed, Nov 20, 2013 at 4:21 PM, Rob Crittenden rcrit...@redhat.com wrote: Terry Soucy wrote: I have the keytab with the oldest version number shown in the kvno command, but when I put that into place, I get no joy. A lot more details are required. Did you change or renew the keytab

[Freeipa-users] Replication causing long etimes

2013-09-04 Thread Terry Soucy
on that require replication with regards to dns, users, hosts, etc, so I'm not sure why it would take so long. Also, can I remove the SASL bind and just add a replication user to the dse.ldif to remove the requirement for kerberos for replication? Terry -- Terry Soucy - Systems Engineer Salesforce