Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

Am 26.10.2016 um 17:31 schrieb Martin Basti: > > > > On 26.10.2016 17:25, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 16:48 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: > > > > On

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

Am 27.10.2016 um 10:02 schrieb Jochen Demmer: > > > Am 26.10.2016 um 17:31 schrieb Martin Basti: >> >> >> >> On 26.10.2016 17:25, Jochen Demmer wrote: >>> >>> >>> Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: > > > Am

Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start

On 10/27/2016 10:48 AM, Jochen Demmer wrote: Am 27.10.2016 um 10:21 schrieb Martin Basti: On 27.10.2016 10:02, Jochen Demmer wrote: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On

Re: [Freeipa-users] Is this a bigger Problem DNSSEC ?

On 25.10.2016 15:49, Günther J. Niederwimmer wrote: > Hello, > > FreeIPA 4.3.1 > CentOS 7.2 > > > I found today in /var/log/messages this entries > > Is the DNSSEC now broken ? > > Thanks for a answer > > ct 25 15:41:29 ipa ipa-dnskeysyncd: Traceback (most recent call last): > Oct 25

Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start

Am 27.10.2016 um 10:21 schrieb Martin Basti: > > > > On 27.10.2016 10:02, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 17:31 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: > > > > On

Re: [Freeipa-users] rpm dependencies

On to, 27 loka 2016, David Kupka wrote: On 26/10/16 20:00, lejeczek wrote: hi all quick question - does IPA rpms depend on samaba's? I'm hoping I can remove samba-common but dnf fies a 46 packages long list of dependencies - is it somehow broken? If is not and that is 100% correct long chain

Re: [Freeipa-users] FreeIPA domains and sub-domains

On 27/10/2016 09:30, Alexander Bokovoy wrote: Yes, you can do that, there is no issue at all. Thank you for confirming that. To the OP: in that case, I'd still recommend that you choose a distinct kerberos realm like IPA.YOURCOMPANY.COM, with associated primary domain "ipa.yourcompany.com",

Re: [Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

On 27.10.2016 04:43, Tyrell Jentink wrote: >> 2016-10-26T23:30:40Z DEBUG Writing nsupdate commands to >> > /etc/ipa/.dns_update.txt: >> > 2016-10-26T23:30:40Z DEBUG debug >> > >> > update delete trainmaster.ipa.rxrhouse.net. IN A >> > show >> > send >> > >> > update delete

Re: [Freeipa-users] FreeIPA domains and sub-domains

On to, 27 loka 2016, Brian Candler wrote: On 26/10/2016 21:03, Ranbir wrote: If I have two networks, say A and B, and I want both to use the same FreeIPA server, should I have one Freeipa domain for network A and a sub-domain for network B, (domain.local and b.domain.local), or should I

Re: [Freeipa-users] ipa-replica-prepare failing

Joshua Ruybal wrote: While trying to run IPA replica prepare with debug, we see an unexplained failure. Debug seems to show the process running smoothly, then I see: "Certificate issuance failed". Looking at previous mail-archives, I see that someone has run into this before, however all

Re: [Freeipa-users] ipa automount bug?

Standa Laznicka wrote: Hello, I am no automount expert so I will leave answering those questions to those but see my comment inline. On 10/27/2016 06:16 AM, William Muriithi wrote: Evening, I am trying to import some autos map from a file to FreeIPA LDAP and have noticed two problems that

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

On 27.10.2016 10:33, Jochen Demmer wrote: Am 27.10.2016 um 10:02 schrieb Jochen Demmer: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016

Re: [Freeipa-users] ipa automount bug?

Hello, I am no automount expert so I will leave answering those questions to those but see my comment inline. On 10/27/2016 06:16 AM, William Muriithi wrote: Evening, I am trying to import some autos map from a file to FreeIPA LDAP and have noticed two problems that can be considered a bug

Re: [Freeipa-users] rpm dependencies

On 27/10/16 09:28, Alexander Bokovoy wrote: # rpm -q --requires freeipa-server|grep ^lib|xargs -n1 rpm -q --whatprovides|sort -u glibc-2.23.1-10.fc24.x86_64 krb5-libs-1.14.4-4.fc24.x86_64 libcom_err-1.42.13-4.fc24.x86_64 libgcc-6.2.1-2.fc24.x86_64 libsss_nss_idmap-1.14.2-1.fc24.x86_64

Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start

On 10/27/2016 10:48 AM, Jochen Demmer wrote: Am 27.10.2016 um 10:21 schrieb Martin Basti: On 27.10.2016 10:02, Jochen Demmer wrote: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On

Re: [Freeipa-users] ipa automount bug?

>> >> [root@hydrogen ~]# ipa automountmap-add-indirect default >> auto.projects-prs1013 –-mount=/projects/prs1013 >> --parentmap=auto.projects > > Is this a direct copy-paste from the terminal? If so and your e-mail client > did not do any reformatting then the first character in the >

Re: [Freeipa-users] cn=deleted users,cn=accounts

Michael Ströder wrote: > I wonder which action in the FreeIPA Web UI (4.2.0) moves an active user to > this container: > > cn=deleted users,cn=accounts,cn=provisioning,dc=example,dc=com > > Selecting [Delete] as action really deletes the LDAP entry. Ah, found it myself: It makes a difference

[Freeipa-users] cn=deleted users,cn=accounts

HI! I wonder which action in the FreeIPA Web UI (4.2.0) moves an active user to this container: cn=deleted users,cn=accounts,cn=provisioning,dc=example,dc=com Selecting [Delete] as action really deletes the LDAP entry. Likely I missed something. Ciao, Michael. smime.p7s Description: S/MIME

Re: [Freeipa-users] dns_tkey_negotiategss: failure GSSAPI error [...] Message stream modified.

Thank you Petr! I found the problem, but quite by accident... There may be a Best Practice at hand that I wasn't aware of... I still have the Windows AD server sitting on the side, serving as DHCP server and waiting patiently for my Cross Realm Trust; That server will forward DNS requests to

Re: [Freeipa-users] FreeIPA domains and sub-domains

On to, 27 loka 2016, Brian Candler wrote: On 27/10/2016 10:07, Brian Candler wrote: To the OP: in that case, I'd still recommend that you choose a distinct kerberos realm like IPA.YOURCOMPANY.COM, with associated primary domain "ipa.yourcompany.com", and let FreeIPA manage that domain so that

Re: [Freeipa-users] Why does a SAN field on a CSR require a host to be in IPA?

Fil Di Noto wrote: > In my imagination, I see IPA for whatever reason comes accross a cert > it signed in the past and decides it needs to compare the SAN to the > directory. Then it sees the SAN doesn't have an associated principal > in the directory. Who does IPA trust? (the directory

Re: [Freeipa-users] Setting "preserve" as default action when deleting in webUI

Hello guys, Thank you for your answers. First, I was able to modify the minified js to change the default. Ugly solution, but it works for now. I am trying to write a plugin but it seems that I missed something here since, despite being executed, the default is not changed .. Here is my code,

Re: [Freeipa-users] cn=deleted users,cn=accounts

On 10/27/2016 02:45 PM, Michael Ströder wrote: > Michael Ströder wrote: >> I wonder which action in the FreeIPA Web UI (4.2.0) moves an active user to >> this container: >> >> cn=deleted users,cn=accounts,cn=provisioning,dc=example,dc=com >> >> Selecting [Delete] as action really deletes the LDAP

Re: [Freeipa-users] Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)

Help ? Best regards. Bahan On Tue, Oct 25, 2016 at 1:00 PM, bahan w wrote: > Re. > > There is no time difference between client and server. > > I checked the httpd error log and saw no errors. > Same with the dirsrv error logs. > > Any other idea ? > > By looking at