On 04/30/2011 12:10 PM, JR Aquino wrote:
On Apr 29, 2011, at 11:45 PM, nasir
nasirkollath...@yahoo.commailto:kollath...@yahoo.com wrote:
Hi All,
First of all, many thanks indeed to the developers and community for making
some great strides in the open source IPA world !
I am planning for a
On 05/01/2011 08:49 AM, nasir nasir wrote:
Thanks for all the replies and great suggestions! I do appreciate it a
lot.
Apologies for being a bit confusing about the cetralized /home foder
in my previous mail. What I want is that all the users should have
their /home folder stored in the
On 05/06/2011 08:49 AM, Simo Sorce wrote:
On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote:
I currently maintain a directory with MTA configuration data in it
(among other items). I'm wondering what is the best way to add to the
FreeIPA schema without stepping on current and future
. Is
this possible? if so could anyone suggest me some guide lines or docs
for the same ?
Did you try installing the ipa-client rpms with Alien?
Thanks and Regards,
Nidal
--- On *Mon, 5/2/11, Adam Young /ayo...@redhat.com/* wrote:
From: Adam Young ayo...@redhat.com
Subject: Re: [Freeipa
that the entire problem is just in the NFS configuration.
Thanks indeed in advance and regards,
Nidal
--- On *Mon, 5/9/11, Adam Young /ayo...@redhat.com/* wrote:
From: Adam Young ayo...@redhat.com
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
To: nasir
On 05/10/2011 04:32 AM, Martin Kosek wrote:
On Tue, 2011-05-10 at 03:58 +, Steven Jones wrote:
I am trying to un-install freeipa with
ipa-server-install --uninstall and its saying not installed, but when I try to
install its saying already installed!
oops.
Is there a way to force the
On 05/10/2011 05:02 PM, Steven Jones wrote:
VMware local consoleI cant cut and paste outputs or scroll back when its a KDE rdp to
a windows 7 vmware guest and then into the vmware thick client and then to a
local console simply doesnt work...
Bit messy but I get a Linux desktop
Can you attach the file /var/log/ipa-server-install.log?
On 05/10/2011 10:14 PM, Steven Jones wrote:
I have installed ipa but Im getting this error, named wont run as wont kinit
admin.
=
May 11 14:11:40 vuwunicoipamt01 named[3132]: starting BIND
9.7.3-RedHat-9.7.3-1.el6 -u
Very cool. I've had a slew on DNS related issues when trying to set
things up in a small virtual environment using DNSMasq, so I feel your
pain. Please send a quick write up of your set up if you get everything
working.
On 05/10/2011 11:02 PM, Steven Jones wrote:
Hi,
Fixed I think,
-users-boun...@redhat.com] on
behalf of Adam Young [ayo...@redhat.com]
Sent: Wednesday, 11 May 2011 3:16 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] fatal error for ipa with dns.
Very cool. I've had a slew on DNS related issues when trying to set
things up in a small virtual
On 05/11/2011 11:00 AM, Rob Crittenden wrote:
Steven Jones wrote:
Hi,
Nope looks like DNS is barfed big time...
==
[root@vuwunicoipamt01 ~]# host vuwunicoipamt01.unix.vuw.ac.nz
vuwunicoipamt01.unix.vuw.ac.nz has address 130.195.81.236
[root@vuwunicoipamt01 ~]# ipa dns-resolve
On 05/12/2011 03:30 PM, nasir nasir wrote:
Adam,
I tried to follow your recommendations with RHEL 6.1 beta on server
and client machine. Centralized login and such things work. I have NFS
service too working. But automount is not working. For the time being
I configured my server as NFS
On 05/13/2011 12:13 PM, nasir nasir wrote:
Adam,
Thanks indeed!
I tried your suggestions.
-- I can mkdir
-- When I try to chown, I get the following error
*chown: changing ownership of `nasir': Operation not permitted*
Could you please explain me what do you mean by 'You probably need
I'm guessing that the user you are trying to create is test1? And the
directory
/xtra/home/test1 does not yet exist?
Does a precreated directory automount?
On 05/16/2011 08:08 AM, nasir nasir wrote:
Thanks indeed for the reply!
I updated the autofs package with version
On 05/17/2011 02:03 AM, nasir nasir wrote:
Further to my previous mail, let us try to isolate it even more by
comparing the login attempts to the NFS server(hugayat.cohort.org) and
another IPA client(rhel.cohort.org)
This is the relevant /var/log/message in the two cases
*1. ssh -l nasir
On 06/09/2011 03:37 PM, John S. Skogtvedt wrote:
Den 09. juni 2011 14:31, skrev Simo Sorce:
You probably want to use the DNA plugin to generate the sambaSid for you
once you have a domain SID, it's not too difficult and will be much less
error prone.
Simo.
Thanks. The solution outlined at
On 06/13/2011 12:20 PM, Sigbjorn Lie wrote:
Hi,
How come I cannot see multiple records for the same host in the WEB
GUI? I can see the records when I'm using the CLI.
This goes for multiple A records for the same hostname, but also if a
hostname has an A record and a record. Only the A
On 06/14/2011 04:33 PM, Steven Jones wrote:
Hi,
That's excellentit wont be me but our IdM developers...who will want to
look, since its Oracle IdM I suspect Java type stuff but im clueless on
programming..I can hand this to them when they ask.
JSON is much friendlier, and it is what
On 06/23/2011 08:35 AM, Attila Bogár wrote:
Hi,
When I apply the following ldif, the custom fields are not appearing
on the web interface (ipa restart doesn't help).
-- 8 --
dn: cn=ipaConfig,cn=etc,dc=linguamatics,dc=com
changetype: modify
replace: ipaCustomFields
ipaCustomFields: Employee
On 06/26/2011 08:35 AM, Charlie Derwent wrote:
On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Charlie Derwent wrote:
On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden
rcrit...@redhat.com mailto:rcrit...@redhat.com
On 06/27/2011 11:01 AM, Rob Crittenden wrote:
Charlie Derwent wrote:
On Mon, Jun 27, 2011 at 2:07 PM, Adam Young ayo...@redhat.com
mailto:ayo...@redhat.com wrote:
__
On 06/26/2011 08:35 AM, Charlie Derwent wrote:
On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden
rcrit
Good point.
Take a look at the test day instructions, I found them very useful for
setting up both SUDO and automount.
https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
On 06/30/2011 11:08 AM, Ondrej Valousek wrote:
On 30.06.2011 16:55, Rob Crittenden wrote:
Look at the
On 07/01/2011 03:48 AM, Ondrej Valousek wrote:
Hi,
On 30.06.2011 17:29, Dmitri Pal wrote:
Can you please rephrase? Do you mean that instead of documenting what
we already have or in addition to it, we should also document how to
configure automount with DNS?
Does DNS allow specifying the
In order to authenticate through the firewall you have to allow kinit
and kerberos web traffic through, which means opening port 88. If you
are unwilling to do that, you need to come up with an authentication
solution that will pass through firewalls, which means either basic
auth, digest,
On 08/02/2011 09:42 AM, Ondrej Valousek wrote:
Hi Rob,
It was just polaris - so I tried:
[root@polaris etc]# hostname polaris.example.com
and it started working - Magic!
That means that we rely on the fact that hostname is set to FQDN,
right? Isn't it too strong requirement?
Maybe we should
On 08/03/2011 12:21 PM, Ian Stokes-Rees wrote:
On Wed Aug 3 10:37:45 2011, Stephen Gallagher wrote:
As a general rule, I would think that having your private key stored
somewhere that an admin other than yourself can reset the password and
have access to would be really dangerous. Most
On 08/03/2011 01:16 PM, Ian Stokes-Rees wrote:
On 8/3/11 12:38 PM, Adam Young wrote:
I think what you are interested in is the Data Recovery Manager
(DRM...hey, we had the acronym first, but we also call it Key
Recovery ) aspect of Certificate Server.
That is awesome. That is exactly
DRM is the way to go. However it does not support symmetric keys now.
This is the pert that we need for volume keys. May be it is the vault
to store all sorts of keys. This is something that needs to be
designed and looked at as a broader perspective.
Adam likes to repeat a phase about
On 08/06/2011 03:18 PM, Stephen Ingram wrote:
On Fri, May 6, 2011 at 1:11 PM, Adam Youngayo...@redhat.com wrote:
On 05/06/2011 08:49 AM, Simo Sorce wrote:
On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote:
I currently maintain a directory with MTA configuration data in it
(among other
On 08/06/2011 04:29 PM, Stephen Ingram wrote:
On Sat, Aug 6, 2011 at 12:18 PM, Stephen Ingramsbing...@gmail.com wrote:
On Fri, May 6, 2011 at 1:11 PM, Adam Youngayo...@redhat.com wrote:
On 05/06/2011 08:49 AM, Simo Sorce wrote:
On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote:
I
On 09/23/2011 03:31 PM, Rob Crittenden wrote:
Jimmy wrote:
I have been using the interface from a Linux client on Firefox just
fine, but now I need to configure a windows client to access the web
interface. I have the win7 client logged in using a FreeIPA user,
authenticated against the realm,
On 09/27/2011 04:22 PM, Sigbjorn Lie wrote:
On 09/27/2011 09:54 PM, Sigbjorn Lie wrote:
On 09/27/2011 12:34 AM, Dmitri Pal wrote:
On 09/25/2011 05:49 PM, Sigbjorn Lie wrote:
Hi,
I have a host that refuses to be modified or deleted. I get the
same error from the webui and the cli. I am
Siggi,
This is my comment in the ticket:
https://fedorahosted.org/freeipa/ticket/1889
We are working on a tool in the PKI project that will perform these
steps in an automated fashion.
There are three files that need to be addressed.
On the tomcat side, the files are in the Tomcat
After talking with the PKI developer that is fixing this, I found out
that one other file needs to be modified:
/var/lib/pki-ca/conf/CS.cfg
http.port=8080
https.port=8443
On 09/27/2011 07:55 PM, Adam Young wrote:
Siggi,
This is my comment in the ticket:
https://fedorahosted.org
On 09/28/2011 05:03 PM, Sigbjorn Lie wrote:
On 09/28/2011 03:33 AM, Adam Young wrote:
After talking with the PKI developer that is fixing this, I found out
that one other file needs to be modified:
/var/lib/pki-ca/conf/CS.cfg
http.port=8080
https.port=8443
On 09/27/2011 07:55 PM, Adam
On 09/28/2011 05:59 PM, Sigbjorn Lie wrote:
On 09/28/2011 11:35 PM, Adam Young wrote:
On 09/28/2011 05:03 PM, Sigbjorn Lie wrote:
On 09/28/2011 03:33 AM, Adam Young wrote:
After talking with the PKI developer that is fixing this, I found
out that one other file needs to be modified:
/var
On 09/28/2011 01:13 PM, Stephen Ingram wrote:
When logging into the FreeIPA UI as a user, most everything is removed
with the exception of the Identity tab and the Users list. Although
I'm guessing that LDAP needs to expose the users list to all users
just as anyone can view the passwd file on
On 09/30/2011 01:10 PM, Mark A Cinense wrote:
Hi, new to the list. I have been pounding away at this for the past
month or so, and I am stumped as to why when installing IPA, it keeps
wanting to setup DNS with a domain name of
ipaserver.test.mark.cinense.org
On 10/17/2011 10:36 PM, Steven Jones wrote:
Hi,
I have only used Firefox 3.x as shipped with RHEL to admin IPA, what are others
using? ie what are compliant/suitable?
We are only claiming to support Firefox, 3 on forward should all work,
but we only test the versions with Fedora and RHEL.
Lets distinguish between Supported browsers for the kerberos case and
the Supported browser for the Basic auth enabled case:
For Kerberos, it is as I said previously: it will work on the others,
but you have to know how to configure. You are not going to get IE
Kerberos support without a
On 10/21/2011 02:04 PM, Sigbjorn Lie wrote:
Hi,
I've updated to freeipa-server-2.1.3-2.fc15.x86_64.
There is no hosts showing as enrolled in the webui. In the CLI hosts
are reported to have a keytab. Is this a known issue?
Rgds,
Siggi
PS. KUDOS on the speed of lookups! MASSIVE
On 10/21/2011 02:29 PM, Sigbjorn Lie wrote:
On 10/21/2011 08:15 PM, Adam Young wrote:
On 10/21/2011 02:04 PM, Sigbjorn Lie wrote:
Hi,
I've updated to freeipa-server-2.1.3-2.fc15.x86_64.
There is no hosts showing as enrolled in the webui. In the CLI hosts
are reported to have a keytab
On 10/21/2011 07:05 PM, Sigbjorn Lie wrote:
On 10/21/2011 10:02 PM, Adam Young wrote:
On 10/21/2011 02:29 PM, Sigbjorn Lie wrote:
On 10/21/2011 08:15 PM, Adam Young wrote:
On 10/21/2011 02:04 PM, Sigbjorn Lie wrote:
Hi,
I've updated to freeipa-server-2.1.3-2.fc15.x86_64.
There is no hosts
On 10/26/2011 08:49 PM, Steven Jones wrote:
Hi,
Readng the docs on the 32bit UIDs it says it makes an attempt to give out a
unique rangewould it be possible / practical if RH (would want to) ran some
sort of database or registration function to try and insure that?
regards
Steven Jones
On 11/01/2011 01:04 PM, Rodney Mercer wrote:
On Tue, 2011-11-01 at 12:00 -0400, freeipa-users-requ...@redhat.com
wrote:
On 10/31/2011 05:20 PM, Rodney Mercer wrote:
We have previously developed Solaris RBAC authorization within our
application to validate users and roles to our application's
CentOS is far behind RHEL. Many of the issues you will find have been
fixed in released versions of IPA. This one is due, I think to an
earlier issue with directory server that has since been upgraded.
You might want to see if the versions shipped with Scientifix Linux work
better for you,
On 11/04/2011 07:07 PM, Dmitri Pal wrote:
On 11/04/2011 04:23 PM, Jimmy wrote:
I see. I have ipa-client-2.0-9.el6.x86_64 on the CentOS 6 client. I
guess the proper fix is to use the SL packages Adam referenced?
Correct.
It looks like Scientific Linux is behind as well: The packages on
On 11/09/2011 02:27 PM, Stephen Gallagher wrote:
On Wed, 2011-11-09 at 14:23 -0500, Boris Epstein wrote:
So what OS would not be too old to run FreeIPA on? Would we be talking CentOS 6?
Boris.
Well, RHEL 6.2 (due out before the end of the year) will include a
fully-supported version of
On 11/11/2011 03:52 PM, Boris Epstein wrote:
Hello all,
I've got my FreeIPA seemingly running on a Fedora 16 machine but I can
not log into it from a browser as I get the Your kerberos ticket is
no longer valid. message. So the question is: is there a good guide
on how to set up the Kerberos
On 11/17/2011 10:58 AM, Dan Scott wrote:
On Wed, Nov 16, 2011 at 14:01, Rob Crittendenrcrit...@redhat.com wrote:
Dan Scott wrote:
On Wed, Nov 16, 2011 at 10:39, Rob Crittendenrcrit...@redhat.comwrote:
Dan Scott wrote:
On Wed, Nov 16, 2011 at 09:23, Rob Crittendenrcrit...@redhat.com
On 11/28/2011 04:16 PM, Steven Jones wrote:
Hi,
a) Auto setup in RH satellite to allow auto joining to freeIPA from a baremetal
kickstart.
That is a Satellite, not FreeIPA, request.
b) Setup/config (info etc) to allow a gluster system to join to IPA.
What would a gluster system
On 12/13/2011 02:09 PM, Rob Crittenden wrote:
Ian Levesque wrote:
Hello,
I'm running version 2.0.0-23 under Scientific 6.1. I've noticed that
users in the User Administrator role, don't have access via the
web UI to actually manage groups. The only link under Identity is
Users. CLI
On 12/16/2011 03:41 PM, Dmitri Pal wrote:
On 12/16/2011 02:37 PM, Alan Evans wrote:
Adam,
This is great news. The feedback I have after a quick read through (I
will try to put a bit more time on it later) would be to make the
'tennant' separation more flexible and why not use existing ldap
On 01/28/2012 01:53 PM, Erinn Looney-Triggs wrote:
On 1/27/2012 4:53 PM, JR Aquino wrote:
On Jan 27, 2012, at 5:31 PM, Jr Aquino wrote:
Has anyone successfully gotten firefox in windows with firefox and mit kerberos?
I've followed several how to's, but i cant get firefox to take/pass my tgt.
On 02/07/2012 03:54 PM, Steven Jones wrote:
Hi,
Users in group A can manage the membership of group B
Users in group A can manage this small set of attributes of members of
group B
Yes, I can see that delegating is going to be very hard to do securely /
properly.at least with [my] limited
On 12/12/2013 04:26 PM, Stephen Ingram wrote:
Is it possible to restrict user to say a DNS Administrator role for
only one domain in the system?
Steve
___
Freeipa-users mailing list
Freeipa-users@redhat.com
56 matches
Mail list logo