On 01/15/2015 06:31 PM, Quayle, Bill wrote:
I am migrating an openLDAP tree into ipa, and when I run ipa migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect to 'ldap://10.x.x.x:389’:
It has transferred 9762 records, but seems to hit a timeout that causes i
Hi,
KISS
keep it simple and stupid.
What we do is,
AD domain is domain.com and does all its own DNS and Kerberos, all windows
machines point at it etc
IPA domain is ipa.domain.com and all IPA's and indeed all Linux servers point
at IPA for everything incl NTP.
IPA servers use the AD server
William,
I don't understand why I would have problems if AD DNS can resolve IPA dns, and
IPA DNS can resolve AD DNS?
The DNS servers that my servers are using can resolve both AD and IPA.
Thanks,
Josh
> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
Josh,
You will have problems if you go with below plan in my opinion. I used
arrangements like the one you listed below when I used freeipa 2.2. This worked
for me only when I had users hosted on freeipa. After upgrading to 3.3 for
trust, it became very unreliable and had to point the ipa clie
Hi,
We are currently piloting FreeIPA4 (RHEL 7.1 IdM) in our environment. We plan
on establishing a trust with AD at some point during the POC. An overview of
the current DNS design:
* FreeIPA runs integrated DNS (ie, ipa.domain.com)
* Servers in our environment (even once joined to IPA) cont
I am migrating an openLDAP tree into ipa, and when I run ipa migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect to 'ldap://10.x.x.x:389':
It has transferred 9762 records, but seems to hit a timeout that causes it to
stop.
I've run it in debug mode, which
On 01/15/2015 11:02 AM, Brian Topping wrote:
+1 for a FreeRADIUS integration.
I'd use it to feed the VPN AAA (Vyatta). As it's a very sensitive piece, it
would be ideal if all the best practices were packaged up and known to be there
on deployment.
Can you please formulate requirements and u
On 01/15/2015 09:41 AM, Jan Pazdziora wrote:
> On Thu, Jan 15, 2015 at 08:56:29AM -0800, Nathan Kinder wrote:
>>
>>> Even if you do that, SELinux will likely prevent ntpd doing its job
>>> but at least it will stay around so that the client can connect to it.
>>>
>>> What is interesting though is
On Thu, Jan 15, 2015 at 08:56:29AM -0800, Nathan Kinder wrote:
>
> > Even if you do that, SELinux will likely prevent ntpd doing its job
> > but at least it will stay around so that the client can connect to it.
> >
> > What is interesting though is the fact that the client hangs
> > indefinitely
On 01/15/2015 08:56 AM, Nathan Kinder wrote:
>
>
> On 01/15/2015 12:01 AM, Jan Pazdziora wrote:
...
>> You need to use --cap-add=SYS_TIME when running the server container
>> or ntpd will fail.
>
> Thanks for the tip. This works. It would be handy to add this to the
> README for your freei
On 01/15/2015 03:34 AM, Sina Owolabi wrote:
> Hi List
>
> Please is it really possible to have Debian and Ubuntu serve as IPA
> clients?
> I've tried some instructions/guidelines on the list and they always
> fail with the IPA client install being halfway completed and sssd's
> configuration file
On 01/15/2015 12:01 AM, Jan Pazdziora wrote:
> On Wed, Jan 14, 2015 at 08:18:02PM -0800, Nathan Kinder wrote:
>> Hi,
>>
>> I'm running into a strange problem related to ntpd when trying to use
>> IPA in a container. I'm using the adelton/freeipa-server:fedora-21 and
>> adelton/freeipa-client:fed
Hello Rob,
Thank you for the quick reply, I will give it a go, I wasn't sure if the links
would work since most the of configuration for the dogtag in centos7 is
different
and commands like:
"getcert list -d /var/lib/pki-ca/alias -n "subsystemCert cert-pki-ca" | grep
post-save"
Do not apply,
Rui Gomes wrote:
> Hello Guys,
>
> I been seeing planting of email about promoting replicas to masters but does
> articles do not seem to apply to ipa 4.1/centos 7 combo.
>
> I had a ipa 3.0 master on centos 6.4 that died recently(I can still access
> the file system), and I would like to pro
+1 for a FreeRADIUS integration.
I'd use it to feed the VPN AAA (Vyatta). As it's a very sensitive piece, it
would be ideal if all the best practices were packaged up and known to be there
on deployment.
> On Jan 15, 2015, at 10:49 PM, Dmitri Pal wrote:
>
> On 01/15/2015 08:16 AM, Chris Card
Hello Guys,
I been seeing planting of email about promoting replicas to masters but does
articles do not seem to apply to ipa 4.1/centos 7 combo.
I had a ipa 3.0 master on centos 6.4 that died recently(I can still access the
file system), and I would like to promote my 4.1 replica to the mast
On 01/15/2015 08:16 AM, Chris Card wrote:
what's the current status of IPA integration with FreeRADIUS?
This email from 2011,
https://www.redhat.com/archives/freeipa-users/2011-October/msg00026.html, says
"Integrating FreeRADIUS with IPA is on the long term roadmap." Is that still
the case?
On Thu, Jan 15, 2015 at 3:26 AM, Jan Cholasta wrote:
> Hi,
>
> Dne 14.1.2015 v 14:54 Brian Topping napsal(a):
>
>> Hi Martin, thanks for your response!
>>
>> What I realize now is the certificate CRL points to the server that
no longer exists and I'd like to get that cleaned up. I found
>>>
On 15.01.2015 11:54, Petr Spacek wrote:
> On 15.1.2015 09:36, Lukas Slebodnik wrote:
>> Hi List
>>
>> Please is it really possible to have Debian and Ubuntu serve as IPA
>> clients?
>> I've tried some instructions/guidelines on the list and they always fail
>> with the IPA
what's the current status of IPA integration with FreeRADIUS?
This email from 2011,
https://www.redhat.com/archives/freeipa-users/2011-October/msg00026.html, says
"Integrating FreeRADIUS with IPA is on the long term roadmap." Is that still
the case?
Chris
On 15.1.2015 11:04, Lukas Slebodnik wrote:
> On (15/01/15 10:54), Petr Spacek wrote:
>> On 15.1.2015 09:36, Lukas Slebodnik wrote:
>>> Hi List
>>>
>>> Please is it really possible to have Debian and Ubuntu serve as IPA
>>> clients?
>>> I've tried some instructions/guidelines on
On (15/01/15 10:54), Petr Spacek wrote:
>On 15.1.2015 09:36, Lukas Slebodnik wrote:
>> Hi List
>>
>> Please is it really possible to have Debian and Ubuntu serve as IPA
>> clients?
>> I've tried some instructions/guidelines on the list and they always fail
>> with th
On 15.1.2015 09:36, Lukas Slebodnik wrote:
>>> >> Hi List
>>> >>
>>> >> Please is it really possible to have Debian and Ubuntu serve as IPA
>>> >> clients?
>>> >> I've tried some instructions/guidelines on the list and they always fail
>>> >> with the IPA client install being halfway completed an
On 01/14/2015 07:34 PM, Dmitri Pal wrote:
> On 01/14/2015 01:11 PM, Ejner Fergo wrote:
>> Hola,
>>
>> This is a response to:
>> https://www.redhat.com/archives/freeipa-users/2014-October/msg00126.html
>>
>> Scott, maybe you already found the solution, but I've been banging my head
>> with the same
On (15/01/15 09:17), Petr Spacek wrote:
>On 15.1.2015 03:34, Sina Owolabi wrote:
>> Hi List
>>
>> Please is it really possible to have Debian and Ubuntu serve as IPA clients?
>> I've tried some instructions/guidelines on the list and they always fail
>> with the IPA client install being halfway co
Hi,
Dne 14.1.2015 v 14:54 Brian Topping napsal(a):
Hi Martin, thanks for your response!
What I realize now is the certificate CRL points to the server that
no longer exists and I'd like to get that cleaned up. I found
http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
On Thu, Jan 15, 2015 at 09:06:54AM +0100, Lukas Slebodnik wrote:
> >>
> >> I'm continuing to debug this, but I thought I'd share my findings thus
> >> far in case anyone else has seen this or has any ideas for tracking the
> >> problem down. Any ideas?
> >
> >You need to use --cap-add=SYS_TIME wh
On 15.1.2015 03:34, Sina Owolabi wrote:
> Hi List
>
> Please is it really possible to have Debian and Ubuntu serve as IPA clients?
> I've tried some instructions/guidelines on the list and they always fail
> with the IPA client install being halfway completed and sssd's
> configuration file moved
Sorry for the late response.
I can confirm that with 3.3.3-28.el7_0.3, i'm able to fetch the sub-domains
and to log with its users.
Thank you !
2015-01-04 10:17 GMT+02:00 Alexander Bokovoy :
>
>
> --
>
> Hello all.
>
> I'm working on integrating AD trust feature in th
On (15/01/15 09:01), Jan Pazdziora wrote:
>On Wed, Jan 14, 2015 at 08:18:02PM -0800, Nathan Kinder wrote:
>> Hi,
>>
>> I'm running into a strange problem related to ntpd when trying to use
>> IPA in a container. I'm using the adelton/freeipa-server:fedora-21 and
>> adelton/freeipa-client:fedora-2
On Wed, Jan 14, 2015 at 08:18:02PM -0800, Nathan Kinder wrote:
> Hi,
>
> I'm running into a strange problem related to ntpd when trying to use
> IPA in a container. I'm using the adelton/freeipa-server:fedora-21 and
> adelton/freeipa-client:fedora-21 docker images. Basically, the client
> instal
31 matches
Mail list logo