[Freeipa-users] concurrent requests to ipalib app giving network error

Hi, I have a REST API that is using the ipalib and written with Falcon. Below is the code or you can check it online here: http://paste.ubuntu.com/15966308/ from __future__ import print_function from bson import json_util import json import falcon from ipalib import api as ipaapi from

Re: [Freeipa-users] Account/password expirations

On Tue, Apr 19, 2016 at 11:57 AM, Jakub Hrozek wrote: > Did you test that this actually fails with id_provider=ipa? I would > assume the IPA KDC would kick you out and prompt for a new password.. If you're using a password, yes it kicks back and requires you to change it.

Re: [Freeipa-users] Problem with ipa-getkeytab ?

Hello List, Am Donnerstag, 21. April 2016, 16:53:36 CEST schrieb Günther J. Niederwimmer: Thank's for the answer ;-) I hope this helps. Thank you -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1

On Thu, 21 Apr 2016, Timo Aaltonen wrote: Howdy! Ubuntu 16.04 LTS got released today, and it comes with FreeIPA 4.3.1! The biggest feature of this version is that it also supports replication by client promotion to replica master. IPA on Debian/Ubuntu has been a single-master thing

Re: [Freeipa-users] Account/password expirations

On Thu, Apr 21, 2016 at 01:26:19PM -0400, Steve Huston wrote: > On Tue, Apr 19, 2016 at 11:57 AM, Jakub Hrozek wrote: > > Did you test that this actually fails with id_provider=ipa? I would > > assume the IPA KDC would kick you out and prompt for a new password.. > > If

Re: [Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1

On Thu, 2016-04-21 at 22:01 +0300, Timo Aaltonen wrote: > Howdy! > > Ubuntu 16.04 LTS got released today, and it comes with FreeIPA 4.3.1! > The biggest feature of this version is that it also supports replication > by client promotion to replica master. IPA on Debian/Ubuntu has been a >

[Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1

Howdy! Ubuntu 16.04 LTS got released today, and it comes with FreeIPA 4.3.1! The biggest feature of this version is that it also supports replication by client promotion to replica master. IPA on Debian/Ubuntu has been a single-master thing until now.. FreeIPA is in the

[Freeipa-users] Client enrolled but failed to obtain host TGT.

Half the time ipa-client-install will fail at getting the TGT.  Google showed posts like, Bug 845691 – ipa-client-install Failed to obtain host TGT. I reduced _kerberos-master._tcp' '_kerberos-master._udp' '_kerberos._tcp' '_kerberos._udp' to one server entry only. But it didn't help to reduce

Re: [Freeipa-users] Username attribute in trusted domain

On 4/18/16, 10:06 AM, "Jakub Hrozek" wrote: >On Mon, Apr 18, 2016 at 01:47:04PM +, Brook, Andy [CRI] wrote: >> >> On 4/18/16, 5:03 AM, "freeipa-users-boun...@redhat.com on behalf of Jakub >> Hrozek" >>

Re: [Freeipa-users] Servers intermittently losing connection to IPA

On Wed, Apr 20, 2016 at 02:18:28PM -0400, Jeff Hallyburton wrote: > Sumit, > > Raised the debug level to 10 and let it run for about 24 hours. Uploading > the last 2000~ lines of the sssd_domain.com.log. Thanks for your help! Can you send the related krb5_child log file as well? bye, Sumit >

[Freeipa-users] Freeipa Synchronisation with AD server issues

I am following the various Fedora guides for installing Freeipa with sync of users/passwords from AD server. https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-sync-agmt.html Hoiwever the documentation says "Active Directory CA certificate needs to be imported into the

Re: [Freeipa-users] Servers intermittently losing connection to IPA

Sumit, We found a resolution for this and I'm dropping it here for posterity. After some digging, it turns out that our ipa server and ipa replica were returning different IPs for systems in the environment in DNS requests (one returned internal results, one returned external results). After

Re: [Freeipa-users] Servers intermittently losing connection to IPA

On (21/04/16 09:44), Jeff Hallyburton wrote: >Sumit, > >We found a resolution for this and I'm dropping it here for posterity. >After some digging, it turns out that our ipa server and ipa replica were >returning different IPs for systems in the environment in DNS requests (one >returned internal

Re: [Freeipa-users] Let's Encrypt SSL pkscs 12 problem notes anyone. CENTOS 7 FreeIPA install

On 04/21/2016 11:22 AM, Branko Quenode wrote: > Hi , > > I am trying to install freeipa with centos and Let's Encrypt SSL. > > I create lets-encrypt with webroot option. > > Then i did > > cat privkey.pem fullchain.pem > /root/key.pem > > openssl pkcs12 -export -in /root/key.pem -out

[Freeipa-users] Problem with ipa-getkeytab ?

Hello, I found a HowTO on FreeIPA to install a HA Version for a Mailsystem. Now I have a Problem to get the Keytab on the second Server On the first Server I run. kinit admin ipa-getkeytab -s ipa.example.com -p imap/mail.example.com -k /etc/dovecot/ dovecot.keytab This is working but on the

Re: [Freeipa-users] Servers intermittently losing connection to IPA

On Thu, Apr 21, 2016 at 09:44:47AM -0400, Jeff Hallyburton wrote: > Sumit, > > We found a resolution for this and I'm dropping it here for posterity. > After some digging, it turns out that our ipa server and ipa replica were > returning different IPs for systems in the environment in DNS

Re: [Freeipa-users] Problem with ipa-getkeytab ?

Günther J. Niederwimmer writes: > but on the second Server when I start > > kinit admin > ipa-getkeytab -r -s ipa.example.com -p imap/mail.example.com -k /etc/ > dovecot/dovecot.keytab > > for the same keytab, > I become a Error with not access is possible ? You need

Re: [Freeipa-users] Problem with ipa-getkeytab ?

On 04/21/2016 04:53 PM, Günther J. Niederwimmer wrote: Hello, I found a HowTO on FreeIPA to install a HA Version for a Mailsystem. Now I have a Problem to get the Keytab on the second Server On the first Server I run. kinit admin ipa-getkeytab -s ipa.example.com -p imap/mail.example.com -k

Re: [Freeipa-users] FreeIPA and PWM

On 04/20/2016 05:23 PM, Tiemen Ruiten wrote: > Hello, > > I'm trying to set up a self-service page for a new IPA domain and I'm trying > to > use PWM for that. > > When I try to bind to FreeIPA from within PWM, with the configured "LDAP > Proxy > User", I get the following error: > > error

Re: [Freeipa-users] [Freeipa-devel] CentOS 7 COPR repository with ipa 4.3.1 available for testing

On Tue, Apr 05, 2016 at 06:37:13PM +0200, Petr Vobornik wrote: > Hello everyone, > > Copr repository @freeipa/freeipa-4-3-centos-7 is available for testing > of Freeipa 4.3.1[1] on CentOS 7. > > https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3-centos-7/ If you'd like to try FreeIPA

[Freeipa-users] Let's Encrypt SSL pkscs 12 problem notes anyone. CENTOS 7 FreeIPA install

Hi , I am trying to install freeipa with centos and Let's Encrypt SSL. I create lets-encrypt with webroot option. Then i did cat privkey.pem fullchain.pem > /root/key.pem openssl pkcs12 -export -in /root/key.pem -out ipa.pkcs12 -name " ipa.somedomain.com" ipa-server-install --ip-address=

Re: [Freeipa-users] FreeIPA and PWM

Hello Martin, Thanks that does help, I didn't know about this project. I will try this approach first. Seems like it will be better integrated with FreeIPA and in general more maintainable than PWM. On 21 April 2016 at 09:59, Martin Kosek wrote: > On 04/20/2016 05:23 PM,