On 05/18/2015 02:17 PM, Sina Owolabi wrote:
Hi Martin
And thanks for getting back, greatly appreciated.
I tore down the replica and reinstalled from scratch, using an old
replica-info file
I had on the primary. Im not sure if this is a good thing to do, but I
would appreciate
if you could
On May 18, 2015, at 9:55 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Not necessarily.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/SecureConnections.html#requiring-secure-connections
Yes, I saw that discussion but there is no solution.
So how to create compat tree?
In my ldap there is somenting like
uid=bartosz,cn=users,cn=compat,dc=example,dc=com - but it is still with
uid.
PS. I have fresh instalation CentOS 7.1 and IPA 4.1.
2015-05-18 16:03 GMT+02:00 Rob Crittenden
On Mon, 18 May 2015, Nathaniel McCallum wrote:
On Mon, 2015-05-18 at 17:03 +0300, Alexander Bokovoy wrote:
On Mon, 18 May 2015, Janelle wrote:
On 5/10/15 11:57 PM, Alexander Bokovoy wrote:
On Sun, 10 May 2015, Janelle wrote:
On 5/5/15 6:47 AM, Dmitri Pal wrote:
On 05/04/2015 09:38 PM,
On Mon, 2015-05-18 at 09:45 -0500, Janelle wrote:
Ok, let me ask this a different way, because maybe there is a way,
and I am just not seeing it.
I have 2 datacenters with typical bastions in each. I have enabled
OTP and that works fine via ssh. But the user has to login to both
and
On 05/18/2015 04:50 PM, Andy Thompson wrote:
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Monday, May 18, 2015 10:33 AM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trusted user groups
On (18/05/15 13:55), Andy Thompson
On May 18, 2015, at 04:31, Martin Kosek mko...@redhat.com wrote:
On 05/18/2015 01:49 AM, Janelle wrote:
On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
On 4/17/15 5:59 PM, Dmitri Pal wrote:
On 04/17/2015 08:07 PM, Janelle wrote:
On
On Mon, 2015-05-18 at 07:59 -0500, Janelle wrote:
On May 18, 2015, at 04:31, Martin Kosek mko...@redhat.com wrote:
On 05/18/2015 01:49 AM, Janelle wrote:
On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
On 4/17/15 5:59 PM,
On Mon, 2015-05-18 at 17:18 +0300, Alexander Bokovoy wrote:
On Mon, 18 May 2015, Nathaniel McCallum wrote:
On Mon, 2015-05-18 at 17:03 +0300, Alexander Bokovoy wrote:
On Mon, 18 May 2015, Janelle wrote:
On 5/10/15 11:57 PM, Alexander Bokovoy wrote:
On Sun, 10 May 2015, Janelle
On Mon, 18 May 2015, Nathaniel McCallum wrote:
On Mon, 2015-05-18 at 17:18 +0300, Alexander Bokovoy wrote:
On Mon, 18 May 2015, Nathaniel McCallum wrote:
On Mon, 2015-05-18 at 17:03 +0300, Alexander Bokovoy wrote:
On Mon, 18 May 2015, Janelle wrote:
On 5/10/15 11:57 PM, Alexander Bokovoy
On (18/05/15 13:55), Andy Thompson wrote:
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Thursday, May 14, 2015 4:41 PM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trusted user groups
On (14/05/15 15:53), Andy Thompson
On 05/16/2015 04:06 PM, Nathan Peters wrote:
I have updated the bug report you filed below.
The issue was that the instructions would only work in Windows Server
2003 because My Network Places was removed in 2008 and above. Since
the manual clearly states that the AD sync is to be performed
You should add your IPA zone as a slave on your 'external' DNS servers so they
are able to resolve the IPA zone.
Josh
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Winfried de Heiden
Sent: Monday, May 18, 2015 10:10 AM
To: Freeipa-users
Subject:
Adding freeipa-users list back, to keep others in the loop.
On 05/18/2015 12:32 PM, Brian Topping wrote:
Thanks for taking the time to write that, Martin. It's good to have a
reference to build from.
Result of ida-client-install outside the firewall with port 636 accessible:
Ah, I mostly
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Monday, May 18, 2015 10:33 AM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trusted user groups
On (18/05/15 13:55), Andy Thompson wrote:
-Original Message-
From:
On 05/18/2015 08:26 AM, Martin Kosek wrote:
Adding freeipa-users list back, to keep others in the loop.
On 05/18/2015 12:32 PM, Brian Topping wrote:
Thanks for taking the time to write that, Martin. It's good to have a reference
to build from.
Result of ida-client-install outside the
Hi Martin
And thanks for getting back, greatly appreciated.
I tore down the replica and reinstalled from scratch, using an old
replica-info file
I had on the primary. Im not sure if this is a good thing to do, but I
would appreciate
if you could point me to the logs you'd be interested in seeing.
On Mon, 18 May 2015, Janelle wrote:
On 5/10/15 11:57 PM, Alexander Bokovoy wrote:
On Sun, 10 May 2015, Janelle wrote:
On 5/5/15 6:47 AM, Dmitri Pal wrote:
On 05/04/2015 09:38 PM, Janelle wrote:
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Vangass wrote:
Hi,
I try to set FreeIPA as a LDAP server for HP iLO authentication. iLO
client sends dn as cn=bartosz,cn=users,cn=accounts,dc=example,dc=com
but in FreeIPA there is no cn=bartosz just uid=bartosz (as for any other
user I create is uid). Is it possible to modify uid to cn or is
Hi,
I try to set FreeIPA as a LDAP server for HP iLO authentication. iLO client
sends dn as cn=bartosz,cn=users,cn=accounts,dc=example,dc=com but in
FreeIPA there is no cn=bartosz just uid=bartosz (as for any other user I
create is uid). Is it possible to modify uid to cn or is there any other
Yes CA is running, and it's on the same machine.
[root@dc ~]# ipa-replica-prepare dc01.ourdom.com --ip-address 192.168.2.40
Directory Manager (existing master) password:
Preparing replica for dc01.ourdom.com from dc.ourdom.com
Creating SSL certificate for the Directory Server
Certificate
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Thursday, May 14, 2015 4:41 PM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trusted user groups
On (14/05/15 15:53), Andy Thompson wrote:
-Original Message-
From:
On Mon, 2015-05-18 at 17:03 +0300, Alexander Bokovoy wrote:
On Mon, 18 May 2015, Janelle wrote:
On 5/10/15 11:57 PM, Alexander Bokovoy wrote:
On Sun, 10 May 2015, Janelle wrote:
On 5/5/15 6:47 AM, Dmitri Pal wrote:
On 05/04/2015 09:38 PM, Janelle wrote:
On 5/4/15 6:06 PM,
Sina Owolabi wrote:
Yes CA is running, and it's on the same machine.
[root@dc ~]# ipa-replica-prepare dc01.ourdom.com
http://dc01.ourdom.com --ip-address 192.168.2.40
Directory Manager (existing master) password:
Preparing replica for dc01.ourdom.com http://dc01.ourdom.com from
On 05/15/2015 05:11 PM, James James wrote:
ok Rob. Thanks for your help. I will wait for the Scientific Linux 6.7 .
Hi James,
Unfortunately there is no workaround. This is a timing issue mostly seen
when the master is more powerful than the consumer.
If you are using VM you may try to get
On 5/10/15 11:57 PM, Alexander Bokovoy wrote:
On Sun, 10 May 2015, Janelle wrote:
On 5/5/15 6:47 AM, Dmitri Pal wrote:
On 05/04/2015 09:38 PM, Janelle wrote:
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be
Natxo Asenjo wrote:
On Sat, May 16, 2015 at 10:24 PM, Natxo Asenjo natxo.ase...@gmail.com
mailto:natxo.ase...@gmail.com wrote:
hi,
If I retrieve the usercertificate attribute for host objects I get
some gibberish.
How can I decode the info I get from ldapsearch?
maybe there
Hi all,
Creating an AD-trust works nicely. However, for some customers
both AD and IPA don't have have DNS "for their own", the use
external DNS (Infoblox for example)
Now, is is possible to create an AD trust without a build-in
(bind)
On Sun, May 17, 2015 at 10:26:45PM +, Andy Thompson wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Jakub Hrozek
Sent: Sunday, May 17, 2015 5:23 PM
To: freeipa-users@redhat.com
Subject: Re:
Sina Owolabi wrote:
Hi Rob
There are some logs in /var/log/pki-ca/catalina.out that appear to
indicate a problem:
[SNIP]
These are mostly white noise from tomcat and can be ignored.
Also running getcert list tells me there are two expired certs:
Request ID '20130524104636':
Hi Rob
There are some logs in /var/log/pki-ca/catalina.out that appear to
indicate a problem:
CMS Warning: FAILURE: Cannot build CA chain. Error
java.security.cert.CertificateException: Certificate is not a PKCS #11
certificate|FAILURE: authz instance DirAclAuthz initialization failed
and
On May 18, 2015, at 09:47, Nathaniel McCallum npmccal...@redhat.com wrote:
On Mon, 2015-05-18 at 09:45 -0500, Janelle wrote:
Ok, let me ask this a different way, because maybe there is a way,
and I am just not seeing it.
I have 2 datacenters with typical bastions in each. I have enabled
Hello
I have been attempting to use my 4.1.4 FreeIPA server to authenticate
folders on a web server as a replacement for the normal htaccess feature. I
do require group authentication. I have tried just about online example and
have only been able to get basic ldap and basic kerbos
On 5/18/15 7:47 AM, Nathaniel McCallum wrote:
On Mon, 2015-05-18 at 09:45 -0500, Janelle wrote:
Ok, let me ask this a different way, because maybe there is a way,
and I am just not seeing it.
I have 2 datacenters with typical bastions in each. I have enabled
OTP and that works fine via ssh.
Once again, replication/sync has been lost. I really wish the product
was more stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts or changes (maybe
a few users changing passwords) and again, 5 out of 16 servers are no
longer in sync.
I can test it
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product
was more stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts or changes
(maybe a few users changing passwords) and again, 5 out of 16 servers
Hello!
I'm trying to reinstall ipa client, but have a problem with old/existing
ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since the IPA
server still on development and always reinstalled, I need to reproduce
any possible problem/error on FreeIPA 4.x on CentOS 7.
The error was :
On 05/19/2015 03:23 AM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product was more
stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts or changes (maybe a few
users changing passwords) and again, 5 out of 16 servers
On 05/19/2015 04:04 AM, Dewangga Bachrul Alam wrote:
Hello!
I'm trying to reinstall ipa client, but have a problem with old/existing
ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since the IPA
server still on development and always reinstalled, I need to reproduce
any possible
On 05/16/2015 12:19 PM, Sina Owolabi wrote:
Please help me. I am in dire straits, this is the linchpin of our
network and we are suffering.
I am sorry for delay in answering, but not many people here show up on the
weekend. Comments below.
On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi
On 05/15/2015 01:33 PM, Brian Topping wrote:
In the (apparently) first message to the list in 2014,
https://www.redhat.com/archives/freeipa-users/2014-January/msg0.html
https://www.redhat.com/archives/freeipa-users/2014-January/msg0.html
addressed questions about securing IPA and I
On 05/18/2015 01:49 AM, Janelle wrote:
On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
On 4/17/15 5:59 PM, Dmitri Pal wrote:
On 04/17/2015 08:07 PM, Janelle wrote:
On Apr 17, 2015, at 16:36, Dmitri Pal d...@redhat.com wrote:
snip for
-Original Message-
From: Jakub Hrozek [mailto:jhro...@redhat.com]
Sent: Monday, May 18, 2015 4:07 AM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] username case sensitivity
On Sun, May 17, 2015 at 10:26:45PM +, Andy Thompson wrote:
43 matches
Mail list logo