Andrew E. Bruno wrote:
> On Mon, Oct 05, 2015 at 12:40:42PM +0200, Martin Kosek wrote:
>> On 10/02/2015 06:00 PM, Andrew E. Bruno wrote:
>>> On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno wrote:
What's the best way to re-initialize a replica?
Suppose one of your replicas
Janelle wrote:
> On 10/5/15 10:16 AM, Simo Sorce wrote:
>> On 05/10/15 11:11, Janelle wrote:
>>> So here is a fun question -- how is this possible?
>>>
>>> from ipa-replica-manage list-ruv
>>>
>>> ipa002.example.com 389 6
>>> ipa003.example.com 389 30 <- Huh???
>>> ipa003.example.com
On 10/5/15 10:16 AM, Simo Sorce wrote:
On 05/10/15 11:11, Janelle wrote:
So here is a fun question -- how is this possible?
from ipa-replica-manage list-ruv
ipa002.example.com 389 6
ipa003.example.com 389 30 <- Huh???
ipa003.example.com 389 33 <-
ipa004.example.com 389 24
On Mon, Oct 05, 2015 at 12:40:42PM +0200, Martin Kosek wrote:
> On 10/02/2015 06:00 PM, Andrew E. Bruno wrote:
> > On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno wrote:
> >> What's the best way to re-initialize a replica?
> >>
> >> Suppose one of your replicas goes south.. is there a
Crony,
I also am trying to setup both AIX 6.1 and AIX 7 clients.
Is there anyway I could get you to post you working configurations?
Thanks,
David
-Original Message-From: crony
>
To:
Good morning,
Any suggestion what I should do?
I still have
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
Regards.
On Fri, Oct 2, 2015 at 5:04 PM, Fujisan wrote:
> I only have this:
>
> $ keyctl list @s
> 1 key
On 3.10.2015 01:47, nat...@nathanpeters.com wrote:
> This issue has occured again and I am once again trying to troubleshoot it.
>
> show forwarder
> --
> -bash-4.2$ ipa dnsconfig-show
> Global forwarders: 10.21.0.14
> Allow PTR sync: TRUE
>
> attempt ping
>
>
Hi
Hm, there's nothing at all in the /var/log/sssd/krb5_child.log when I try
to login with SSH and enter a password.
kinit doesn't work.
$ kinit -k
kinit: Permission denied while getting initial credentials
For this test, I was root and then did a "su - user" and then "kinit -k".
Also after
On 10/05/2015 10:58 AM, Andreas Calminder wrote:
Hi,
guessing this is a quite frequent question, but I can't find any solid
information about the topic.
I want to specify a set of default sudo options so I don't have to
specify these options for every other sudo rule I create.
There's supposed
I was facing similar issues, and ended up changing the username from admin
to something else since admin is a common name in brute force ssh attacks.
It was getting locked out in spite of using fail2ban. I guess fail2ban can
be tweaked to block the host before ipa blocks the admin account, but I
i have two bind instances in somewhat of a multi-master server
arrangement, where they share the same ldap backend via
bind-dyndb-ldap. currently, they are authoritative and recursive
servers, and i want to change things up a bit. i want to move the
recursive function to a third device. for
>>> Looking at the log entries, it appears that there may have been a
>>> network
>>> connectivity 'blip' (maybe a switch or router was restarted) at some
>>> point
>>> and even after connectivity was restored, the global forwarding was
>>> failing because the "we can't contact our forwarder"
>>> Looking at the log entries, it appears that there may have been a
>>> network
>>> connectivity 'blip' (maybe a switch or router was restarted) at some
>>> point
>>> and even after connectivity was restored, the global forwarding was
>>> failing because the "we can't contact our forwarder"
Prasun Gera wrote:
> I was facing similar issues, and ended up changing the username from
> admin to something else since admin is a common name in brute force ssh
> attacks. It was getting locked out in spite of using fail2ban. I guess
> fail2ban can be tweaked to block the host before ipa blocks
I just noticed I can log in to the web UI with user admin and his password.
But when I try to configure firefox to use kerberos, I click on "Install
Kerberos Configuration Firefox Extension" button, a message appears saying
"Firefox prevented this site from asking you to install software on your
On 10/02/2015 06:00 PM, Andrew E. Bruno wrote:
> On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno wrote:
>> What's the best way to re-initialize a replica?
>>
>> Suppose one of your replicas goes south.. is there a command to tell
>> that replicate to re-initialize from the first master
It is actually on the ipa server that ipa commands are not working. On ipa
clients, I do not have errors.
On Mon, Oct 5, 2015 at 12:27 PM, Fujisan wrote:
> I just noticed I can log in to the web UI with user admin and his password.
>
> But when I try to configure firefox
On Mon, Oct 05, 2015 at 09:00:13AM +0200, Alexander Skwar wrote:
> Hi
>
> Hm, there's nothing at all in the /var/log/sssd/krb5_child.log when I try
> to login with SSH and enter a password.
Can you try to increase the debug_level to 0xFFF0?
>
> kinit doesn't work.
>
> $ kinit -k
> kinit:
All right,
Thanks a million!
/andreas
On 10/05/2015 11:29 AM, Pavel Březina wrote:
On 10/05/2015 10:58 AM, Andreas Calminder wrote:
Hi,
guessing this is a quite frequent question, but I can't find any solid
information about the topic.
I want to specify a set of default sudo options so I
Am 01.10.2015 um 21:52 schrieb Rob Crittenden:
Dominik Korittki wrote:
Hello folks,
I am running two FreeIPA Servers with around 100 users and around 15.000
hosts, which are used by users to login via ssh. The FreeIPA servers
(which are Centos 7.0) ran good for a while, but as more and more
I uninstalled the ipa server and reinstalled it. Then restored the backup.
And then the following:
$ keyctl list @s
3 keys in keyring:
437165764: --alswrv 0 65534 keyring: _uid.0
556579409: --alswrv 0 0 user:
ipa_session_cookie:host/zaira2.opera@OPERA
286806445: ---lswrv 0 65534
On 10/01/2015 05:06 PM, Dominik Korittki wrote:
> Hello folks,
>
> I am running two FreeIPA Servers with around 100 users and around 15.000
> hosts, which are used by users to login via ssh. The FreeIPA servers
> (which are Centos 7.0) ran good for a while, but as more and more hosts
> got
Hi
Hm, when I'm root, "kinit -k" works:
# kinit -k
#
Just not as a user. As a user, I get the "kinit: Permission denied while
getting initial credentials" error message.
Regards,
Alexander
2015-10-05 9:00 GMT+02:00 Alexander Skwar <
alexanders.mailinglists+nos...@gmail.com>:
> Hi
>
> Hm,
Dear Jakub,
I found only the following entries in the /var/log/auth.log:
Oct 5 11:57:38 hl-srv10 sudo: pam_unix(sudo:auth): conversation failed
Oct 5 11:57:38 hl-srv10 sudo: pam_unix(sudo:auth): auth could not identify
password for [f.zo...@de.eu.local]
Oct 5 11:57:38 hl-srv10 sudo:
I was going to ask about the ipa command error on the ipa server and how to
fix it. But then I just tried again and it works.
$ ipa user-show admin
User login: admin
Last name: Administrator
Home directory: /home/zaira/admin
Login shell: /bin/bash
UID: 1000
GID: 1000
Account
On 10/05/2015 12:55 PM, Fujisan wrote:
It is actually on the ipa server that ipa commands are not working. On ipa
clients, I do not have errors.
On Mon, Oct 5, 2015 at 12:27 PM, Fujisan wrote:
I just noticed I can log in to the web UI with user admin and his password.
Torsten Harenberg wrote:
> Hi Janelle,
>
> Am 04.10.2015 um 19:25 schrieb Janelle:
>> Just wondering if anyone knows why this happens from time to time on
>> servers:
>>
>> $ kinit admin
>> kinit: Clients credentials have been revoked while getting initial
>> credentials
>>
>> there are no failed
On 10/5/15 7:39 AM, Rob Crittenden wrote:
Torsten Harenberg wrote:
Hi Janelle,
Am 04.10.2015 um 19:25 schrieb Janelle:
Just wondering if anyone knows why this happens from time to time on
servers:
$ kinit admin
kinit: Clients credentials have been revoked while getting initial
credentials
Janelle wrote:
> On 10/5/15 7:39 AM, Rob Crittenden wrote:
>> Torsten Harenberg wrote:
>>> Hi Janelle,
>>>
>>> Am 04.10.2015 um 19:25 schrieb Janelle:
Just wondering if anyone knows why this happens from time to time on
servers:
$ kinit admin
kinit: Clients credentials
So here is a fun question -- how is this possible?
from ipa-replica-manage list-ruv
ipa002.example.com 389 6
ipa003.example.com 389 30 <- Huh???
ipa003.example.com 389 33 <-
ipa004.example.com 389 24
~Janelle
--
Manage your subscription for the Freeipa-users mailing list:
On 05/10/15 11:11, Janelle wrote:
So here is a fun question -- how is this possible?
from ipa-replica-manage list-ruv
ipa002.example.com 389 6
ipa003.example.com 389 30 <- Huh???
ipa003.example.com 389 33 <-
ipa004.example.com 389 24
ipa003 was reinstalled but the RUV
31 matches
Mail list logo