On 22.10.2014 22:06, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello List,
So the whole not being able to change the CA easily is becoming a
regular point of contention in meetings. If I have read the e-mails
on this list correctly this issue is fixed in 4.1.
Hi,
Dne 23.10.2014 v 08:47 Petr Spacek napsal(a):
On 22.10.2014 22:06, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello List,
So the whole not being able to change the CA easily is becoming a
regular point of contention in meetings. If I have read the e-mails
on
I already deployed FreeIPA 4.1 on Fedora 21 server alpha-release.
Everything is good as far as FreeIPA server operation is concerned.
23-Oct-14 01:06, William Graboyes пишет:
3) am I insane for wanting to introduce FC21 into my environment?
--
Manage your subscription for the Freeipa-users
On (23/10/14 11:27), Outback Dingo wrote:
On Thu, Oct 23, 2014 at 11:20 AM, Fraser Tweedale ftwee...@redhat.com
wrote:
On Wed, Oct 22, 2014 at 03:23:56PM +0200, Lukas Slebodnik wrote:
On (22/10/14 17:10), Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about
+1.
And even if talking about installation of the necessary software and not about
the configuration, then why this?
The commands to enable the custom repository and install the required
packages on a FreeBSD host appear below.
Note that these are Bourne shell commands; this script will not
The FreeIPA team is proud to announce FreeIPA v4.1.0!
It can be downloaded from http://www.freeipa.org/page/Downloads. The
builds will be available for Fedora 21. Builds for Fedora 20 are
available in the official COPR repository
[https://copr.fedoraproject.org/coprs/mkosek/freeipa/].
==
Yet with FreeIPA v4 we've got another thing to keep in mind regarding
FreeBSD - FreeIPA integration: the cron script proposed at FreeBSD
forums won't work.
Here's what was said in the post:
The tricky part was gettingsudoto work with host groups. FreeIPA keeps
host groups in netgroups, and
Hi,
I have a FreeIPA 3.3.3 in transitive trust with AD2008.
Today I saw a lot of sssd segfaults on the server side:
[ 420.412011] sssd_be[734]: segfault at 8 ip 7fa54fa73334 sp
7fff62b2ec40 error 4 in libldb.so.1.1.16[7fa54fa66000+2c000]
[ 421.763035] sssd_be[2666]: segfault at 8 ip
Hi List,
On IPA server I added one external group for AD group.
When I log in to IPA client I can see that group:
97687(trustlinuxgroup_from_ad2posix)
but also I see few different groups came directly from Active Directory
like 127310615(trustlinuxgr...@acme.example.com) or
On Tue, Oct 21, 2014 at 07:49:11AM -0430, Loris Santamaria wrote:
El lun, 20-10-2014 a las 21:19 -0400, Dmitri Pal escribió:
On 10/20/2014 09:15 AM, Loris Santamaria wrote:
[...]
Trying to join the server to the domain (net rpc join -U domainadmin -S
ipaserver) fails, and it
On (23/10/14 12:23), crony wrote:
Hi,
I have a FreeIPA 3.3.3 in transitive trust with AD2008.
Today I saw a lot of sssd segfaults on the server side:
[ 420.412011] sssd_be[734]: segfault at 8 ip 7fa54fa73334 sp
7fff62b2ec40 error 4 in libldb.so.1.1.16[7fa54fa66000+2c000]
Could you
Already sent directly to your email.
/lm
2014-10-23 13:45 GMT+02:00 Lukas Slebodnik lsleb...@redhat.com:
On (23/10/14 12:23), crony wrote:
Hi,
I have a FreeIPA 3.3.3 in transitive trust with AD2008.
Today I saw a lot of sssd segfaults on the server side:
[ 420.412011] sssd_be[734]:
Rob and Rich,
ipa-replica-manage del should have cleaned things up. You can clear out
old RUVs with ipa-replica-manage too via list-ruv and clean-ruv. You use
list-ruv to get the id# to clean and clean-ruv to do the actual cleaning.
I remember having previously tried this task, but it had
And another interesting behaviour.
Say a user netuser is a member of a user group netstaff,
and a host bsd.example.com is a member of a host group nethosts.
We then create an HBAC rule netstaff_to_nethosts:
Who: User Groups - netstaff -- Accessing: Host Groups - nethosts --
Via Service:
On 10/23/2014 07:01 AM, John Desantis wrote:
Rob and Rich,
ipa-replica-manage del should have cleaned things up. You can clear out
old RUVs with ipa-replica-manage too via list-ruv and clean-ruv. You use
list-ruv to get the id# to clean and clean-ruv to do the actual cleaning.
I remember
Hi All,
I've found another problem with my setup:
What could be the reason of such errors on FreeIPA client side:
/var/log/sssd/sssd_linux.acme.example.com.log:(Thu Oct 23 09:49:23 2014)
[sssd[be[linux.acme.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n
exop request failed.
On Thu, 23 Oct 2014, crony wrote:
Hi All,
I've found another problem with my setup:
What could be the reason of such errors on FreeIPA client side:
You need to check sssd logs on IPA master side.
IPA 3.3.3 + RHEL7 and IPA clients: RHEL 6.4 and RHEL 6.6 - the same
situation.
There were some
Probable yes.
2014-10-23 15:59 GMT+02:00 Sumit Bose sb...@redhat.com:
On Thu, Oct 23, 2014 at 03:47:31PM +0200, crony wrote:
Hi All,
I've found another problem with my setup:
What could be the reason of such errors on FreeIPA client side:
On Thu, 23 Oct 2014, crony wrote:
Hi List,
On IPA server I added one external group for AD group.
When I log in to IPA client I can see that group:
97687(trustlinuxgroup_from_ad2posix)
but also I see few different groups came directly from Active Directory
like
On (23/10/14 14:44), crony wrote:
Already sent directly to your email.
Thank you for coredump.
It is a known bug (https://fedorahosted.org/sssd/ticket/2391)
Bug is fixed in sssd upstream
sh$ git tag --contains 895f045dd4aad7f5857826cc1496cfa048a790dd
sssd-1_11_7
sh$ git tag --contains
yes, sure, it would be great to see if it works in upstream version.
thank you
2014-10-23 16:10 GMT+02:00 Lukas Slebodnik lsleb...@redhat.com:
On (23/10/14 14:44), crony wrote:
Already sent directly to your email.
Thank you for coredump.
It is a known bug
On (23/10/14 16:31), crony wrote:
yes, sure, it would be great to see if it works in upstream version.
thank you
Here you are
https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-11/
LS
--
Manage your subscription for the Freeipa-users mailing list:
The FreeIPA team would like to announce FreeIPA v4.0.4 bugfix release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora 21 are available in the official COPR repository
[https://copr.fedoraproject.org/coprs/mkosek/freeipa-4.0/].
== Highlights in 4.0.4 ==
===
Hello!
I tryed to configure synchronization between FreeIPA and Windows AD 2012.
In the thirst time accounts from AD synchronization properly but next
schedule after 5 min is not work and in error log I see the following
errors:
# tail -f /var/log/dirsrv/slapd-TEST-CSBI-ITS-RU/errors
Hi all,
I somehow destroyed my primary IPA server's Server-Cert in
/etc/httpd/alias. I don't understand how or why it happened, all I know is
that I went to restart Apache and it was gone. Apache won't start, of
course, because the cert is missing. I can't issue a new cert on the
primary
Thank you!
Error: Package: sssd-client-1.11.7-2.el7.centos.x86_64 (lslebodn-sssd-1-11)
Requires: libc.so.6(GLIBC_2.14)(64bit)
Error: Package: python-sssdconfig-1.11.7-2.el7.centos.noarch
(lslebodn-sssd-1-11)
Requires: python(abi) = 2.7
Installed:
Alright then, thanks for info!
Tomorrow is the deadline for my researches on FreeIPA.
Then I have to start deploying a centralized management solution in our
production environment.
Please help me to make a final decision on which version of FreeIPA to choose -
3.3 or 4.1?
I'd like to have all
On (23/10/14 18:12), crony wrote:
Thank you!
I prepared repo for epel6, epel7 and fedora 19
Error: Package: sssd-client-1.11.7-2.el7.centos.x86_64 (lslebodn-sssd-1-11)
Requires: libc.so.6(GLIBC_2.14)(64bit)
Error: Package: python-sssdconfig-1.11.7-2.el7.centos.noarch
On Thu, 23 Oct 2014, Орхан Касумов wrote:
Alright then, thanks for info!
Tomorrow is the deadline for my researches on FreeIPA.
Then I have to start deploying a centralized management solution in our
production environment.
Please help me to make a final decision on which version of FreeIPA to
Eric McCoy wrote:
Hi all,
I somehow destroyed my primary IPA server's Server-Cert in
/etc/httpd/alias. I don't understand how or why it happened, all I know
is that I went to restart Apache and it was gone. Apache won't start,
of course, because the cert is missing. I can't issue a new
On 10/23/2014 10:26 AM, Dmitri Pal wrote:
On 10/23/2014 08:19 AM, Сапегин Валерий wrote:
Hello!
I tryed to configure synchronization between FreeIPA and Windows AD
2012. In the thirst time accounts from AD synchronization properly
but next schedule after 5 min is not work and in error log I
Very interesting!
You're right, I used simple ldapsearch -x command on the client when
browsing the LDAP database. With IPA 3.3 it returned a whole lot of info about
hostgroups, but with IPA 4.1 - only a single string 'cn=ng,cn=compat,$SUFFIX'.
That's why current script didn't work.
Tomorrow
Oh, sorry Lukas, now its my mistake + tiredness.. I was testing on the
wrong machine.Thank you.
/lm
2014-10-23 18:30 GMT+02:00 Lukas Slebodnik lsleb...@redhat.com:
On (23/10/14 18:12), crony wrote:
Thank you!
I prepared repo for epel6, epel7 and fedora 19
Error: Package:
Some nicknames changed to protect the innocent. The puppetmaster/hostname
cert is nominally unrelated, though its creation was contemporaneous with
the disappearance of server-cert so I can't entirely rule it out.
Certificate Nickname Trust
Attributes
Eric McCoy wrote:
Some nicknames changed to protect the innocent. The
puppetmaster/hostname cert is nominally unrelated, though its creation
was contemporaneous with the disappearance of server-cert so I can't
entirely rule it out.
Certificate Nickname
FreeIPA 4.0.3 server with SSSD 1.9.2 on CentOS6
Seems that group membership is completely inconsistent
Running id in shell as my user on:
* ipa server - I am a member of 2 groups
* Server that just came up and joined - 1 group
* Server that has been up for some time - 5 groups
Via UI:
Small update, it appears that once I run getent group groupname - my
user shows up in the group groupname. Odd.
(and yes, I have ran sss_cache -UG many a time)
-M
On Thu, Oct 23, 2014 at 5:15 PM, Michael Lasevich mlasev...@gmail.com
wrote:
FreeIPA 4.0.3 server with SSSD 1.9.2 on CentOS6
On Thu, Oct 23, 2014 at 02:12:47PM +0400, Орхан Касумов wrote:
+1.
And even if talking about installation of the necessary software and not
about the configuration, then why this?
The commands to enable the custom repository and install the required
packages on a FreeBSD host appear
On Thu, Oct 23, 2014 at 09:58:33AM +0200, Lukas Slebodnik wrote:
On (23/10/14 11:27), Outback Dingo wrote:
On Thu, Oct 23, 2014 at 11:20 AM, Fraser Tweedale ftwee...@redhat.com
wrote:
On Wed, Oct 22, 2014 at 03:23:56PM +0200, Lukas Slebodnik wrote:
On (22/10/14 17:10), Fraser Tweedale
Hello,
This is my first time posting to this list, so if I've made a faux pas
or mistake, please do correct me.
Can anyone please point me to the correct method to renewing 3rd party
SSL certificates used by FreeIPA 3.0? I suspect I've not done this
correctly.
Here is what has worked correctly
You could ease everything by creating 2 files: FreeIPA.conf and FreeIPA.pem,
uploading them to Web and sharing links to them. FreeBSD users could the use
the fetch command to download and use your files.
Отправлено от Blue Mail
На 5:36, 24.10.2014, в 5:36, Fraser Tweedale ftwee...@redhat.com
On Fri, Oct 24, 2014 at 07:42:31AM +0500, Orkhan Gasimov wrote:
You could ease everything by creating 2 files: FreeIPA.conf and
FreeIPA.pem, uploading them to Web and sharing links to them.
FreeBSD users could the use the fetch command to download and
use your files.
I turned it into a shell
While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one of the
two boxes:
Upgrade failed with attribute allowWeakCipher not allowed
IPA upgrade failed.
Unexpected error
DuplicateEntry: This entry already exists
It seems the ipa no longer starts up after this. The replica server
43 matches
Mail list logo
