On 03/11/2015 09:05 PM, Dmitri Pal wrote:
> On 03/11/2015 03:15 PM, Erinn Looney-Triggs wrote:
...
>> Third, there appears to be a behavior change from in ipalib. I cleaned up a
>> little inventory script for ansible, you can take a look at it here:
>> https://github.com/ansible/ansible/blob/devel/
On 03/12/2015 12:17 AM, Dmitri Pal wrote:
> On 03/11/2015 04:37 PM, Steven Jones wrote:
>> ==
>> [root@vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns
>> --forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg
>> --skip-conncheck
>> Checking forwarders, please wa
Dne 12.3.2015 v 08:25 Martin Kosek napsal(a):
On 03/11/2015 09:05 PM, Dmitri Pal wrote:
On 03/11/2015 03:15 PM, Erinn Looney-Triggs wrote:
...
Third, there appears to be a behavior change from in ipalib. I cleaned up a
little inventory script for ansible, you can take a look at it here:
https:
I think you should now check dirsrv errors logs on both server and the replica.
It should have more info what went wrong with starting the replication.
Please also check
# systemctl status dirsrv@YOUR-REALM.service
to check there are no SASL buffer related error messages.
On 03/10/2015 12:58 AM
HI
i tried both method and still it's not creating the home directories
regards,
Ben
On Wed, Mar 11, 2015 at 11:35 PM, sipazzo wrote:
> This is how use the automounter to automatically create home directories
> for ipa users under /export/home/ and mount them under /home/ on Solaris
> 10, as w
On 03/10/2015 03:06 PM, Alexander Bokovoy wrote:
> On Tue, 10 Mar 2015, Benjamin Reed wrote:
>> On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
>>> Are you following these instructions?
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authenticati
Hi FreeIPA Users,
I have a fresh new FreeIPA 4.1 on RHEL7.1 with self-sign CA and I would
like to change the self-sign CA to the external CA
Do you have any step by step document for do it correctly on 4.1 version?
/lm
--
Manage your subscription for the Freeipa-users mailing list:
https://www.r
On 12/03/15 08:30, Martin Kosek wrote:
On 03/12/2015 12:17 AM, Dmitri Pal wrote:
On 03/11/2015 04:37 PM, Steven Jones wrote:
==
[root@vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns
--forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg
--skip-conncheck
Check
Hi Guys,
Is Rob able to look at this ? I hope he has some sparetime as I'm
kinda stuck with this issue.
Thanks!
2015-03-08 12:30 GMT+01:00 Matt . :
> I'm reviewing some things.
>
> When I'm using a loadbalancer, which I prefer in this setup I need to
> have the same certificates on both server
On 03/12/2015 10:37 AM, crony wrote:
Hi FreeIPA Users,
I have a fresh new FreeIPA 4.1 on RHEL7.1 with self-sign CA and I would
like to change the self-sign CA to the external CA
Do you have any step by step document for do it correctly on 4.1 version?
/lm
Hello!
I'm not aware of this bein
Thank you David, I'll check it out.
2015-03-12 12:36 GMT+01:00 David Kupka :
> On 03/12/2015 10:37 AM, crony wrote:
>
>> Hi FreeIPA Users,
>> I have a fresh new FreeIPA 4.1 on RHEL7.1 with self-sign CA and I would
>> like to change the self-sign CA to the external CA
>>
>> Do you have any step by
Hi,
Yes the DUA profile needs manually editing and updating as IPA servers are
added or removed. Ideally this would be managed by ipa-replica-manage, however
as I was advised in the BZ, Red Hat does not have the knowledge or resources to
focus on integration with Solaris, which is understandabl
Matt . wrote:
> Hi Guys,
>
> Is Rob able to look at this ? I hope he has some sparetime as I'm
> kinda stuck with this issue.
Wildcard certs are not supported.
You can request a SAN with certmonger using -D . That will work
with IPA 4.x for sure, maybe 3.3.5.
rob
>
> Thanks!
>
>
>
> 2015-0
Hi,
Security wise I can understand that.
Yes I have read about that... but that would let me use the
loadbalancer to connect ? I was not sure if the SAN would "connect" as
"other" host.
2015-03-12 15:07 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi Guys,
>>
>> Is Rob able to look at this ? I
On 03/11/2015 06:46 PM, Dmitri Pal wrote:
> On 03/11/2015 01:13 PM, Andrew Holway wrote:
>> Hi,
>>
>> We have a mix of Centos 6 and Centos 7 machines which we would like to manage
>> with FreeIPA.
>>
>> I remember that setting up freeipa on Centos 6 can be a bit tricky although I
>> found this meth
On 03/12/2015 12:48 PM, crony wrote:
> Thank you David, I'll check it out.
>
> 2015-03-12 12:36 GMT+01:00 David Kupka :
>
>> On 03/12/2015 10:37 AM, crony wrote:
>>
>>> Hi FreeIPA Users,
>>> I have a fresh new FreeIPA 4.1 on RHEL7.1 with self-sign CA and I would
>>> like to change the self-sign C
Matt . wrote:
> Hi,
>
> Security wise I can understand that.
>
> Yes I have read about that... but that would let me use the
> loadbalancer to connect ? I was not sure if the SAN would "connect" as
> "other" host.
Kerberos through a load balancer can be a problem. Is this what you're
worried abo
Not worried, I need to try.
I think it's not an issue as we use persistance for the connection. We
only do some user adding/chaging stuff, nothing really fancy but it
needs to be decent. As persistence comes in I think we don't have to
worry about it, we discussed that here earlier as I remember.
On 03/12/2015 02:10 AM, Jan Cholasta wrote:
> Dne 12.3.2015 v 08:25 Martin Kosek napsal(a):
>> On 03/11/2015 09:05 PM, Dmitri Pal wrote:
>>> On 03/11/2015 03:15 PM, Erinn Looney-Triggs wrote:
>> ...
Third, there appears to be a behavior change from in ipalib.
I cleaned up a little invento
HI Siggi,
thanks for the detailed information.
how can i apply this DUA profile? can you please give me the steps to apply
this.
my current stage is, i can able to login to solaris 10 box with AD user.
only thing from command like without "-" in su
Regards,
Ben
On Thu, Mar 12, 2015 at 4:00 PM,
I do have other CAs (just not the master but it is available offline if needed)
Directory server is runningThe apache web server is running and I can get to
the guiipa cert-show 1 works
Are the TLS errors due to the mismatch in certs between slapd-PKI-CA and
slapd-NETWORKFLEET-COM?
-Origi
On 03/12/2015 07:24 PM, Erinn Looney-Triggs wrote:
On 03/12/2015 02:10 AM, Jan Cholasta wrote:
Dne 12.3.2015 v 08:25 Martin Kosek napsal(a):
On 03/11/2015 09:05 PM, Dmitri Pal wrote:
On 03/11/2015 03:15 PM, Erinn Looney-Triggs wrote:
...
Third, there appears to be a behavior change from in i
Hi,
Currently it seems that IPA on RHEL6.6 is broken in terms of adding a RHEL7.1
replica to it. ie following the document linked to below.
Should be a BZ case on it shortly via RH support (RH case number 01290601) for
an updated 389 rpm for 6.6.
I assume it will be the same for Centos 7.x as
On 03/12/2015 01:46 PM, Martin Kosek wrote:
> On 03/12/2015 07:24 PM, Erinn Looney-Triggs wrote:
>> On 03/12/2015 02:10 AM, Jan Cholasta wrote:
>>> Dne 12.3.2015 v 08:25 Martin Kosek napsal(a):
On 03/11/2015 09:05 PM, Dmitri Pal wrote:
> On 03/11/2015 03:15 PM, Erinn Looney-Triggs wrote:
>
Hello,
I was looking into otp authentication and found some articles on how to
enable this in freeipa.
I can't seem to figure out how this is going to deal with cashed
credentials on a laptop that is not able to connect the ipa server.
How is this going to work out when 'native OTP' is being use
sipazzo wrote:
> I do have other CAs (just not the master but it is available offline if
> needed)
To be clear, all IPA servers are masters, some just run more services
than others. It sounds like you have at least one CA available which
should be sufficient.
> Directory server is running
> The a
> On 12 Mar 2015, at 21:32, Rob Verduijn wrote:
>
> Hello,
>
> I was looking into otp authentication and found some articles on how to
> enable this in freeipa.
>
> I can't seem to figure out how this is going to deal with cashed credentials
> on a laptop that is not able to connect the ipa
Hi
I have successfully setup an AD---> freeipa Model and joining bits and
pieces from 389-ds I have setup a oneWaySinc fromWindows.
The issue I got for the last week is the pasword sync which does not
seem to work at all, it does not matter what I do in the AD server I
never get the passwords
On 03/12/2015 03:07 PM, Gonzalo Fernandez Ordas wrote:
Hi
I have successfully setup an AD---> freeipa Model and joining bits and
pieces from 389-ds I have setup a oneWaySinc fromWindows.
The issue I got for the last week is the pasword sync which does not
seem to work at all, it does not matte
Thanks very much for the quick reply. And that was exactly the bit I
never fully understood, till now.
is it known anyway of synchronising the passwords? Any recommendations
on those regards?
Thanks
On 12/03/2015 22:13, Rich Megginson wrote:
On 03/12/2015 03:07 PM, Gonzalo Fernandez Ord
On 03/12/2015 03:44 PM, Gonzalo Fernandez Ordas wrote:
Thanks very much for the quick reply. And that was exactly the bit I
never fully understood, till now.
is it known anyway of synchronising the passwords?
No.
Any recommendations on those regards?
Yes - use Trusts instead of sync.
On 03/12/2015 04:59 PM, Jakub Hrozek wrote:
On 12 Mar 2015, at 21:32, Rob Verduijn wrote:
Hello,
I was looking into otp authentication and found some articles on how to enable
this in freeipa.
I can't seem to figure out how this is going to deal with cashed credentials on
a laptop that is n
On 03/12/2015 05:59 PM, Rich Megginson wrote:
On 03/12/2015 03:44 PM, Gonzalo Fernandez Ordas wrote:
Thanks very much for the quick reply. And that was exactly the bit I
never fully understood, till now.
is it known anyway of synchronising the passwords?
No.
Any recommendations on those
33 matches
Mail list logo