Re: [Freeipa-users] OCSP and CRL in certs for java firefox plugin

2016-05-30 Thread Martin Kosek
On 05/30/2016 10:53 PM, Prasun Gera wrote: > > To summarize, your options seem to be: > * Create ipa-ca DNS record in your primary domain > * Update the main default certificate profile (present in FreeIPA 4.2+) > * Migrate whole FreeIPA deployment to other DNS primary you would co

Re: [Freeipa-users] Centos 7.2 ipa-backup failure

2016-05-30 Thread Martin Kosek
On 05/30/2016 06:57 PM, Ken Bass wrote: > On 05/30/2016 10:32 AM, Martin Kosek wrote: >> On 05/29/2016 05:33 PM, Ken Bass wrote: >>> Today I tried my very first ipa-backup attempt. The command reported 'The >>> ipa-backup command was successful' >>> >>> YET I saw: >>> >>> /usr/sbin/db2ldif: line 1

Re: [Freeipa-users] OCSP and CRL in certs for java firefox plugin

2016-05-30 Thread Prasun Gera
> > > To summarize, your options seem to be: > * Create ipa-ca DNS record in your primary domain > * Update the main default certificate profile (present in FreeIPA 4.2+) > * Migrate whole FreeIPA deployment to other DNS primary you would control > (pqr.xyz.com) - which is a lot of work but may unb

Re: [Freeipa-users] dns location based discovery

2016-05-30 Thread Winfried de Heiden
Can't wait! Winny Op 30-05-16 om 18:39 schreef Martin Basti: On 30.05.2016 18:16, Winfried de Heiden wrote: Hi all, Thanks for the quick answer even though I send

Re: [Freeipa-users] Centos 7.2 ipa-backup failure

2016-05-30 Thread Ken Bass
On 05/30/2016 10:32 AM, Martin Kosek wrote: On 05/29/2016 05:33 PM, Ken Bass wrote: Today I tried my very first ipa-backup attempt. The command reported 'The ipa-backup command was successful' YET I saw: /usr/sbin/db2ldif: line 157: 22567 Segmentation fault /usr/sbin/ns-slapd db2ldif -D /etc/

Re: [Freeipa-users] dns location based discovery

2016-05-30 Thread Martin Basti
On 30.05.2016 18:16, Winfried de Heiden wrote: Hi all, Thanks for the quick answer even though I send it to the wrong email address. About "Please note that for AD users (which is IIRC the majority of your environment), SSSD should already choose the right site." I noticed that, but I was cur

Re: [Freeipa-users] dns location based discovery

2016-05-30 Thread Winfried de Heiden
Hi all, Thanks for the quick answer even though I send it to the wrong email address. About "Please note that for AD users (which is IIRC the majority of your environment), SSSD should already choose the right site." I noticed that, but I was curious about

Re: [Freeipa-users] dns location based discovery

2016-05-30 Thread Jakub Hrozek
On Mon, May 30, 2016 at 05:22:33PM +0200, Sumit Bose wrote: > On Mon, May 30, 2016 at 05:13:35PM +0200, Winfried de Heiden wrote: > > Hi all, > > > > The sssd-ipa man page will tell: > > > >    ipa_enable_dns_sites (boolean) > >    Enables DNS sites - location based service discovery.

Re: [Freeipa-users] dns location based discovery

2016-05-30 Thread Sumit Bose
On Mon, May 30, 2016 at 05:13:35PM +0200, Winfried de Heiden wrote: > Hi all, > > The sssd-ipa man page will tell: > >    ipa_enable_dns_sites (boolean) >    Enables DNS sites - location based service discovery. > >    If true and service discovery (see Service Discovery para

Re: [Freeipa-users] Unable to access to web ui

2016-05-30 Thread Martin Kosek
On 05/30/2016 04:36 PM, Martin Basti wrote: > > > On 30.05.2016 14:20, seli irithyl wrote: >> Hi, >> >> Since last update, I'am unable to log in to web ui with FF (e.g. blank page) >> Any idea where too look for ? >> >> Best regards, >> >> Seli >> >> >> >> >> > Hello, > > can you provide version

Re: [Freeipa-users] Unable to access to web ui

2016-05-30 Thread Martin Basti
On 30.05.2016 14:20, seli irithyl wrote: Hi, Since last update, I'am unable to log in to web ui with FF (e.g. blank page) Any idea where too look for ? Best regards, Seli Hello, can you provide version of the freeIPA, firefox. Does it work from different browser? does it work from

Re: [Freeipa-users] Install best practice -

2016-05-30 Thread Martin Kosek
On 05/29/2016 07:11 PM, Ben .T.George wrote: > Hi > > I would like to know how can i proceed with best practices > > My AD domain is : corp.examle.com.kw > My DNS (appliances ) : kw.test.com > > All my clients are pointed to kw.test.com

Re: [Freeipa-users] Centos 7.2 ipa-backup failure

2016-05-30 Thread Martin Kosek
On 05/29/2016 05:33 PM, Ken Bass wrote: > Today I tried my very first ipa-backup attempt. The command reported 'The > ipa-backup command was successful' > > YET I saw: > > /usr/sbin/db2ldif: line 157: 22567 Segmentation fault /usr/sbin/ns-slapd > db2ldif -D /etc/dirsrv/slapd-DOMAIN-NET -n userRo

Re: [Freeipa-users] EXAMPLE.COM IPA CA Import /etc/httpd/alias

2016-05-30 Thread Martin Kosek
On 05/29/2016 09:18 AM, Günther J. Niederwimmer wrote: > Hello > I found any Help for the IPA Certificate but I found no way to import the IPA > CA ? > I like to create a webserver with a owncloud virtualhost and other.. > > But it is for me not possible to create the /etc/httpd/alias correct ? >

Re: [Freeipa-users] OCSP and CRL in certs for java firefox plugin

2016-05-30 Thread Martin Kosek
On 05/28/2016 05:30 AM, Prasun Gera wrote: > The problem is that I'm not using ipa for dns. dns is handled externally, and > I > don't have admin access. I have 1 master and 1 replica, and all the clients > are > enrolled with --server=a,--server=b during installation, and I think it works > p

[Freeipa-users] Unable to access to web ui

2016-05-30 Thread seli irithyl
Hi, Since last update, I'am unable to log in to web ui with FF (e.g. blank page) Any idea where too look for ? Best regards, Seli -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the p

Re: [Freeipa-users] question about automount config

2016-05-30 Thread Arthur Fayzullin
thanks! I'll try to debug at my test environment. 24.05.2016 18:01, Prasun Gera пишет: > You can stop the autofs daemon, and run it in foreground with > automount -fvv. Then try to access the mount point in parallel. The > logs from the foreground run should shed some light. Also, does your > aut

Re: [Freeipa-users] Multiple issues (weblogin, DNS) with 4.3.1 @ Fedora 24

2016-05-30 Thread Petr Spacek
On 27.5.2016 14:28, Tomasz Torcz wrote: > Hi, > > In my home environment I'm using two-server FreeIPA configuration on Fedora. > Initially installed on fedora 19 in November 2013, it have been upgraded every > Fedora release. It generally works OK, but somewhat degrades during operation. > Recen

Re: [Freeipa-users] dynamic dns working for forward zone but not reverse zone

2016-05-30 Thread Petr Spacek
On 27.5.2016 15:27, Brian J. Murrell wrote: > I have a FreeIPA 4.2.0 on CentOS 7.2. I have dynamic DNS updates > working for a forward zone but they are failing (NOTAUTH) for a reverse > zone. Here are configuration of the two zones: > > dn: idnsname=example.com.,cn=dns,dc=example,dc=com > Z

Re: [Freeipa-users] Install best practice -

2016-05-30 Thread Natxo Asenjo
On Mon, May 30, 2016 at 7:14 AM, Ben .T.George wrote: > Hi > > thanks for the reply. > > "the easiest would be to create a zone and delegating that to the ipa > hosts. No other change necessary." > > can you explain little more. You mean need to create separate DNS zone ? > > create a zone in you