Re: [Freeipa-users] FreeIPA ActiveDirectory Integration, Fedora and Windows 2008 R2 AD: "ipa: ERROR: an internal error has occurred"

On Fri, 12 Sep 2014, Traiano Welcome wrote: Hi List I'm following the guide at http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions , this time with Fedora 20.1. Everything proceeds smoothly until I try to establish trust with the AD domain controller, at which point IPA crashes

[Freeipa-users] FreeIPA ActiveDirectory Integration, Fedora and Windows 2008 R2 AD: "ipa: ERROR: an internal error has occurred"

Hi List I'm following the guide at http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions , this time with Fedora 20.1. Everything proceeds smoothly until I try to establish trust with the AD domain controller, at which point IPA crashes: --- [root@idm001 ~]# ipa trust-add --type=a

[Freeipa-users] Announcing FreeIPA 4.0.3

The FreeIPA team would like to announce FreeIPA v4.0.3 bugfix release! It can be downloaded from http://www.freeipa.org/page/Downloads. The builds will be available for Fedora 21 Beta. Builds for Fedora 20 are available in the official [https://copr.fedoraproject.org/coprs/mkosek/freeipa/ COPR

Re: [Freeipa-users] json api docs

On Fri, 12 Sep 2014, Tamas Papp wrote: On 09/12/2014 07:02 PM, Dmitri Pal wrote: You have seen other answers but I think a fair question to ask here is what does the service do and what kind of ldap info it needs? Is it read only or read write? Currently we have a forum, where users can re

Re: [Freeipa-users] Use of SAN's with automatic certificates in FreeIPA 4

On 09/12/2014 02:43 PM, Michael Lasevich wrote: That is awesome, but I am clearly missing some insight as to how this is supposed to work. Can you point me to some more specific info on how to accomplish this. I tried using the ipa-getcert request with multiple -D's from the client, but got :

Re: [Freeipa-users] json api docs

On 09/12/2014 07:02 PM, Dmitri Pal wrote: You have seen other answers but I think a fair question to ask here is what does the service do and what kind of ldap info it needs? Is it read only or read write? Currently we have a forum, where users can register to a mysql database. W would lik

Re: [Freeipa-users] Use of SAN's with automatic certificates in FreeIPA 4

That is awesome, but I am clearly missing some insight as to how this is supposed to work. Can you point me to some more specific info on how to accomplish this. I tried using the ipa-getcert request with multiple -D's from the client, but got : ** Insufficient access: You need to be a member of

Re: [Freeipa-users] json api docs

On 09/12/2014 09:36 AM, Tamas Papp wrote: On 09/12/2014 02:47 PM, Martin Kosek wrote: On 09/11/2014 02:06 AM, Dmitri Pal wrote: On 09/10/2014 07:10 PM, Tamas Papp wrote: hi All, Is there an offficial API documentation available? Unfortunately not much. You can search archives and find some

Re: [Freeipa-users] json api docs

On 09/12/2014 03:36 PM, Tamas Papp wrote: On 09/12/2014 02:47 PM, Martin Kosek wrote: On 09/11/2014 02:06 AM, Dmitri Pal wrote: On 09/10/2014 07:10 PM, Tamas Papp wrote: hi All, Is there an offficial API documentation available? Unfortunately not much. You can search archives and find some

[Freeipa-users] [Freeipa-interest] Announcing bind-dyndb-ldap version 5.3

The FreeIPA team is proud to announce bind-dyndb-ldap version 5.3. It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/ The new version has also been built for Fedora 21+ and and is on its way to updates-testing: https://admin.fedoraproject.org/updates/bind-dyndb-ldap-5

Re: [Freeipa-users] json api docs

On 12.9.2014 15:47, Petr Viktorin wrote: On 09/12/2014 03:36 PM, Tamas Papp wrote: On 09/12/2014 02:47 PM, Martin Kosek wrote: On 09/11/2014 02:06 AM, Dmitri Pal wrote: On 09/10/2014 07:10 PM, Tamas Papp wrote: hi All, Is there an offficial API documentation available? Unfortunately not m

Re: [Freeipa-users] FreeIPA Active directory Integration: ipa "unknown command trustdomain-fetch"

On Fri, 12 Sep 2014, Traiano Welcome wrote: Hi Alexander On Thu, Sep 11, 2014 at 8:16 PM, Alexander Bokovoy wrote: On Thu, 11 Sep 2014, Traiano Welcome wrote: This one is not usable. You need to enable debugging on the server side. See http://www.freeipa.org/page/Howto/IPAv3_AD_trust_se

Re: [Freeipa-users] FreeIPA Active directory Integration: ipa "unknown command trustdomain-fetch"

Hi Alexander On Thu, Sep 11, 2014 at 8:16 PM, Alexander Bokovoy wrote: > On Thu, 11 Sep 2014, Traiano Welcome wrote: > >> This one is not usable. You need to enable debugging on the server side. See http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup# Debugging_trust in the

Re: [Freeipa-users] json api docs

On 09/12/2014 03:36 PM, Tamas Papp wrote: On 09/12/2014 02:47 PM, Martin Kosek wrote: On 09/11/2014 02:06 AM, Dmitri Pal wrote: On 09/10/2014 07:10 PM, Tamas Papp wrote: hi All, Is there an offficial API documentation available? Unfortunately not much. You can search archives and find some

Re: [Freeipa-users] json api docs

On 09/12/2014 02:47 PM, Martin Kosek wrote: On 09/11/2014 02:06 AM, Dmitri Pal wrote: On 09/10/2014 07:10 PM, Tamas Papp wrote: hi All, Is there an offficial API documentation available? Unfortunately not much. You can search archives and find some recommendations that helped people in th

Re: [Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months

On 09/12/2014 01:22 PM, Petr Spacek wrote: On 12.9.2014 13:18, Dmitri Pal wrote: On 09/12/2014 07:13 AM, Dmitri Pal wrote: On 09/12/2014 12:13 AM, barry...@gmail.com wrote: Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happen

Re: [Freeipa-users] json api docs

On 09/11/2014 02:06 AM, Dmitri Pal wrote: On 09/10/2014 07:10 PM, Tamas Papp wrote: hi All, Is there an offficial API documentation available? Unfortunately not much. You can search archives and find some recommendations that helped people in the past. https://www.redhat.com/archives/freeipa-

Re: [Freeipa-users] IPA Version 3.0.0 Allow Self-Signed Certificates

On 09/09/2014 06:01 PM, Eric Hart wrote: I'm trying to find a way to enable FreeIPA to allow Self-Signed Certificates. I haven't found a way to enable that capability yet.. I've manually edited configuration files within /etc/dirsrv/slapd-EXAMPLE-COM, specifically the nsslapd-ssl-check-hostnam

Re: [Freeipa-users] freeipa server install fails on fedora 20

On 09/09/2014 05:27 PM, Olga Kornievskaia wrote: On Tue, Sep 9, 2014 at 10:41 AM, Rob Crittenden mailto:rcrit...@redhat.com>> wrote: Olga Kornievskaia wrote: > > > On Mon, Sep 8, 2014 at 7:41 PM, Dmitri Pal mailto:d...@redhat.com> >

Re: [Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months

On 12.9.2014 13:18, Dmitri Pal wrote: On 09/12/2014 07:13 AM, Dmitri Pal wrote: On 09/12/2014 12:13 AM, barry...@gmail.com wrote: Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happening Regards Where/how did you set it an

Re: [Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months

On 09/12/2014 07:13 AM, Dmitri Pal wrote: On 09/12/2014 12:13 AM, barry...@gmail.com wrote: Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happening Regards Where/how did you set it and what version do you run? AFAIR th

Re: [Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months

On 09/12/2014 12:13 AM, barry...@gmail.com wrote: Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happening Regards Where/how did you set it and what version do you run? -- Thank you, Dmitri Pal Sr. Engineering Manager Id

Re: [Freeipa-users] Use of SAN's with automatic certificates in FreeIPA 4

On 09/11/2014 09:25 PM, Michael Lasevich wrote: If I remember correctly, you could not use SAN (Subject Alternate Names) for certificates in FreeIPA 3.0 - is this still the case with 4? https://fedorahosted.org/freeipa/ticket/3977 < 4.0 is able. I have hosts that automatically receive two ho

Re: [Freeipa-users] BIND not starting after IPA install

Hi Before starting IPA install i did "yum -y intstall bind*". I think that did it. Regards, On Fri, 2014-09-12 at 10:43 +0200, Petr Spacek wrote: Hello! On 12.9.2014 09:39, Renier Gertzen wrote: > Issue resolved in the following manner > > I saved copies of my named.conf. > ran yum remove bi

Re: [Freeipa-users] BIND not starting after IPA install

Hello! On 12.9.2014 09:39, Renier Gertzen wrote: Issue resolved in the following manner I saved copies of my named.conf. ran yum remove bind cd /var/named rm -Rf * (be carefull) ran yum install bind copied my named.conf file back service named start And it started and works now. Thanks for the

Re: [Freeipa-users] BIND not starting after IPA install

Issue resolved in the following manner I saved copies of my named.conf. ran yum remove bind cd /var/named rm -Rf * (be carefull) ran yum install bind copied my named.conf file back service named start And it started and works now. Thanks for the SDB tip. From: freeipa-users-boun...@redhat.com [

Re: [Freeipa-users] BIND not starting after IPA install

Yes, I use IPA. I have checked /etc/krb5.conf and it does contain: [libdefaults] default_realm = IPA.EXAMPLE Versions are as follows: Name: bind-dyndb-ldap Relocations: (not relocatable) Version : 2.3 Vendor: Oracle America Release : 5.