On 23/09/15 11:03, Fraser Tweedale wrote:
On Wed, Sep 23, 2015 at 09:09:25AM +0200, David Kupka wrote:
On 22/09/15 17:02, James Masson wrote:
Hi,
we're building IPAs in an automated fashion, for environments that get
created and destroyed a lot. At the moment, the CA certs used inside
these
On 09/23/2015 11:00 AM, Michael Lasevich wrote:
> OK, this is most bizarre issue,
>
> I am trying to disable RC4 based TLS Cipher Suites in LDAPs(port 636) and
> for the life of me cannot get it to work
>
> I have followed many nearly identical instructions to create ldif file and
> change
On Wed, Sep 23, 2015 at 09:09:25AM +0200, David Kupka wrote:
> On 22/09/15 17:02, James Masson wrote:
> >
> >Hi,
> >
> >we're building IPAs in an automated fashion, for environments that get
> >created and destroyed a lot. At the moment, the CA certs used inside
> >these IPAs are self-signed, as
Hi Martin,
thanks for your reply.
On 09/23/2015 09:07 AM, Martin Kosek wrote:
On 09/22/2015 12:41 PM, Michael Anderson wrote:
Hi All,
we're evaluation freeipa/dogtag as a pki management service and hoping to
replace our existing menagerie of bash/openssl scripts. I'm trying to establish
a
On Wed, Sep 23, 2015 at 09:07:31AM +0200, Martin Kosek wrote:
> On 09/22/2015 12:41 PM, Michael Anderson wrote:
> > Hi All,
> >
> > we're evaluation freeipa/dogtag as a pki management service and hoping to
> > replace our existing menagerie of bash/openssl scripts. I'm trying to
> > establish
>
Ok, something odd happened I would love some feedback/ideas on:
We had 4.1.2 running on Fedora that we used for, among other things, OTP
authentication. I have just upgraded these to CentOS 7 with 4.1.4 running
and our OTP setup suddenly became very unstable.
Things that have changed during
David Kupka wrote:
> On 22/09/15 17:02, James Masson wrote:
>>
>> Hi,
>>
>> we're building IPAs in an automated fashion, for environments that get
>> created and destroyed a lot. At the moment, the CA certs used inside
>> these IPAs are self-signed, as part of the normal "ipa-server-install"
>>
Hello !
I'm using IPA 3.0.0 and I have a problem with one of the user I created.
user3
I created this user with the command ipa user-add without specifying any
password.
Then I performed an ipa-getkeytab command with the -P option to have a
keytab and a password.
When I check the ldap server
On 09/23/2015 05:05 PM, Michael Lasevich wrote:
Yes, I am talking about 389ds as is integrated in FreeIPA (would be
silly to post completely non-IPA questions to this list...).
I am running FreeIPA 4.1.4 on CentOS 7.1 and RC4 is enabled on port
636 no matter what I do.
I am running "CentOS
Yes, I am talking about 389ds as is integrated in FreeIPA (would be silly
to post completely non-IPA questions to this list...).
I am running FreeIPA 4.1.4 on CentOS 7.1 and RC4 is enabled on port 636 no
matter what I do.
I am running "CentOS Linux release 7.1.1503 (Core)"
Relevant Packages:
Hi,
When a user changes their password the ipa gui briefly redirects to a login
page. The user often has an impulse to click on the login button which, on
occasion, can seem to cause a mess with the password change.
Anyone else aware of this behaviour?
ta
Andrew
--
Manage your subscription
No difference. It is as if this setting is being overwritten somewhere deep
in 389ds, because the "error" log correctly reflects the changes, but the
actual process does not. (and yes, I verified that the process actually
shuts down and start up again when I restart it)
ldapsearch -x -D
I have a user I created for testing, but now shows as both "there" but
not there..
*ipa user-show jtest*
ipa: ERROR: jtest: user not found
*ipa user-find jtest*
--
1 user matched
--
User login: jtest
First name: janelle
Last name: test
Home directory:
On 09/23/2015 07:15 PM, Janelle wrote:
I have a user I created for testing, but now shows as both "there" but
not there..
*ipa user-show jtest*
ipa: ERROR: jtest: user not found
*ipa user-find jtest*
--
1 user matched
--
User login: jtest
First name:
On one of my servers I'm getting
Sep 23 13:35:07 mdhixuatisamw03 sshd[8136]: pam_unix(sshd:session): session
opened for user user by (uid=0)
Sep 23 13:35:07 mdhixuatisamw03 sshd[8164]: pam_sss(sshd:setcred): Request to
sssd failed. Public socket has wrong ownership or permissions.
Janelle wrote:
> On 9/23/15 10:36 AM, Martin Basti wrote:
>>
>>
>> On 09/23/2015 07:15 PM, Janelle wrote:
>>> I have a user I created for testing, but now shows as both "there"
>>> but not there..
>>>
>>> *ipa user-show jtest*
>>>
>>> ipa: ERROR: jtest: user not found
>>>
>>> *ipa
On 09/23/2015 05:05 PM, Michael Lasevich wrote:
Yes, I am talking about 389ds as is integrated in FreeIPA (would be silly to
post completely non-IPA questions to this list...).
You would not be the first to do it :-)
I am running FreeIPA 4.1.4 on CentOS 7.1 and RC4 is enabled on port 636 no
Hey guys,
Quick question. Just running through a poc and ran into a question.
I have a simple AD DC (win2k8r2 box) with a trust setup to our IPA server.
Trust and all is setup properly and I can see users on the client/ipa
server and on the ipa server I can ssh into it with the AD user.
I am
On 09/22/2015 12:41 PM, Michael Anderson wrote:
> Hi All,
>
> we're evaluation freeipa/dogtag as a pki management service and hoping to
> replace our existing menagerie of bash/openssl scripts. I'm trying to
> establish
> a migration path for our existing pki solution and have a few questions:
On a related point to this note - Duncan, did you try to run your setup with
RPM version of FreeIPA? FreeIPA 4.2 is included both in RHEL-7.2 Beta or in
Fedora 23 Beta updates-testing repo, so you can try the latest and greatest
version there and thus find out if the problems you are seeing are
Ok, I just went through process of migrating our IPA setup from 4.1.2
running on Fedora 20 (?? may have been 21) to 4.1.4 on CentOS 7 (MKosek
Copr version) and run into a nasty bug. The replica-install crashes during
CA configuration with something like:
''/usr/sbin/pkispawn' '-s' 'CA' '-f'
On 09/23/2015 10:05 AM, Michael Anderson wrote:
> Hi Martin,
>
> thanks for your reply.
>
> On 09/23/2015 09:07 AM, Martin Kosek wrote:
>> On 09/22/2015 12:41 PM, Michael Anderson wrote:
>>> Hi All,
>>>
>>> we're evaluation freeipa/dogtag as a pki management service and hoping to
>>> replace
OK, this is most bizarre issue,
I am trying to disable RC4 based TLS Cipher Suites in LDAPs(port 636) and
for the life of me cannot get it to work
I have followed many nearly identical instructions to create ldif file and
change "nsSSL3Ciphers" in "cn=encryption,cn=config". Seems simple enough -
On 9/23/15 10:36 AM, Martin Basti wrote:
On 09/23/2015 07:15 PM, Janelle wrote:
I have a user I created for testing, but now shows as both "there"
but not there..
*ipa user-show jtest*
ipa: ERROR: jtest: user not found
*ipa user-find jtest*
--
1 user matched
I actually just posted that in a previous email. The only thing I cut out
were nsSSLEnabledCiphers - but here is the complete listing:
# ldapsearch -x -D "cn=directory manager" -W -b "cn=encryption,cn=config"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
Excellent,
Thank you for the quick response.
I will look further into your suggestions
Aly
On Wed, Sep 23, 2015 at 3:50 PM, Alexander Bokovoy
wrote:
> On Wed, 23 Sep 2015, Aly Khimji wrote:
>
>> Hey guys,
>>
>> Quick question. Just running through a poc and ran into a
On Wed, Sep 23, 2015 at 12:48:47PM +0330, alireza baghery wrote:
> hi
> i have centos 6.7 (ipa server)
> and i have centos 6.5 (client)
I would advise to upgrade, 6.5 is old. I'm not sure if 6.5 already
supported sudo_provider=ipa, but I'm pretty sure 6.6 did. That would
simplify the
On Wed, Sep 23, 2015 at 06:03:45PM +, Andy Thompson wrote:
> On one of my servers I'm getting
>
> Sep 23 13:35:07 mdhixuatisamw03 sshd[8136]: pam_unix(sshd:session): session
> opened for user user by (uid=0)
> Sep 23 13:35:07 mdhixuatisamw03 sshd[8164]: pam_sss(sshd:setcred): Request to
>
On Wed, 23 Sep 2015, Aly Khimji wrote:
Hey guys,
Quick question. Just running through a poc and ran into a question.
I have a simple AD DC (win2k8r2 box) with a trust setup to our IPA server.
Trust and all is setup properly and I can see users on the client/ipa
server and on the ipa server I
On 9/13/15 11:46 PM, Alexander Bokovoy wrote:
On Sun, 13 Sep 2015, Janelle wrote:
Hello,
I read something recently that if ip v6 is disable on a server this
hurts performance in some way? Is there more info on this or did I
misread it?
Do not disable IPv6 stack on your machines. By disabling
Hi Guys,
Please keep this topic updated as many people seem to have this question.
What's the status at your side ?
Cheers,
Matt
2015-09-04 15:27 GMT+02:00 Matt . :
> Hi,
>
> Does everyone have this working or gived up on it ?
>
> Chers,
>
> Matt
>
> 2015-08-26 20:07
I've put a kerberos principle into a keytab:
# klist -k asterisk.keytab
Keytab name: FILE:asterisk.keytab
KVNO Principal
--
8 aster...@example.com
using:
# ipa-getkeytab -s server.example.com -p asterisk -k
On Wed, Sep 23, 2015 at 11:16:27AM +0100, James Masson wrote:
>
> On 23/09/15 11:03, Fraser Tweedale wrote:
> >On Wed, Sep 23, 2015 at 09:09:25AM +0200, David Kupka wrote:
> >>On 22/09/15 17:02, James Masson wrote:
> >>>
> >>>Hi,
> >>>
> >>>we're building IPAs in an automated fashion, for
I've got all of my environments setup with two IPA servers. I'm fighting
intermittent problems with krb5kdc crashing on them in all of my environments
and I've opened a ticket with Redhat on that. What I can't figure out though
is why the clients will not fail over to the second functioning
On Wed, 23 Sep 2015, Andy Thompson wrote:
I've got all of my environments setup with two IPA servers. I'm
fighting intermittent problems with krb5kdc crashing on them in all of
my environments and I've opened a ticket with Redhat on that. What I
can't figure out though is why the clients will
On Wed, 23 Sep 2015, Brian J. Murrell wrote:
I've put a kerberos principle into a keytab:
# klist -k asterisk.keytab
Keytab name: FILE:asterisk.keytab
KVNO Principal
--
8 aster...@example.com
using:
# ipa-getkeytab
36 matches
Mail list logo