On 04/20/2016 05:23 PM, Tiemen Ruiten wrote:
> Hello,
>
> I'm trying to set up a self-service page for a new IPA domain and I'm trying
> to
> use PWM for that.
>
> When I try to bind to FreeIPA from within PWM, with the configured "LDAP
> Proxy
> User", I get the following error:
>
> error c
On Tue, Apr 05, 2016 at 06:37:13PM +0200, Petr Vobornik wrote:
> Hello everyone,
>
> Copr repository @freeipa/freeipa-4-3-centos-7 is available for testing
> of Freeipa 4.3.1[1] on CentOS 7.
>
> https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3-centos-7/
If you'd like to try FreeIPA
Hi ,
I am trying to install freeipa with centos and Let's Encrypt SSL.
I create lets-encrypt with webroot option.
Then i did
cat privkey.pem fullchain.pem > /root/key.pem
openssl pkcs12 -export -in /root/key.pem -out ipa.pkcs12 -name "
ipa.somedomain.com"
ipa-server-install --ip-address= -
Hello Martin,
Thanks that does help, I didn't know about this project. I will try this
approach first. Seems like it will be better integrated with FreeIPA and in
general more maintainable than PWM.
On 21 April 2016 at 09:59, Martin Kosek wrote:
> On 04/20/2016 05:23 PM, Tiemen Ruiten wrote:
>
On Wed, Apr 20, 2016 at 02:18:28PM -0400, Jeff Hallyburton wrote:
> Sumit,
>
> Raised the debug level to 10 and let it run for about 24 hours. Uploading
> the last 2000~ lines of the sssd_domain.com.log. Thanks for your help!
Can you send the related krb5_child log file as well?
bye,
Sumit
>
I am following the various Fedora guides for installing Freeipa with sync of
users/passwords from AD server.
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-sync-agmt.html
Hoiwever the documentation says "Active Directory CA certificate needs to be
imported into the F
Sumit,
We found a resolution for this and I'm dropping it here for posterity.
After some digging, it turns out that our ipa server and ipa replica were
returning different IPs for systems in the environment in DNS requests (one
returned internal results, one returned external results).
After reso
On (21/04/16 09:44), Jeff Hallyburton wrote:
>Sumit,
>
>We found a resolution for this and I'm dropping it here for posterity.
>After some digging, it turns out that our ipa server and ipa replica were
>returning different IPs for systems in the environment in DNS requests (one
>returned internal r
I was able to get an older version of PWM (v.1.6.4 b1185) with an older FreeIPA v.3.0.0 working together. It's been a few years since I initially set it up, but I recall it was not easy getting PWM to cooperate with IPA. I do recall that I had to grant some extra privileges for the "proxy" user.
Hello,
I found a HowTO on FreeIPA to install a HA Version for a Mailsystem.
Now I have a Problem to get the Keytab on the second Server
On the first Server I run.
kinit admin
ipa-getkeytab -s ipa.example.com -p imap/mail.example.com -k /etc/dovecot/
dovecot.keytab
This is working
but on the
On 04/21/2016 11:22 AM, Branko Quenode wrote:
> Hi ,
>
> I am trying to install freeipa with centos and Let's Encrypt SSL.
>
> I create lets-encrypt with webroot option.
>
> Then i did
>
> cat privkey.pem fullchain.pem > /root/key.pem
>
> openssl pkcs12 -export -in /root/key.pem -out ipa.pkcs
On 21.4.2016 15:44, Jeff Hallyburton wrote:
> Sumit,
>
> We found a resolution for this and I'm dropping it here for posterity.
> After some digging, it turns out that our ipa server and ipa replica were
> returning different IPs for systems in the environment in DNS requests (one
> returned inter
On Thu, Apr 21, 2016 at 09:44:47AM -0400, Jeff Hallyburton wrote:
> Sumit,
>
> We found a resolution for this and I'm dropping it here for posterity.
> After some digging, it turns out that our ipa server and ipa replica were
> returning different IPs for systems in the environment in DNS requests
Günther J. Niederwimmer writes:
> but on the second Server when I start
>
> kinit admin
> ipa-getkeytab -r -s ipa.example.com -p imap/mail.example.com -k /etc/
> dovecot/dovecot.keytab
>
> for the same keytab,
> I become a Error with not access is possible ?
You need special authorization to
On 04/21/2016 04:53 PM, Günther J. Niederwimmer wrote:
Hello,
I found a HowTO on FreeIPA to install a HA Version for a Mailsystem.
Now I have a Problem to get the Keytab on the second Server
On the first Server I run.
kinit admin
ipa-getkeytab -s ipa.example.com -p imap/mail.example.com -k /
Hello List,
Am Donnerstag, 21. April 2016, 16:53:36 CEST schrieb Günther J. Niederwimmer:
Thank's for the answer ;-)
I hope this helps.
Thank you
--
mit freundlichen Grüßen / best regards,
Günther J. Niederwimmer
--
Manage your subscription for the Freeipa-users mailing list:
https://www
Hi,
I have a REST API that is using the ipalib and written with Falcon.
Below is the code or you can check it online here:
http://paste.ubuntu.com/15966308/
from __future__ import print_function
from bson import json_util
import json
import falcon
from ipalib import api as ipaapi
from api.utils.
On Tue, Apr 19, 2016 at 11:57 AM, Jakub Hrozek wrote:
> Did you test that this actually fails with id_provider=ipa? I would
> assume the IPA KDC would kick you out and prompt for a new password..
If you're using a password, yes it kicks back and requires you to
change it. The problem is if you'r
Howdy!
Ubuntu 16.04 LTS got released today, and it comes with FreeIPA 4.3.1!
The biggest feature of this version is that it also supports replication
by client promotion to replica master. IPA on Debian/Ubuntu has been a
single-master thing until now..
FreeIPA is in the community-suppo
On Thu, 2016-04-21 at 22:01 +0300, Timo Aaltonen wrote:
> Howdy!
>
> Ubuntu 16.04 LTS got released today, and it comes with FreeIPA 4.3.1!
> The biggest feature of this version is that it also supports replication
> by client promotion to replica master. IPA on Debian/Ubuntu has been a
> s
On Thu, Apr 21, 2016 at 01:26:19PM -0400, Steve Huston wrote:
> On Tue, Apr 19, 2016 at 11:57 AM, Jakub Hrozek wrote:
> > Did you test that this actually fails with id_provider=ipa? I would
> > assume the IPA KDC would kick you out and prompt for a new password..
>
> If you're using a password, y
On Thu, 21 Apr 2016, Timo Aaltonen wrote:
Howdy!
Ubuntu 16.04 LTS got released today, and it comes with FreeIPA 4.3.1!
The biggest feature of this version is that it also supports replication
by client promotion to replica master. IPA on Debian/Ubuntu has been a
single-master thing unt
Half the time ipa-client-install will fail at getting the TGT. Google showed
posts like, Bug 845691 – ipa-client-install Failed to obtain host TGT. I
reduced _kerberos-master._tcp' '_kerberos-master._udp' '_kerberos._tcp'
'_kerberos._udp' to one server entry only. But it didn't help to reduce t
On 4/18/16, 10:06 AM, "Jakub Hrozek" wrote:
>On Mon, Apr 18, 2016 at 01:47:04PM +, Brook, Andy [CRI] wrote:
>>
>> On 4/18/16, 5:03 AM, "freeipa-users-boun...@redhat.com on behalf of Jakub
>> Hrozek"
>> wrote:
>>
>> >On Fri, Apr 15, 2016 at 08:01:06PM +, Brook, Andy [CRI] wrote:
>> >
On 21.04.2016 18:46, Oğuz Yarımtepe wrote:
Hi,
I have a REST API that is using the ipalib and written with Falcon.
Below is the code or you can check it online here:
http://paste.ubuntu.com/15966308/
from __future__ import print_function
from bson import json_util
import json
import falcon
25 matches
Mail list logo