On (05/01/17 15:38), Jakub Hrozek wrote:
>On Thu, Jan 05, 2017 at 01:36:56PM +, James Harrison wrote:
>> Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
>> I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
>> I get 1 rule returned, which I expect.
>>
On 05.01.2017 20:03, TomK wrote:
Hey All,
QQ.
Should the DNS forwarders be updated in /etc/named.conf? Until I
manually change /etc/named.conf, can't ping the windows AD cluster:
mds.xyz. Nor can I get dig to resolve the SRV records (dig SRV
_ldap._tcp.mds.xyz).
Hey All,
QQ.
Should the DNS forwarders be updated in /etc/named.conf? Until I
manually change /etc/named.conf, can't ping the windows AD cluster:
mds.xyz. Nor can I get dig to resolve the SRV records (dig SRV
_ldap._tcp.mds.xyz).
sssd-ipa-1.14.0-43.el7_3.4.x86_64
I re-read and walked through the troubleshooting steps. I have a mismatch
in Key Version Numbers in the keytab file:
Trying to renew the keytab file results in this error:
Failed to parse result: PrincipalName not found.
Retrying with pre-4.0 keytab retrieval method...
Failed to parse result:
Hello, replied inline below
El mié, 28-12-2016 a las 18:15 -0500, William Muriithi escribió:
> Hello
>
> I am trying to setup a samba share - actually replace winbind on a
> current samba server and I am basing my change on these instructions.
>
>
On 01/05/2017 04:11 PM, Jeff Goddard wrote:
> I'm starting a new thread rather than continuing to submit under:
> https://www.redhat.com/archives/freeipa-users/2017-January/msg00108.html.
>
> My problem is that I cannot get the DNS service to start on one of my
> replica masters. From the previous
Hi
@Fraser,
tried the commands and certificates matched in both cases.
@everyone
I tried to look a little bit in the code, and the only references I saw are in
https://github.com/freeipa/freeipa/blob/master/install/certmonger/dogtag-ipa-ca-renew-agent-submit
(4 references)
And the only one
I'm starting a new thread rather than continuing to submit under:
https://www.redhat.com/archives/freeipa-users/2017-January/msg00108.html.
My problem is that I cannot get the DNS service to start on one of my
replica masters. From the previous message thread:
Hello,
could you check this link
Timothy Geier wrote:
> This is something Ive looked at lately and a manual proof of concept I
> just did (using ideas from
> https://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA)
> makes it seem theoretically possible (though it looks like, barring the
> migration
I guess my issue it totally different then as the files I have contain the
correct values. I'll resubmit a new email with the correct subject line so
as to start fresh.
Thanks,
Jeff
On Thu, Jan 5, 2017 at 7:22 AM, Brian J. Murrell
wrote:
> On Wed, 2017-01-04 at 16:21
I cannot. I get:
dap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
On Thu, Jan 5, 2017 at 9:08 AM, Martin Basti wrote:
> Hello,
>
> could you check this link https://fedorahosted.org/bind-
> dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:
>
On Thu, Jan 05, 2017 at 01:36:56PM +, James Harrison wrote:
> Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
> I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
> I get 1 rule returned, which I expect.
> Many thanks,James Harrison
I would check if
On 01/04/2017 07:24 PM, Daniel Schimpfoessl wrote:
From the logs:
/var/log/dirsrv/slapd-DOMAIN-COM/errors
... a few warnings about cache size, NSACLPLugin and schema-compat-plugin
[04/Jan/2017:12:14:21.392642021 -0600] slapd started. Listening on All
Interfaces port 389 for LDAP requests
Hello,
could you check this link
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:bindtoLDAPserverfailed
kinit prints nothing when it works, so it works in your case, can you
after kinit as DNS service try to use ldapsearch -Y GSSAPI ?
Martin
On Wed, 2017-01-04 at 16:21 -0500, Jeff Goddard wrote:
> I don't want to hijack someone else's thread but I'm having what
> appears to
> be the same problem and have not seen a solution presented yet.
The problem and solution were presented. These two messages basically
embody the problem I had:
-- Forwarded message --
From: Jeff Goddard
Date: Thu, Jan 5, 2017 at 8:57 AM
Subject: Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
server failed: {'desc': 'Invalid credentials'}
To: Martin Basti
On Thu, Jan 5, 2017 at
Running the command displays no output.
Here is the config file output:
# This file is sourced by dirsrv upon startup to set
# the default environment for all directory server instances.
# To set instance specific defaults, use the file in the same
# directory called dirsrv-instance where
Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
I get 1 rule returned, which I expect.
Many thanks,James Harrison
(Thu Jan 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event
0x1c11e30
Hello,
Curious, two weeks ago, we established a two way trust between AD and
FreeIPA. This has been working fine till yesterday when AD started
having DNS issues. I am 99% certain trust had nothing to do with DNS
issue, but want to reverse the trust and see if we could fair better
My question
On 05/01/2017 10:57, Maciej Drobniuch wrote:
Maybe I'll paraphrase the question.
It would suffice if I could tell IPA to use pass+otp only instead of
both (Password+ pass+otp) for particular hosts.
So for example users from hosts X can login with OTP only.
Sorry, I don't understand that.
Hi Brian
Thank You for your answer.
It started working, not sure yet why it did not work. I need to do some
extensive testing.
So, I've actually followed the blogposts you've mentioned to setup
ipanthash + freeradius.
Maybe I'll paraphrase the question.
It would suffice if I could tell IPA to
Hi,
Got the same messages :)
(and I almost got all other problems you posted on this list since your 4.4
upgrade)
If anyone can tell us if we have to do anything to clean problematic CSN...
Happy new year to all freeipa-users!
--
Youenn Piolet
piole...@gmail.com
2016-12-24 9:33 GMT+01:00
On Thu, Jan 05, 2017 at 01:08:58PM +0300, Ben .T.George wrote:
> HI
>
> there is no filrewall running on both servers,
>
> [root@zkwipamstr01 ~]# systemctl status firewalld
> ● firewalld.service - firewalld - dynamic firewall daemon
>Loaded: loaded (/usr/lib/systemd/system/firewalld.service;
HI
there is no filrewall running on both servers,
[root@zkwipamstr01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
vendor preset: enabled)
Active: inactive (dead)
Docs:
On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote:
> HI,
>
> on master server and replica server, i have enabled ipv6
>
> below on master server
>
> [root@zkwipamstr01 ~]# ip addr | grep inet6
>
> inet6 fe80::250:56ff:fea0:3857/64 scope link
>
> [root@zkwipamstr01 ~]#
HI,
on master server and replica server, i have enabled ipv6
below on master server
[root@zkwipamstr01 ~]# ip addr | grep inet6
inet6 fe80::250:56ff:fea0:3857/64 scope link
[root@zkwipamstr01 ~]# systemctl restart pki-tomcatd@pki-tomcat
[root@zkwipamstr01 ~]# netstat -tunap | grep 8009
On 04.01.2017 22:21, Jeff Goddard wrote:
I don't want to hijack someone else's thread but I'm having what
appears to be the same problem and have not seen a solution presented yet.
Here is the output of journalctl -xe after having tried to start named:
Jan 04 15:48:42
On 04.01.2017 23:40, Jason B. Nance wrote:
Hello everyone,
I have a pair of FreeIPA 4.4.0 servers setup whose forwarders are each set to
an Active Directory domain controller. When a client attempts to lookup any
DNS record other than those to which FreeIPA is authoritative the client
On 01/05/2017 07:10 AM, Ben .T.George wrote:
> HI
>
> yes i did the same and still port is not listening.
>
> [root@zkwipamstr01 ~]# cat /etc/hosts
> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6
29 matches
Mail list logo