Hi to whom it may concern,
we used for many years a 2 location policy to separate email users from unix
users in order to not using the same passwords. So we had 2 trees in our LDAP
with the same user but different passwords.
In freeipa (where we want to migrate now) I can use the accounts and
could you try this:
https://www.redhat.com/archives/freeipa-users/2015-May/msg00062.html
it was successfully applied before
On 05/21/2015 06:58 AM, Alexander Frolushkin wrote:
Hello again.
Is it now clear how to deal with problem ipa-replica-manage list-ruv
showing
unable to decode: {repli
On Thu, 21 May 2015, Rudolf Gabler wrote:
Hi to whom it may concern,
we used for many years a 2 location policy to separate email users from
unix users in order to not using the same passwords. So we had 2 trees
in our LDAP with the same user but different passwords.
In freeipa (where we want
Thank you. Do I need to run this on each of my 17 IPA servers in unix domain?
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: Thursday, May 21, 2015 1:37 PM
To: freei
On 05/21/2015 09:50 AM, Alexander Frolushkin wrote:
Thank you. Do I need to run this on each of my 17 IPA servers in unix
domain?
no, the cleanallruv task should be propagated to all server a repl
agreement exists
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*fr
On 20.5.2015 17:38, Brian Koontz wrote:
> Running FreeIPA 4.1.4, Fedora 21. Trying to get dynamic DNS updates on
> clients to work following these instructions:
>
> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
>
> (Using GSS-TSIG isn't an option because I have no wa
On 5/20/15 7:53 AM, Mark Reynolds wrote:
On 05/20/2015 10:17 AM, thierry bordaz wrote:
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 05/21/2015 01:36 PM, Janelle wrote:
And just like that - for no reason, they all reappeared:
unable to decode {replica 16} 5535647200030010 5535647200030010
unable to decode {replica 23} 5545d61f00020017 5552f71800030017
unable to decode {replica 24} 554d53d30018 5
On 05/21/2015 01:36 PM, Janelle wrote:
On 5/20/15 7:53 AM, Mark Reynolds wrote:
On 05/20/2015 10:17 AM, thierry bordaz wrote:
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 5/21/15 5:16 AM, Ludwig Krispenz wrote:
On 05/21/2015 01:36 PM, Janelle wrote:
And just like that - for no reason, they all reappeared:
unable to decode {replica 16} 5535647200030010 5535647200030010
unable to decode {replica 23} 5545d61f00020017 5552f71800030017
unable to
On 5/21/15 5:20 AM, thierry bordaz wrote:
On 05/21/2015 01:36 PM, Janelle wrote:
On 5/20/15 7:53 AM, Mark Reynolds wrote:
On 05/20/2015 10:17 AM, thierry bordaz wrote:
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
O
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be ds2-ipa1 established a replication session with its peers and
send those RIDs.
Could you track in all the access logs, when th
On 05/21/2015 02:20 PM, thierry bordaz wrote:
On 05/21/2015 01:36 PM, Janelle wrote:
And just like that - for no reason, they all reappeared:
unable to decode {replica 16} 5535647200030010 5535647200030010
unable to decode {replica 23} 5545d61f00020017 5552f71800030017
unabl
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be ds2-ipa1 established a replication session with its peers and
send those RIDs.
Could y
On 5/21/15 5:49 AM, Rich Megginson wrote:
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be ds2-ipa1 established a replication session w
On 05/21/2015 03:04 PM, Janelle wrote:
On 5/21/15 5:49 AM, Rich Megginson wrote:
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be ds2
Knowing that the first issue is 'working as designed', I can now focus on
exactly how to fix it. In my case, the issue is that a vendor's code is
appending "name=..." to its search filter to find a user group.
Thanks, I can troubleshoot the second issue, it isn't a roadblock to my task.
On 05/2
Rob,
<<
Try adding the inetUser objectclass to your system account. You're probably
lacking memberOf.
>>
Thanks, that worked. My last issue is to add read/search permission on the
"name" attribute as the vendor doesn't offer a way to not include it in a
search filter to find user groups.
<<
I
On 05/21/2015 09:15 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:04 PM, Janelle wrote:
On 5/21/15 5:49 AM, Rich Megginson wrote:
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? The
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them was this server. Then the
other 4 servers were RE-BUILT from scratch, so all the replic
Sanju A wrote:
Dear Rob,
Please find the result of getcert list.
Request ID '20140430124456':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them was this server. Then the
other 4 servers were
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them was
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them was
Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, o
On 05/21/2015 03:59 PM, Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as
a replica some time ago with all the others. Think of this -- the
origin
Hi All
what a count of IPA servers does make sense for sssd configuration? We
have 5 IPA servers and each Host can reach them. Can I put them all to
sssd configuration (redundancy) or does it dont make sense (timeouts to
big etc)?
MfG
Christoph Kaminski
--
Manage your subscription for the F
Christoph Kaminski wrote:
Hi All
what a count of IPA servers does make sense for sssd configuration? We
have 5 IPA servers and each Host can reach them. Can I put them all to
sssd configuration (redundancy) or does it dont make sense (timeouts to
big etc)?
The recommended procedure is to use D
On 5/21/15 8:12 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:59 PM, Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as
a replica some time ago with
On 05/21/2015 09:59 AM, Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as
a replica some time ago with all the others. Think of this -- the
origi
I've got a freeIPA client where a user account cannot authenticate.
The log entry for IPA looks like:
audit/audit.log.4:type=USER_AUTH msg=audit(1425316592.375:38090): user
pid=16485 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication
acct
On 05/21/2015 05:54 PM, John Williams wrote:
I've got a freeIPA client where a user account cannot authenticate.
The log entry for IPA looks like:
audit/audit.log.4:type=USER_AUTH msg=audit(1425316592.375:38090): user
pid=16485 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_
We have requirements to only allow AES encryption. I'm trying to understand
what is the default and where everything comes in to play, the user tickets
are AES when obtained using kinit, but the system keytab shows des3 and arcfour
in addition to AES.
So my questions are
What is enabled/supp
33 matches
Mail list logo
