Now all is ok :)
# ipa trust-add --type=ad mydomain.com --admin Administrator --password
Active Directory domain administrator's password:
---
Added Active Directory trust for realm "mydomain.com"
On 09/09/2015 06:32 PM, Thomas Suiter wrote:
Is there an equivalent host/computer default objectclasses that there
is for ipa config-mod –groupobjectclasses/--userobjectclasses ? We
are wanting to add some additional attributes to all of the servers,
I’m able to add the object class to
Hello Steven!
I would like to help you but unfortunately I have no chance to guess
what went wrong.
To help us help you please report any issue in a way described on
FreeIPA Troubleshooting page (http://www.freeipa.org/page/Troubleshooting).
Most importantly we need the following:
1.
OS: RHEL 7.1 w IDM
I'm seeing these messages in my master's log messages. I don't know if it's
related, but I think I started seeing them after I set up a replica.
Everything seems to be working fine, but I'm worried that things will break
if delta grows beyond a point. I tried steps in
Thanks. I'm not virtualizing though. Should I still add it ?
On Thu, Sep 10, 2015 at 5:02 AM, Andrew Holway
wrote:
> Hi,
>
> I assume you are virtualising.
>
> Try adding "tinker panic 0" to /etc/ntp.conf.
>
> It should make it tolerant to heavily drifting virtual
Hello,
what is the best way to include a external Nameserver for a IPA Host?
My DNS (DNSSEC) server is running on a extra Instance (KVM) now I have setup a
extra Instance for a IPA Master Server and I have now to include the CNAMe
Server like "smtp.example.com CNAME imap.example.com" or cvan I
Hi,
I assume you are virtualising.
Try adding "tinker panic 0" to /etc/ntp.conf.
It should make it tolerant to heavily drifting virtual clocks.
Cheers,
Andrew
On 10 September 2015 at 13:46, Prasun Gera wrote:
> OS: RHEL 7.1 w IDM
>
> I'm seeing these messages in my
Thomas Suiter wrote:
> Is there an equivalent host/computer default objectclasses that there is
> for ipa config-mod groupobjectclasses/--userobjectclasses ? We are
> wanting to add some additional attributes to all of the servers, Im
> able to add the object class to individual servers but not
Thats odd. You would normally not need it on bare metal. It could be broken
hardware.
On 10 September 2015 at 14:05, Prasun Gera wrote:
> Thanks. I'm not virtualizing though. Should I still add it ?
>
> On Thu, Sep 10, 2015 at 5:02 AM, Andrew Holway
On 10.9.2015 15:38, Günther J. Niederwimmer wrote:
> Hello,
>
> what is the best way to include a external Nameserver for a IPA Host?
>
> My DNS (DNSSEC) server is running on a extra Instance (KVM) now I have setup
> a
> extra Instance for a IPA Master Server and I have now to include the
On Thu, 10 Sep 2015, Martin Kosek wrote:
On 09/08/2015 08:13 PM, Ian Pilcher wrote:
Now that I'm actually using IPA authentication for a few services within
my house, I'm going to set up a simple "start page" with a few links,
including a link to IPA web UI for password changes. I'd like to
Hello:
So recently, we received some new workstations that I loaded with Ubuntu 12.04.
The person who had this sysadmin position before me set up the IPA domain and
had it running for quite some time. I went to add one of the systems to the
domain through a script he created, something in the
On 09/08/2015 08:13 PM, Ian Pilcher wrote:
> Now that I'm actually using IPA authentication for a few services within
> my house, I'm going to set up a simple "start page" with a few links,
> including a link to IPA web UI for password changes. I'd like to use
> the FreeIPA logo, but I've only
The hardware is not very old (ivybridge). The entries appear every few
minutes in the log. The /etc/ntp.conf has not been modified manually. It
lists 3 servers - 0.rhel.pool.ntp.org, 1 and 2. At the end, there are also
a couple of additional local servers with the comment added by
Hi,
I'm not sure I understood all of your problem, but here are some
information that may help:
- First, you don't change a certificate, but you can revoke it a make a new
one
- If you need to add a SubjectAltName to a certificate, you may have
realized that the -D parameter makes the request to
On 09/09/2015 09:50 PM, Janelle wrote:
> Hello,
>
> I was wondering if anyone has played with thee extended logging of IPA and
> specifically SSSD and the kibana dashboards they put together.
> https://www.freeipa.org/page/Centralized_Logging
>
> I can't seem to get "clients" to send the login
On 9/10/15 7:55 AM, Martin Kosek wrote:
On 09/09/2015 09:50 PM, Janelle wrote:
Hello,
I was wondering if anyone has played with thee extended logging of IPA and
specifically SSSD and the kibana dashboards they put together.
https://www.freeipa.org/page/Centralized_Logging
I can't seem to get
On 10.9.2015 17:22, Alexander Bokovoy wrote:
> On Thu, 10 Sep 2015, Martin Kosek wrote:
>> On 09/08/2015 08:13 PM, Ian Pilcher wrote:
>>> Now that I'm actually using IPA authentication for a few services within
>>> my house, I'm going to set up a simple "start page" with a few links,
>>> including
So I did a bit of googling and tinker panic 0 only makes sense for virtual
machines. Is there any way to confirm if it is indeed a hardware issue ?
On Thu, Sep 10, 2015 at 5:16 AM, Andrew Holway
wrote:
> Thats odd. You would normally not need it on bare metal. It could
Following instructions from here...
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
RHEL6 server
# rpm -qa ipa-server
ipa-server-3.0.0-42.el6.x86_64
RHEL7 server
# rpm -q ipa-server
Hi,
I'm trying to setup my Amazon Linux instances to be able to fetch the IPA
users public ssh key.
Do I have to setup a binddn and bindpw in the ldap.conf file and use
/usr/libexec/openssh/ssh-ldap-wrapper or is there a better way to do it?
Thanks,
Gustavo
--
Manage your subscription for the
One way to do it is write a small script which will fetch the keys from
LDAP.
As for authentication, I make the SSH public key anonymously readable for
everyone.
On 11 September 2015 at 05:00, Gustavo Mateus
wrote:
> Hi,
>
> I'm trying to setup my Amazon Linux
Sorry, I've read ipv6.disable=1 in this article
http://www.freeipa.org/page/Active_Directory_trust_setup#Prerequisites, I
understood wrong this prerequisite and went directly to the next chapter,
in my mind I was conviced that IPv6 must be disabled :)
I will try with IPv6 enabled, and then I will
23 matches
Mail list logo