Re: [Freeipa-users] --external-ca is a bit confusing.

2013-02-21 Thread Dmitri Pal
On 02/20/2013 10:20 PM, Kendrick . wrote: I am trying to get cacert to sign the csr. I have tried searching about it and cant figure out what is what. some information i have found suggests it wont be possible. when I go to get the csr signed i get The following hostnames were rejected

Re: [Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC

2013-02-21 Thread Dmitri Pal
On 02/20/2013 08:44 AM, Rodney L. Mercer wrote: On Tue, 2013-02-19 at 21:05 -0500, Dmitri Pal wrote: On 02/19/2013 09:14 AM, Rodney L. Mercer wrote: On Sun, 2013-02-17 at 13:31 -0500, Dmitri Pal wrote: On 02/16/2013 12:14 PM, Mercer, Rodney wrote:

Re: [Freeipa-users] Trouble creating replica

2013-02-21 Thread Bret Wortman
Rich, 389-ds-base-1.2.11.5-1.fc17.x86_64. The box is a DL360G8. * * *Bret Wortman* http://damascusgrp.com/ http://damascusgrp.com/ http://bretwortman.com/ http://twitter.com/BretWortman On Wed, Feb 20, 2013 at 9:03 PM, Rich Megginson rmegg...@redhat.com wrote: On 02/20/2013 06:43 PM, Bret

Re: [Freeipa-users] [Feature request] Adding support for sudo to ipa-client-install

2013-02-21 Thread Jakub Hrozek
On Thu, Feb 21, 2013 at 03:07:10PM +0100, Han Boetes wrote: This is what you have to do to enable sudo support while using freeipa: I got it all from sssd-sudo(5). # yum install libsss_sudo Add this line to /etc/nsswitch.conf sudoers: files sss Edit /etc/sssd/sssd.conf and make

Re: [Freeipa-users] Trouble creating replica

2013-02-21 Thread Rich Megginson
On 02/21/2013 07:11 AM, Bret Wortman wrote: Rich, 389-ds-base-1.2.11.5-1.fc17.x86_64. The box is a DL360G8. https://fedorahosted.org/389/ticket/518 _ _ *Bret Wortman* http://damascusgrp.com/ http://damascusgrp.com/ http://bretwortman.com/ http://twitter.com/BretWortman On Wed, Feb 20,

[Freeipa-users] Upgrading to 6.4

2013-02-21 Thread Erinn Looney-Triggs
For the fool hearty amongst us, as in me, I upgraded to RHEL 6.4 today. So far the Web UI portion of IPA is broken. I receive the following error via the UI: IPA Error 903 an internal error has occurred. Other things appear to be working fine, though my testing hasn't been all that thorough at

Re: [Freeipa-users] Upgrading to 6.4

2013-02-21 Thread Rob Crittenden
Erinn Looney-Triggs wrote: For the fool hearty amongst us, as in me, I upgraded to RHEL 6.4 today. So far the Web UI portion of IPA is broken. I receive the following error via the UI: IPA Error 903 an internal error has occurred. Other things appear to be working fine, though my testing

Re: [Freeipa-users] Upgrading to 6.4

2013-02-21 Thread Erinn Looney-Triggs
On 02/21/2013 09:07 AM, Rob Crittenden wrote: add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' ) add:objectClasses:

Re: [Freeipa-users] Upgrading to 6.4

2013-02-21 Thread Rob Crittenden
Erinn Looney-Triggs wrote: On 02/21/2013 09:34 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: On 02/21/2013 09:07 AM, Rob Crittenden wrote: add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING

Re: [Freeipa-users] Upgrading to 6.4

2013-02-21 Thread Erinn Looney-Triggs
On 02/21/2013 09:40 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: On 02/21/2013 09:34 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: On 02/21/2013 09:07 AM, Rob Crittenden wrote: add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group

Re: [Freeipa-users] Upgrading to 6.4

2013-02-21 Thread Erinn Looney-Triggs
On 02/21/2013 09:34 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: On 02/21/2013 09:07 AM, Rob Crittenden wrote: add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch

Re: [Freeipa-users] Trouble creating replica

2013-02-21 Thread Bret Wortman
Thanks for the bug link. We let the developer we thought had messed things up out of the 4x4 cell we had stashed him in. He's still blinking from sunlight but the doctors tell us the facial twitching will stop in a month or two. * * *Bret Wortman* http://damascusgrp.com/ http://damascusgrp.com/

Re: [Freeipa-users] Upgrading to 6.4

2013-02-21 Thread Dmitri Pal
On 02/21/2013 11:44 AM, Erinn Looney-Triggs wrote: On 02/21/2013 09:40 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: On 02/21/2013 09:34 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: On 02/21/2013 09:07 AM, Rob Crittenden wrote: add:attributeTypes: (2.16.840.1.113730.3.8.11.1

[Freeipa-users] login problem after set trust

2013-02-21 Thread Andre Rodrigues
Hi all, I'm testing trust Freeipa-AD follow the how to http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup After set ipa trust-add users from AD domain can logon on ipa domain using ssh (ssh -l user@AD.DOMAIN linux.ipa), but FreeIPA users can't logon on Windows machine (winserver 2008) (using

Re: [Freeipa-users] --external-ca is a bit confusing.

2013-02-21 Thread Kendrick .
It is part of my initial setup. I copied the ipa.csr in to cacert's signing system so that the certificates would be valid outside of my local domain. and it errors because the host information said certificate authority instead of the host name if I understand that error mesage properly. I am

Re: [Freeipa-users] --external-ca is a bit confusing.

2013-02-21 Thread John Dennis
On 02/21/2013 07:23 PM, Kendrick . wrote: It is part of my initial setup. I copied the ipa.csr in to cacert's signing system so that the certificates would be valid outside of my local domain. and it errors because the host information said certificate authority instead of the host name if I