Re: [Freeipa-users] Dogtag certs did not auto-renew, very stuck!

2017-02-21 Thread Peter Fern
Okay, with much debugging and hoop-jumping, I can say that certmonger on Debian/Ubuntu is currently in a rather broken state, at least in a server role. It links against libcurl3-nss, however on Debian/-derivs there is no build of nss-pem, so anything built against libcurl3-nss cannot parse PEM

Re: [Freeipa-users] ldapsearch for AD users

2017-02-21 Thread Alexander Bokovoy
On ti, 21 helmi 2017, Hanoz Elavia wrote: Hello, I've got the FreeIPA server with AD trust (Server 2008 R2) setup and running. I can login successfully on linux clients using AD credentials. I'm now trying to setup my Isilon storage appliance with mixed mode file sharing. The filer has joined

Re: [Freeipa-users] ldapsearch for AD users

2017-02-21 Thread Martin Babinsky
On 02/21/2017 09:10 PM, Hanoz Elavia wrote: Hello, I've got the FreeIPA server with AD trust (Server 2008 R2) setup and running. I can login successfully on linux clients using AD credentials. I'm now trying to setup my Isilon storage appliance with mixed mode file sharing. The filer has

Re: [Freeipa-users] Looking for instructions on one way subtree sync IPA->IPA

2017-02-21 Thread David Kupka
On Tue, Feb 21, 2017 at 10:27:40AM +, Paris, Dan wrote: > Hi FreeIPA-users, > > My colleague Nick Piper emailed > previously > regarding the subject matter. > > We are still attempting to find a solution that meets

Re: [Freeipa-users] IDM server doesn't boot after update to RHEL 7.3

2017-02-21 Thread Prasun Gera
Any systemd experts that can help in figuring out what's going on here ? Here's a shortened log up to that error if it makes it more convenient: https://gist.github.com/pgera/00f1ae31f77b9e9aa652db2be0e29574 On Fri, Feb 17, 2017 at 8:40 PM, Prasun Gera wrote: > I now

Re: [Freeipa-users] Installing on Ubuntu

2017-02-21 Thread Robert L. Harris
Ok, I removed the files in that directory, manually removed 389-ds-base, cleaned up the user/group and some left over directories and all installed/configured correctly. -R On Tue, Feb 21, 2017 at 1:03 PM Timo Aaltonen wrote: > On 21.02.2017 17:33, Robert L. Harris wrote:

[Freeipa-users] ldapsearch for AD users

2017-02-21 Thread Hanoz Elavia
Hello, I've got the FreeIPA server with AD trust (Server 2008 R2) setup and running. I can login successfully on linux clients using AD credentials. I'm now trying to setup my Isilon storage appliance with mixed mode file sharing. The filer has joined the AD so it provides Windows users access

Re: [Freeipa-users] Installing on Ubuntu

2017-02-21 Thread Timo Aaltonen
On 21.02.2017 17:33, Robert L. Harris wrote: > This was a clean install of Ubuntu. If I install freeipa-server I get > the error from the original email. If I do a "apt install > freeipa-server" I do see it will install python-ipaserver. When I let > it run it downloads and everything and

Re: [Freeipa-users] support for rfc2307AIX schema in IPA server

2017-02-21 Thread Iulian Roman
On Tue, Feb 21, 2017 at 4:31 PM, Rob Crittenden wrote: > Iulian Roman wrote: > > Hello, > > > > Does anybody know if the rfc2307aix schema is supported in IPA server (i > > use red hat IDM version) ? If yes, is there any documentation available > > ? Was it tested ? > > No,

Re: [Freeipa-users] Can mount NFS, but user only gets the permission question marks

2017-02-21 Thread Brendan Kearney
On 02/21/2017 10:57 AM, Kees Bakker wrote: Hey, Maybe one of the NFS users on this list could give me a hint what could be wrong. I'm not sure if it has any relation with FreeIPA/Kerberos. I've set up an NFS server and I can mount the NFS directory on my client. So, I'm guessing that setting

Re: [Freeipa-users] can't add replica: failed to start the directory server

2017-02-21 Thread Tiemen Ruiten
Can anyone help? At this point I'm stuck and I may have to consider alternatives :( On 21 February 2017 at 09:37, Tiemen Ruiten wrote: > Flo, > > Do you have any pointers? > > On 20 February 2017 at 10:05, Tiemen Ruiten wrote: > >> Hello Flo, >> >>

[Freeipa-users] Can mount NFS, but user only gets the permission question marks

2017-02-21 Thread Kees Bakker
Hey, Maybe one of the NFS users on this list could give me a hint what could be wrong. I'm not sure if it has any relation with FreeIPA/Kerberos. I've set up an NFS server and I can mount the NFS directory on my client. So, I'm guessing that setting up Kerberos principal was done correctly.

Re: [Freeipa-users] Installing on Ubuntu

2017-02-21 Thread Robert L. Harris
This was a clean install of Ubuntu. If I install freeipa-server I get the error from the original email. If I do a "apt install freeipa-server" I do see it will install python-ipaserver. When I let it run it downloads and everything and starts setting everything up. I get this: Setting up

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-21 Thread Matt .
Hi Flo, Yes it does! Thanks for that. Is it not possible to remove a certificate fully as it always syncs this way ? Or remove it from /etc/httpd/alias, then from ldap and then sync again ? Cheers, Matt 2017-02-21 9:03 GMT+01:00 Florence Blanc-Renaud : > On 02/20/2017 04:09

Re: [Freeipa-users] support for rfc2307AIX schema in IPA server

2017-02-21 Thread Rob Crittenden
Iulian Roman wrote: > Hello, > > Does anybody know if the rfc2307aix schema is supported in IPA server (i > use red hat IDM version) ? If yes, is there any documentation available > ? Was it tested ? No, it isn't supported (it's the first I've ever heard of it). Looking at the schema I doubt it

[Freeipa-users] support for rfc2307AIX schema in IPA server

2017-02-21 Thread Iulian Roman
Hello, Does anybody know if the rfc2307aix schema is supported in IPA server (i use red hat IDM version) ? If yes, is there any documentation available ? Was it tested ? I plan for a big migration and full support of the AIX user attributes is one of the prerequisites. -- Manage your

[Freeipa-users] Dogtag certs did not auto-renew, very stuck!

2017-02-21 Thread Peter Fern
I don't know why the certs did not auto-renew originally, but now I am very stuck trying to get my CA functional again. I've tried setting the clock back to a week or two before the certs were due to expire, but I'm still having no luck getting the CA functional. This is a Ubuntu server, so some

[Freeipa-users] Looking for instructions on one way subtree sync IPA->IPA

2017-02-21 Thread Paris, Dan
Hi FreeIPA-users, My colleague Nick Piper emailed previously regarding the subject matter. We are still attempting to find a solution that meets our requirements and are considering manually building an ldif file to

Re: [Freeipa-users] can't add replica: failed to start the directory server

2017-02-21 Thread Tiemen Ruiten
Flo, Do you have any pointers? On 20 February 2017 at 10:05, Tiemen Ruiten wrote: > Hello Flo, > > Thanks for your response. I ran that command and I seem to have a > different problem (connectors are defined as you indicated): > > [tiemen@copernicum ~]$ sudo getcert list

Re: [Freeipa-users] Installing on Ubuntu

2017-02-21 Thread Timo Aaltonen
On 20.02.2017 22:26, Robert L. Harris wrote: > > python2 -c 'from ipaserver.install import installutils; print "yes" if > installutils.is_ipa_configured() else "no";' > Traceback (most recent call last): > File "", line 1, in > ImportError: No module named ipaserver.install Then how did you

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-21 Thread Florence Blanc-Renaud
On 02/20/2017 04:09 PM, Matt . wrote: Hi Rob, Yes it does, I understood that there was some reason the duplicate might exist, but I wonder more why does the RootCA show up when I removed it and comes back after adding the two intermediates ? Hi Matt, when ipa-cacert-manage install is run, it