On 3/23/15 4:04 AM, Martin Kosek wrote:
On 03/23/2015 04:07 AM, Janelle wrote:
Hello
Starting to see a lot of these and wondering what I am dealign with?
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipa1.example.com:389/o%3Dipaca) failed.
Hm, I do not met this error yet. This
On 23.3.2015 12:33, Roberto Cornacchia wrote:
OK, thanks.
That would be Dynamic updates, right? Then it is enabled.
$ ipa dnszone-show --all
Zone name: hq.example.com
dn: idnsname=hq.example.com.,cn=dns,dc=hq,dc=example,dc=com
Zone name: hq.example.com.
Active zone: TRUE
Thank you, dump sent privately
On 23 March 2015 at 13:33, Petr Spacek pspa...@redhat.com wrote:
On 23.3.2015 12:33, Roberto Cornacchia wrote:
OK, thanks.
That would be Dynamic updates, right? Then it is enabled.
$ ipa dnszone-show --all
Zone name: hq.example.com
dn:
Martin Kosek wrote:
This may mean that Dogtag is not up. Can you please check with ipactl status
that it (pki-ca) is up and running and that there are no related SELinux AVCs?
The problem seems to be java-related:
The self test plugin named selftests.container.logger.class contains a
value
This may mean that Dogtag is not up. Can you please check with ipactl status
that it (pki-ca) is up and running and that there are no related SELinux AVCs?
On 03/23/2015 04:52 AM, Michael Pawlak wrote:
Does anybody have any thoughts on this?
*Michael Pawlak*
Web Systems Administrator |
BTW, shouldn't named.conf contain an allow-update statement? Mine
doesn't. Or is this managed differently?
On 23 March 2015 at 12:16, Roberto Cornacchia roberto.cornacc...@gmail.com
wrote:
On 23 March 2015 at 10:35, Petr Spacek pspa...@redhat.com wrote:
On 23.3.2015 10:21, Roberto
On 03/23/2015 10:19 AM, Prashant Bapat wrote:
Hi,
I'm trying to add a custom attribute to user object. Below is the ldif i'm
using.
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME 'ipaSshSigTimestamp'
DESC 'SSH public key
On Mon, Mar 23, 2015 at 04:27:14PM +0530, Yogesh Sharma wrote:
I just deleted the netgroup, even though getent is resolving.
[root@mipa ~]# getent netgroup stg.initd.com
stg.initd.com (cipa.stg.initd.com,-,stg.initd.com)
[root@mipa ~]# ipa netgroup-show stg.initd.com
ipa: ERROR:
On Mon, Mar 23, 2015 at 04:18:56PM +0530, Yogesh Sharma wrote:
Seeing a strange behavior.
I deleted all Host Members from NetGroup and it was reflected in Client:
[root@cipa ~]# getent netgroup stg.initd.com
stg.initd.com
then I added one hostgroup *cipa * and it was successfully quried
On 23 March 2015 at 10:35, Petr Spacek pspa...@redhat.com wrote:
On 23.3.2015 10:21, Roberto Cornacchia wrote:
About the DNS update, this is what the debug log has to say:
Found zone name: hq.example.com
The master is: ipa.hq.example.com
start_gssrequest
Found realm from ticket:
OK, thanks.
That would be Dynamic updates, right? Then it is enabled.
$ ipa dnszone-show --all
Zone name: hq.example.com
dn: idnsname=hq.example.com.,cn=dns,dc=hq,dc=example,dc=com
Zone name: hq.example.com.
Active zone: TRUE
Authoritative nameserver: ipa.hq.example.com.
Administrator
Seeing a strange behavior.
I deleted all Host Members from NetGroup and it was reflected in Client:
[root@cipa ~]# getent netgroup stg.initd.com
stg.initd.com
then I added one hostgroup *cipa * and it was successfully quried in
getent on IPA Server
[root@mipa ~]# getent netgroup stg.initd.com
On 03/23/2015 04:07 AM, Janelle wrote:
Hello
Starting to see a lot of these and wondering what I am dealign with?
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipa1.example.com:389/o%3Dipaca) failed.
Hm, I do not met this error yet. This looks like error from 389-ds-base, it
Martin,
Thanks!
Let me double check.
Yes I was referring to the exact same pdf.
Regards.
--Prashant
On 23 March 2015 at 16:49, Martin Kosek mko...@redhat.com wrote:
On 03/23/2015 10:19 AM, Prashant Bapat wrote:
Hi,
I'm trying to add a custom attribute to user object. Below is the ldif
Ok the command you gave me worked. But I was following the PDF and below
command never worked.
ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr
Is that expected ?
Thanks.
--Prashant
On 23 March 2015 at 17:37, Prashant Bapat prash...@apigee.com wrote:
Martin,
Thanks!
Let me
On Mon, 23 Mar 2015, Bobby Prins wrote:
On 03/20/2015 08:05 AM, Alexander Bokovoy wrote:
On Fri, 20 Mar 2015, Bobby Prins wrote:
On Fri, 20 Mar 2015, Sumit Bose wrote:
On Fri, Mar 20, 2015 at 11:44:43AM +0100, Bobby Prins wrote:
On Thu, Mar 19, 2015 at 04:46:44PM +0100, Bobby Prins wrote:
On 03/20/2015 08:05 AM, Alexander Bokovoy wrote:
On Fri, 20 Mar 2015, Bobby Prins wrote:
On Fri, 20 Mar 2015, Sumit Bose wrote:
On Fri, Mar 20, 2015 at 11:44:43AM +0100, Bobby Prins wrote:
On Thu, Mar 19, 2015 at 04:46:44PM +0100, Bobby Prins wrote:
Hi there,
I'm currently trying to use
Prashant Bapat wrote:
Ok the command you gave me worked. But I was following the PDF and below
command never worked.
ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr
Is that expected ?
Did you restart httpd after adding the schema? A cached copy is used and
restarting will
On 03/20/2015 09:59 PM, McEvoy, James wrote:
Hi FreeIPA Users:
I can only get my new Fedora 21 freeipa to server to setup a trust with
Active Directory if I turn off the firewall on the ipa server. I have
looked through all the doc on which ports to open but have had no luck
getting
HI
i created the home directory manually and copied the profile.
i tried to access the solaris box from putty and still it's not accepting
password.
On Mon, Mar 23, 2015 at 11:03 AM, Ben .T.George bentech4...@gmail.com
wrote:
HI List
finally after soo much struggling now i can able to
We have two authentication domains; both on 4.X.
Domain 1 - Internal and contains our employee accounts
Domain 2 - External accounts that reside outside of our company.
These accounts are utilized to gain access to some of our web
resources.
Is their a method to point our older app at domain 2
Rob,
Thanks. Any additional eyes would be greatly apprecated.
*Michael Pawlak*
Web Systems Administrator | Colovore LLC
E: m...@colovore.com
C: 408.316.2154
http://www.colovore.com
On Mon, Mar 23, 2015 at 6:24 AM, Rob Crittenden rcrit...@redhat.com wrote:
Martin Kosek wrote:
This may mean
On 3/23/2015 12:10 PM, Michael Pawlak wrote:
Rob,
Thanks. Any additional eyes would be greatly apprecated.
*Michael Pawlak*
Web Systems Administrator | Colovore LLC
E: m...@colovore.com mailto:m...@colovore.com
C: 408.316.2154
http://www.colovore.com
On Mon, Mar 23, 2015 at 6:24 AM, Rob
On Mon, Mar 23, 2015 at 12:05:05PM +0530, Yogesh Sharma wrote:
Hello Team,
We are doing POC to use IPA server in our Env. When we try to add
individual host and user in Sudo Rule it work fine whereas we need use
HostGroup and Usergroup it is not working.
We have been restricted to use NIS
Dmitri, Rob, Jakub,
I found at least one of the major problems: chronyd.
This is what I get when I use ipa-client-install on a plain FC21 machine,
*without* using --force-ntpd
WARNING: ntpd timedate synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use
HI List
finally after soo much struggling now i can able to login solaris box as AD
user.
but auto home directory creation still have issue. for that i need to
compile some modules.
The issue i am facing is i cannot able to login to solaris box after
editing pam.conf file.here is the conf file
Sure Jakub. ++FreeIPA-Users
getent netgroup not working on IPA Server
[root@mipa ~]# getent netgroup stg.initd.com
[root@mipa ~]#
[root@mipa ~]# ipa hostgroup-show cipa-servers
Host-group: cipa-servers
Description: cipa
Member hosts: cipa.stg.initd.com
Member of netgroups:
Hello Team,
We are doing POC to use IPA server in our Env. When we try to add
individual host and user in Sudo Rule it work fine whereas we need use
HostGroup and Usergroup it is not working.
We have been restricted to use NIS due to others issue with NIS. Please
suggest a way to fix this.
On Mon, Mar 23, 2015 at 02:23:52PM +0530, Yogesh Sharma wrote:
Sure Jakub. ++FreeIPA-Users
getent netgroup not working on IPA Server
[root@mipa ~]# getent netgroup stg.initd.com
[root@mipa ~]#
[root@mipa ~]# ipa hostgroup-show cipa-servers
Host-group: cipa-servers
Description:
About the DNS update, this is what the debug log has to say:
Found zone name: hq.example.com
The master is: ipa.hq.example.com
start_gssrequest
Found realm from ticket: HQ.EXAMPLE.COM
send_gssrequest
*; Communication with 192.168.0.72#53 failed: operation canceled*
*Reply from SOA query:*
;;
On 23.3.2015 10:21, Roberto Cornacchia wrote:
About the DNS update, this is what the debug log has to say:
Found zone name: hq.example.com
The master is: ipa.hq.example.com
start_gssrequest
Found realm from ticket: HQ.EXAMPLE.COM
send_gssrequest
*; Communication with 192.168.0.72#53
Endi,
I could test that.
*Michael Pawlak*
Web Systems Administrator | Colovore LLC
E: m...@colovore.com
C: 408.316.2154
http://www.colovore.com
On Mon, Mar 23, 2015 at 1:36 PM, Endi Sukma Dewata edew...@redhat.com
wrote:
Thanks for the info. The transaction log doesn't indicate the cause of
I have an existing web app built with java/WebObjects that currently handles
some user/groups tasks with our current directory server (Open Directory). We
are investigating a move to FreeIPA for our directory services.
Just in mucking around, I’ve found that if I try to insert a new user
Thanks for the info. The transaction log doesn't indicate the cause of the
problem either. I might need to provide a custom build that generates more
useful information. Would you be able to test that? Thanks.
--
Endi S. Dewata
- Original Message -
Endi,
1. I am currently using
On Mon, Mar 23, 2015 at 06:26:21PM +0530, Yogesh Sharma wrote:
Thanks Jakub.
All the issue seems to be resolved now except that getent is not able to
resolve on IPA Server however working fine on other.
Below are the logs where it says it is not able to connect DataProvided.
[ ...]
Hi Rob,
Yes I did restart it.
Ok another problem. I'm not able to add this attr to existing users. Only
the new ones. Any pointers ?
Thanks.
--Prashant
On 23 March 2015 at 21:19, Rob Crittenden rcrit...@redhat.com wrote:
Prashant Bapat wrote:
Ok the command you gave me worked. But I was
You would need to extend user-mod to add this objectclass to existing modified
users. There is an example of such plugin in the PDF I mentioned.
On 03/23/2015 05:22 PM, Prashant Bapat wrote:
Hi Rob,
Yes I did restart it.
Ok another problem. I'm not able to add this attr to existing users.
Thanks. I will take a look. However will using this attr only on new users
from the time it was added have any issues ?
Also, will replication include this new attr ?
On 23 March 2015 at 21:57, Martin Kosek mko...@redhat.com wrote:
You would need to extend user-mod to add this objectclass to
Prashant Bapat wrote:
Thanks. I will take a look. However will using this attr only on new
users from the time it was added have any issues ?
Shouldn't cause any problems with IPA.
Also, will replication include this new attr ?
Yes. Schema is replicated as well.
rob
On 23 March 2015
Martin,
The CA service definitely appears to be up and selinux is disabled on the
host.
- ipactl status -
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
- service
On 03/23/2015 05:56 PM, Timothy Worman wrote:
I have an existing web app built with java/WebObjects that currently handles
some user/groups tasks with our current directory server (Open Directory). We
are investigating a move to FreeIPA for our directory services.
Just in mucking around, I’ve
Thanks for CC-ing me Dmitri, I only monitor freeipa-users based on
subjects and didn't realize this thread was about SSSD.
I didn't reproduce the problem myself yet, but I checked the sources and
I think it's a bug, much like one in the autofs responder we've had some
time ago. Please open a
On 03/23/2015 05:13 PM, Matt Wells wrote:
We have two authentication domains; both on 4.X.
Domain 1 - Internal and contains our employee accounts
Domain 2 - External accounts that reside outside of our company.
These accounts are utilized to gain access to some of our web
resources.
Is their a
43 matches
Mail list logo