Re: [Freeipa-users] --external-ca is a bit confusing.

On 02/21/2013 07:23 PM, Kendrick . wrote: It is part of my initial setup. I copied the ipa.csr in to cacert's signing system so that the certificates would be valid outside of my local domain. and it errors because the host information said certificate authority instead of the host name if I un

Re: [Freeipa-users] --external-ca is a bit confusing.

It is part of my initial setup. I copied the ipa.csr in to cacert's signing system so that the certificates would be valid outside of my local domain. and it errors because the host information said certificate authority instead of the host name if I understand that error mesage properly. I am t

Re: [Freeipa-users] login problem after set trust

On Thu, 21 Feb 2013, Andre Rodrigues wrote: Hi all, I'm testing trust Freeipa-AD follow the "how to" http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup After set ipa trust-add users from AD domain can logon on ipa domain using ssh (ssh -l user@AD.DOMAIN linux.ipa), but FreeIPA users can't l

[Freeipa-users] login problem after set trust

Hi all, I'm testing trust Freeipa-AD follow the "how to" http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup After set ipa trust-add users from AD domain can logon on ipa domain using ssh (ssh -l user@AD.DOMAIN linux.ipa), but FreeIPA users can't logon on Windows machine (winserver 2008) (usin

Re: [Freeipa-users] Upgrading to 6.4

On 02/21/2013 11:44 AM, Erinn Looney-Triggs wrote: > On 02/21/2013 09:40 AM, Rob Crittenden wrote: >> Erinn Looney-Triggs wrote: >>> On 02/21/2013 09:34 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: > On 02/21/2013 09:07 AM, Rob Crittenden wrote: >> add:attributeTypes: (2.16.840

Re: [Freeipa-users] Trouble creating replica

Thanks for the bug link. We let the developer we thought had messed things up out of the 4x4 cell we had stashed him in. He's still blinking from sunlight but the doctors tell us the facial twitching will stop in a month or two. * * *Bret Wortman* http://damascusgrp.com/

Re: [Freeipa-users] Upgrading to 6.4

Erinn Looney-Triggs wrote: On 02/21/2013 09:07 AM, Rob Crittenden wrote: add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v

Re: [Freeipa-users] Upgrading to 6.4

On 02/21/2013 09:34 AM, Rob Crittenden wrote: > Erinn Looney-Triggs wrote: >> On 02/21/2013 09:07 AM, Rob Crittenden wrote: >>> add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' >>> DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch >>> ORDERING caseIgnoreOrderi

Re: [Freeipa-users] Upgrading to 6.4

On 02/21/2013 09:40 AM, Rob Crittenden wrote: > Erinn Looney-Triggs wrote: >> On 02/21/2013 09:34 AM, Rob Crittenden wrote: >>> Erinn Looney-Triggs wrote: On 02/21/2013 09:07 AM, Rob Crittenden wrote: > add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME > 'ipaExternalMember' > DE

Re: [Freeipa-users] Upgrading to 6.4

Erinn Looney-Triggs wrote: On 02/21/2013 09:34 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: On 02/21/2013 09:07 AM, Rob Crittenden wrote: add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING c

Re: [Freeipa-users] Upgrading to 6.4

On 02/21/2013 09:07 AM, Rob Crittenden wrote: > add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' > DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch > ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > X-ORIGIN 'IPA v3' ) > add:objectClass

Re: [Freeipa-users] Upgrading to 6.4

Erinn Looney-Triggs wrote: For the fool hearty amongst us, as in me, I upgraded to RHEL 6.4 today. So far the Web UI portion of IPA is broken. I receive the following error via the UI: IPA Error 903 an internal error has occurred. Other things appear to be working fine, though my testing hasn't

[Freeipa-users] Upgrading to 6.4

For the fool hearty amongst us, as in me, I upgraded to RHEL 6.4 today. So far the Web UI portion of IPA is broken. I receive the following error via the UI: IPA Error 903 an internal error has occurred. Other things appear to be working fine, though my testing hasn't been all that thorough at th

Re: [Freeipa-users] Trouble creating replica

On 02/21/2013 07:11 AM, Bret Wortman wrote: Rich, 389-ds-base-1.2.11.5-1.fc17.x86_64. The box is a DL360G8. https://fedorahosted.org/389/ticket/518 _ _ *Bret Wortman* http://damascusgrp.com/ http://twitter.com/BretWortman On Wed, Feb 20,

Re: [Freeipa-users] [Feature request] Adding support for sudo to ipa-client-install

On Thu, Feb 21, 2013 at 03:07:10PM +0100, Han Boetes wrote: > This is what you have to do to enable sudo support while using freeipa: I > got it all from > sssd-sudo(5). > > # yum install libsss_sudo > > Add this line to /etc/nsswitch.conf > > sudoers: files sss > > Edit /etc/sssd/sssd.conf

Re: [Freeipa-users] Trouble creating replica

Rich, 389-ds-base-1.2.11.5-1.fc17.x86_64. The box is a DL360G8. * * *Bret Wortman* http://damascusgrp.com/ http://twitter.com/BretWortman On Wed, Feb 20, 2013 at 9:03 PM, Rich Megginson wrote: > On 02/20/2013 06:43 PM, Bret Wortman wrote:

Re: [Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC

On 02/20/2013 08:44 AM, Rodney L. Mercer wrote: > > On Tue, 2013-02-19 at 21:05 -0500, Dmitri Pal wrote: >> On 02/19/2013 09:14 AM, Rodney L. Mercer wrote: >>> On Sun, 2013-02-17 at 13:31 -0500, Dmitri Pal wrote: On 02/16/2013 12:14 PM, Mercer, Rodney wrote: > _

Re: [Freeipa-users] --external-ca is a bit confusing.

On 02/20/2013 10:20 PM, Kendrick . wrote: > I am trying to get cacert to sign the csr. I have tried searching > about it and cant figure out what is what. some information i have > found suggests it wont be possible. > > when I go to get the csr signed i get > > "The following hostnames were rej