On Wed, Jun 3, 2015 at 12:29 AM, Lukas Slebodnik lsleb...@redhat.com
wrote:
However sssd is available just on linux (or FreeBSD)
I'm not sure which clients do you use on Solaris or other
Solaris would be configured via LDAP. RedHat appears to have a pretty good
guide for doing this.
Same goes
Someone higher up decided that there was no time for me to resolve this
and I’ve been forced to implement a different method for now.
I can still continue to work on this, I'll just need to find different
hardware to troubleshoot with.
I have set up a kerberos.xml in /etc/firewalld/services
I am running FreeIPA 4.1.3 on CentOS7.
I am attempting to join a CentOS 6.5 client using ipa-client 3.0.0-42.
The client hostname is ipaclient.login.mydomain.net.
The FreeIPA domain is mydomain.net.
This post here :
https://www.redhat.com/archives/freeipa-users/2015-April/msg00368.html
Hi All
I can now report back success (at least on my throwaway EL7.1 test VM).
To switch an EL 7.1 + ipa-client 4.1 host from an old FreeIPA 3.3.3 KDC to
a new FreeIPA 4.1 KDC 3 steps are required:
1) ipa-client-install --uninstall
2) rm -f /var/lib/sss/db/*
3) ipa-client-install --server
Hi,
please put the following line to /etc/sudo.conf to obtain sudo logs and send us
the file:
Debug sudo /var/log/sudo_debug all@trace
- Original Message -
From: Martin Kosek mko...@redhat.com
To: Sina Owolabi notify.s...@gmail.com
Cc: Cory Carlton c...@pithoslabs.com,
On 06/04/2015 04:33 PM, Rob Crittenden wrote:
Thomas Sailer wrote:
I have now managed to upgrade the replica as well.
I stumbled over a few additional problems:
1) whenever a user becomes member of a group with +nsuniqueid= in its
name, the user can no longer login. The reason is that
Thomas Sailer wrote:
I have now managed to upgrade the replica as well.
I stumbled over a few additional problems:
1) whenever a user becomes member of a group with +nsuniqueid= in its
name, the user can no longer login. The reason is that ldb_dn_validate
doesn't like the + character, thus
Junhe Jian wrote:
Hello everyone,
I’m new here and have problem with IPA Server
our single IPA Server all Certificate was expired.
Autorenewal not worked, so I read the docu
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal and do manually
my server is centos 6.4
[root@be-ipasrv ~]#
Hi Rob,
i set the date in past 26 MAY 2015
and add NSSEnforceValidCerts off to nss.conf
and resubmit the 3 ID
[root@be-ipasrv httpd]# getcert resubmit -i 20130528090822
Resubmitting 20130528090822 to IPA.
[root@be-ipasrv httpd]# getcert resubmit -i 20130528090849
Resubmitting 20130528090849 to
I would check for DNS resolution from the machine executing the sudo, to
the IPA server.
On Thu, Jun 4, 2015 at 9:54 AM, Sina Owolabi notify.s...@gmail.com wrote:
Hi
I recently had to remove and reinstall a fresh IPA server. I am
currently re-enrolling all the ipa clients to the recently
On 06/04/2015 05:06 PM, Cory Carlton wrote:
I would check for DNS resolution from the machine executing the sudo, to
the IPA server.
I would also suggest cleaning SSSD caches, since you reinstalled against the
same domain, but actually different server (/var/lib/sss/db/)
On Thu, Jun 4, 2015
Hi Martin
I have deleted everything in /var/lib/sss/db/ and restarted sssd,
no luck.
On Thu, Jun 4, 2015 at 4:10 PM, Martin Kosek mko...@redhat.com wrote:
On 06/04/2015 05:06 PM, Cory Carlton wrote:
I would check for DNS resolution from the machine executing the sudo, to
the IPA server.
I
Hi Cory,
DNS is fine. The IPA server is the internal domains DNS server, and
the affected servers use it as easily as the other ipa clients.
On Thu, Jun 4, 2015 at 4:06 PM, Cory Carlton c...@pithoslabs.com wrote:
I would check for DNS resolution from the machine executing the sudo, to the
IPA
Hi Rob,
i have only add NSSEnforceValidCerts off to nss.conf.
ipa run last 2 years without problem since the certificate expired.
I loaded all the proxy modules in apache and restart httpd and certmonger.
Yeah, the certificates are renew
root@be-ipasrv httpd]# getcert list | grep status
Hi
I recently had to remove and reinstall a fresh IPA server. I am
currently re-enrolling all the ipa clients to the recently refreshed
domain (same name as the previous realm and domain). The new IPA
master is RHEL7.1 with IPA 4.1.3.
All client servers are running RHEL6.6.
I also have sudorule
Junhe Jian wrote:
Hi Rob,
i set the date in past 26 MAY 2015
and add NSSEnforceValidCerts off to nss.conf
and resubmit the 3 ID
[root@be-ipasrv httpd]# getcert resubmit -i 20130528090822
Resubmitting 20130528090822 to IPA.
[root@be-ipasrv httpd]# getcert resubmit -i 20130528090849
Resubmitting
Chris Tobey wrote:
Hi Rob,
Thanks for taking the time to look at this.
I have services in /etc/init.d/ named tomcat6 and pki-cad.
I tried the following:
-
[Thu Jun 04 14:38:16:/etc/init.d]$ service tomcat6 status
tomcat6 is stopped [ OK ]
Hi Rob,
Thanks for taking the time to look at this.
I have services in /etc/init.d/ named tomcat6 and pki-cad.
I tried the following:
-
[Thu Jun 04 14:38:16:/etc/init.d]$ service tomcat6 status
tomcat6 is stopped [ OK ]
[Thu Jun 04
Hi Rob,
Sorry, my original message had the information:
FreeIPA server running on CentOS 6.6 server.
(ipa-server-3.0.0-42.el6.centos.x86_64 and
ipa-client-3.0.0-42.el6.centos.x86_64)
Once again your advice is perfect. I did the ipactl restart and now
everything in the web page appears to be
Hi everyone,
I've taken over a FreeIPA 3.0.0. server (only one, no mirrors) running
on Centos 6 that is incredibly broken.
I've already tried a lot of troubleshooting etc and setting up a mirror,
but I just can't seem to get rid of the issue. As such I have basically
decided to de-commision
Hello everyone,
I'm new here and have problem with IPA Server
our single IPA Server all Certificate was expired.
Autorenewal not worked, so I read the docu
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal and do manually
my server is centos 6.4
[root@be-ipasrv ~]# rpm -qa | grep ipa
21 matches
Mail list logo