On 04/27/2012 02:43 PM, John Dennis wrote:
On 04/27/2012 04:45 AM, Petr Spacek wrote:
On 04/26/2012 11:42 PM, Simo Sorce wrote:
On Thu, 2012-04-26 at 21:18 +, Steven Jones wrote:
Hi,
FYI,
I shutdown IPv6 as we dont do IPv6 and found that IPA wouldnt
workslight oops there...
Hi
On Sun, 2012-04-29 at 23:37 +, Steven Jones wrote:
Hi,
Maybe I am missing something here but I thought/assumed that if one of
teh IPA servers was off line the client would use the other IPA
server?
This doesnt seem to be the case, so am I wrong on how IPA works, or do
I have a setup
On 04/30/2012 03:54 AM, Petr Spacek wrote:
On 04/27/2012 02:43 PM, John Dennis wrote:
On 04/27/2012 04:45 AM, Petr Spacek wrote:
On 04/26/2012 11:42 PM, Simo Sorce wrote:
On Thu, 2012-04-26 at 21:18 +, Steven Jones wrote:
Hi,
FYI,
I shutdown IPv6 as we dont do IPv6 and found that IPA
Hi Deon and all,
Hi follks,
I'm completely lost at reading the IPA document on how to promote a IPA
replica into master IPA. When I'm try to follow the steps listed in the
chapter '16.8.1 Promoting a Replica with a Dogtag Certificate System CA' at
the link
Hi folks,
Tried serveral times to do the password migration following documented steps
at
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Migrating_from_a_Directory_Server_to_IPA.html#migr-kerb,
and every time it failed. A solid example will be very
The existing document states all the steps as listed below.
A user tries to log into a machine with SSSD.
SSSD attempts to perform Kerberos authentication against the
IPA server.
Even though the user exists in the system, the authentication
will
On 04/30/2012 03:02 PM, David Copperfield wrote:
Hi Deon and all,
Hi follks,
I'm completely lost at reading the IPA document on how to promote
a IPA replica into master IPA. When I'm try to follow the steps listed
in the chapter '16.8.1 Promoting a Replica with a Dogtag Certificate
David Copperfield wrote:
Hi Deon and all,
Hi follks,
I'm completely lost at reading the IPA document on how to promote a
IPA replica into master IPA. When I'm try to follow the steps listed in
the chapter '16.8.1 Promoting a Replica with a Dogtag Certificate System
CA' at the link
Hi all,
Just wonder if anyone has migrated password hashes from standalone Kerberos V
servers into IPA servers before, assume that they share a same Kerberos Realm
name.
Bother original standalone kerberos server, and IPA servers uses the same
version kerberos V daemons. So if there is a
The existing document states all the steps as listed below.
A user tries to log into a machine with SSSD.
SSSD attempts to perform Kerberos authentication against the
IPA server.
Even though the user exists in the system, the authentication
will fail
On 04/30/2012 04:49 PM, David Copperfield wrote:
The existing document states all the steps as listed below.
A user tries to log into a machine with SSSD.
SSSD attempts to perform Kerberos authentication against the
IPA server.
Even though the user
Hi folks,
We have quite a bunch of netgroups which are hosted on openldap server
presently, and now it is time to migrate them into freeIPA. The NIS triples are
in the format:
(-, username, - )
or
(hostname001, - , - )
And these openldap netgroups are used for variable purposes, host
Hi Deon, Dmitri, and all,
Hi follks,
I'm completely lost at reading the IPA document on how to promote a IPA
replica into master IPA. When I'm try to follow the steps listed in the
chapter '16.8.1 Promoting a Replica with a Dogtag Certificate System CA' at
the link
Hi folks,
During migration existing Kerberos/LDAP setup clients to IPA, after
'ipa-client-install' command is run and reports successful migration, we found
that the client fails to talk with IPA server.
The symptom is: in the /var/log/messages file at IPA client side, we can see
the
Hi,
Do you want me to open a RH case?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Stephen Gallagher [sgall...@redhat.com]
Sent: Monday, 30 April 2012 11:28 p.m.
To: Steven Jones
On 04/30/2012 05:52 PM, David Copperfield wrote:
Hi Rich and all,
Thank you a lot for pointing out the place of the scripts.
The scripts are found at the place specified and trued, they are
working great in general, but there are still some places needs help:
1, there are no manual or help
Hi Rich,
Thanks. Those are really helpful.
Though I think I've to learn the underlying 389 Directory Server part and
become an expert as well. :)
--David
From: Rich Megginson rmegg...@redhat.com
To: David Copperfield cao2...@yahoo.com
Cc:
Is there a way for a standard user to query how long before his password is
going to expire?
ie locally we can do chage --list user
Also if the password is expired is there a grace period past which a user cant
reset when they next login?
I notice that there are commands like,
ipa
I think the problem is figured out, though solution is not easy. Would some one
please open a bug for this problem.
Another close question to ask: Does this means the IPA PKI/CA system is still
in its beta/alpha stage, and better avoid in production IPA deployment?
I've see messages, Q/A
I made a slight oops, I just upgraded a long un-used vm on my desktop from
6.2beta to 6.3beta instead of 6.2 by mistake. Anyway since our satellite is
down I cant correct this so I tried to add the 6.3beta client to IPA on 6.2 and
I get an error.
==
[root@rhel664ws01 ~]#
On 04/30/2012 06:47 PM, David Copperfield wrote:
Hi Rich,
Thanks. Those are really helpful.
Though I think I've to learn the underlying 389 Directory Server part
and become an expert as well. :)
Shouldn't be necessary, long term. The goal of IPA is to hide most of
those 389-ish things
On 04/30/2012 07:01 PM, David Copperfield wrote:
Hi Rich and all,
the '-n ipaca' option doesn't work for CA certificate LDAP backend.
[root@ipslave scripts-PEGACLOUDS-COM]# pwd
/var/lib/dirsrv/scripts-PEGACLOUDS-COM
[root@ipaslave scripts-PEGACLOUDS-COM]# ls ../
scripts-PEGACLOUDS-COM
encl ipa install log
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones
Hi,
I removed jonesst1 from the user group, then jonesst1 cannot login, so jonesst1
is using user group and HBAC to login as is thingput it back and jonesst1
works again...
:/
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
24 matches
Mail list logo
