On 11/08/2014 12:16 AM, Andrew Powell wrote:
Is there a way to add a Bind $GENERATE directive line to FreeIPA to
automatically name DHCP-assigned ranges?
In a file-based Bind installation, I can have the following line in the
forward
example.com zone file:
$generate 80-250/1
On 10/11/14 02:05, Rolf Nufable wrote:
Hello
I have tons of questions on why free ipa wont't work on my network ,
I've been using fedora 20 as the os for the server and client free ipa .
I deployed freeipa 4.0.3 at the server side and freeipa 4.1.0 for the
client side using 2 VM's at first
Hi Lukas,
Already opened case within Red Hat. They told on case there is private
bugzilla for this known problem, the case got closed.
Im on vacation and RH Customer Portal seems off right now, cant find if
got the case got updated or there is errata for this issue.
2014-11-08 14:44 GMT-02:00
On Fri, Nov 07, 2014 at 04:00:19PM -0800, Michael Lasevich wrote:
Exactly 16 hours after reboot the problem returned on both servers. What
has a 16 hour timeout?
I set log level to 10 and got some logs, but they are long and not sure
what I am looking for. I am attaching some logs ( out of
On 11/10/2014 08:34 AM, Les Stott wrote:
Hi all,
I have a standard freeipa environment under rhel6.
One of my replica servers, lets call it serverB had issues and I eventually
rebuilt it.
I rebuilt and restored data, but something wasn't right. Replication wasn't
working. I had tried
On 11/10/2014 07:46 AM, Les Stott wrote:
Hi all,
I have a FreeIPA environment with standard rhel6 package sets.
Everything is working well.
I would like to get our Cisco UCS 5108 authenticating via ldap with TLS using
ldap group based checks. The ucs manager runs the latest 2.2(3a)
On 11/10/2014 02:05 AM, Rolf Nufable wrote:
Hello
I have tons of questions on why free ipa wont't work on my network , I've
been using fedora 20 as the os for the server and client free ipa .
I deployed freeipa 4.0.3 at the server side and freeipa 4.1.0 for the client
side using 2 VM's
On Mon, Nov 10, 2014 at 12:56:00PM +0100, Martin Kosek wrote:
On 11/10/2014 02:05 AM, Rolf Nufable wrote:
Hello
I have tons of questions on why free ipa wont't work on my network , I've
been using fedora 20 as the os for the server and client free ipa .
I deployed freeipa 4.0.3 at
On 11/10/2014 06:42 AM, Martin Kosek wrote:
On 11/10/2014 07:46 AM, Les Stott wrote:
Hi all,
I have a FreeIPA environment with standard rhel6 package sets.
Everything is working well.
I would like to get our Cisco UCS 5108 authenticating via ldap with TLS using
ldap group based checks. The
On 11/10/2014 03:25 AM, Martin Kosek wrote:
On 11/08/2014 12:16 AM, Andrew Powell wrote:
Is there a way to add a Bind $GENERATE directive line to FreeIPA to
automatically name DHCP-assigned ranges?
In a file-based Bind installation, I can have the following line in the forward
example.com zone
hi,
is this the right list to post certmonger questions?
Here I see only a developer's list without too much activity:
https://fedorahosted.org/certmonger/
My question is simple. After upgrading a vm running centos 6.5 to 6.6
I am seeing this error on reboot in messages:
Nov 10 15:51:31
Thomas Lau wrote:
Hi All,
I am successfully letting Apache auth against FreeIPA, but whatever
folder/files being created on WebDav server would be using Apache user
and group instead of login user/group, does anyone know how to fix this?
Kerberos + LDAP config:
Yeah, thanks for pointing it out, I am very upset now.
Sent from my BlackBerry 10 smartphone.
Original Message
From: Rob Crittenden
Sent: Monday, 10 November, 2014 11:30 PM
To: Thomas Lau; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Apache WebDav file sharing permission problem
On Mon, 10 Nov 2014 13:14:38 +0800
Thomas Lau t...@tetrioncapital.com wrote:
Hi All,
I am successfully letting Apache auth against FreeIPA, but whatever
folder/files being created on WebDav server would be using Apache
user and group instead of login user/group, does anyone know how to
fix
On 11/10/2014 02:48 PM, Dmitri Pal wrote:
On 11/10/2014 03:25 AM, Martin Kosek wrote:
On 11/08/2014 12:16 AM, Andrew Powell wrote:
Is there a way to add a Bind $GENERATE directive line to FreeIPA to
automatically name DHCP-assigned ranges?
In a file-based Bind installation, I can have the
On Mon, Nov 10, 2014 at 04:17:49PM +0100, Natxo Asenjo wrote:
Nov 10 15:51:31 apachetest03 certmonger: Decoding error on
I can certainly try, it would need to be compatible with CentOS 6.6 though.
-M
So according to the logs, the create_ccache() function failed.
Unfortunately,
we don't do very good job at logging the failures there..
Michael, are you able to run a custom package with extra debugging? It
would
Hi --
Has anyone seen this before?
# ipa-replica-manage del kermit.xyzzy.com --force
unexpected error: [Errno -2] Name or service not known
?? Very confused as to What service or name is not known?
This is 4.0.5 running on CentOS 7.
~J
--
Manage your subscription for the Freeipa-users
Trying to learn to live without private groups.
I imported a bunch of users from OpenLDAP and that was good.
I created about 4 users and the private groups show up in odd places and I
don't want them. The private groups offer little value since the bulk of the
imported users don't have them
Evening,
I have been trying to get IPA server working using AD users and I think I need
some assistance as I have run into the wall. Below is some background
information. The active directory domain is called example.local and the IPA
domain is called example.loc. My plan is to map domain
Craig White wrote:
Trying to learn to live without private groups.
I imported a bunch of users from OpenLDAP and that was good.
I created about 4 users and the private groups show up in odd places and
I dont want them. The private groups offer little value since the bulk
of the
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, November 10, 2014 3:14 PM
To: Craig White; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getting rid of private groups
Craig White wrote:
Trying to learn to live without private groups.
I
Evening,
Also, this show up on /var/log/krb5kdc.log on ipa server
Nov 10 18:43:22 ipa3-yyz-int.example.loc krb5kdc[5469](info): AS_REQ (4 etypes
{18 17 16 23}) 10.10.10.29: NEEDED_PREAUTH:
host/sogo-eval.example@example.loc for krbtgt/example@example.loc,
Additional
On 11/10/2014 07:01 PM, William Muriithi wrote:
Evening,
Also, this show up on /var/log/krb5kdc.log on ipa server
Nov 10 18:43:22 ipa3-yyz-int.example.loc krb5kdc[5469](info): AS_REQ (4 etypes
{18 17 16 23}) 10.10.10.29: NEEDED_PREAUTH:
host/sogo-eval.example@example.loc for
Hi,
I have a standard rhel6 deployment for FreeIPA in two environments.
One environment is in our Production Data Center, The Other in our DR Data
Center.
Both environments are setup with the same domain (mydomain.com) for FreeIPA.
This is to support dr/failover etc.
In each environment,
On Tue, Nov 11, 2014 at 01:40:50AM +, Les Stott wrote:
Hi,
I have a standard rhel6 deployment for FreeIPA in two environments.
One environment is in our Production Data Center, The Other in our DR Data
Center.
Both environments are setup with the same domain (mydomain.com) for
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 12:51 PM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same serial number in cert
issue on different master servers?
On Tue, Nov 11,
On Tue, Nov 11, 2014 at 02:11:55AM +, Les Stott wrote:
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 12:51 PM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same serial number
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 1:59 PM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same serial number in cert
issue on different master servers?
On Tue, Nov 11, 2014
On Tue, Nov 11, 2014 at 04:17:37AM +, Les Stott wrote:
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 1:59 PM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same serial number in
well I'll try them now, my sssd config only consists of these lines added to
the sudo area
sudo_provider = ldap
ldap_uri = ldap://myipaserver.example.com
ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/myipaserver.example.com
ldap_sasl_realm
or could you guys direct me or guide me on how to deploy this ipa server? I've
been successful deploying ipa version 3.3.5 before but this 4.0 and above
series is really giving me a headache
On Tuesday, November 11, 2014 1:24 PM, Rolf Nufable rolf_16_nufa...@yahoo.com
wrote:
well I'll
On Mon, 10 Nov 2014, William Muriithi wrote:
less /var/log/sssd/sssd_example.loc.log
(Mon Nov 10 15:58:21 2014) [sssd[be[example.loc]]] [fo_set_port_status]
(0x0100): Marking port 389 of server 'ipa3-yyz-int.example.loc' as 'working'
(Mon Nov 10 15:58:21 2014) [sssd[be[example.loc]]]
On 11/11/2014 06:37 AM, Rolf Nufable wrote:
or could you guys direct me or guide me on how to deploy this ipa server?
I've been successful deploying ipa version 3.3.5 before but this 4.0 and
above series is really giving me a headache
Hm, that is worrying. FreeIPA 4.0+ should definitely not
well I dont know how or what command to use to display the logs, could you
teach me how? , but yes the network.negotiate-auth.trusted-uris has the same
domain name which is example.com this is on the server side only
while on the client side, even though the network.negotiate-auth.trusted-uris
On 11/11/2014 08:07 AM, Rolf Nufable wrote:
well I dont know how or what command to use to display the logs, could you
teach me how?
There should be HOWTO articles on how to do that. Jakub may have better
sources, but I see for example:
oh sorry I forgot that on the clients side
network.negotiate-auth.trusted-uris they have the same domain as of the
server side I've configured it as well as in the client side because recent
guides for deploying IPA says that you must go to about:config either you are
on the server or client
Hi Nalin,
On Mon, Nov 10, 2014 at 5:19 PM, Nalin Dahyabhai na...@redhat.com wrote:
On Mon, Nov 10, 2014 at 04:17:49PM +0100, Natxo Asenjo wrote:
How can I debug this?
First thing would be to run the daemon with additional logging - I
usually use '-d3' to watch what's going on while the
38 matches
Mail list logo