Re: [Freeipa-users] CentOS 7 and FreeIPA

Ah so 4.2.0 gets regular updates backported from the the minor point releases? Good to know :)) Kind regards, — Christophe Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine

Re: [Freeipa-users] CentOS 7 and FreeIPA

Hi Martin, But does the official repo also include point releases to 4.2.x or only 4.2.0? Best, Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 6, avenue du Swing L-4367

[Freeipa-users] OS migration from Fedora to CentOS?

Hi all, We are currently running a 3-replica (all are setup with the —setup-ca flag) cluster on Fedora 21, with FreeIPA 4.1.4. We would like to slowly upgrade to the new version and move away from Fedora to CentOS 7.2. We were thinking of the following: - Create 3 CentOS machines with

Re: [Freeipa-users] Freeipa Sudo / sudoers.d / nopasswd

Hi, Are you not missing “sudo” in [sssd] and did you restard the services on the machine? We found quite a significant cache, which sometimes lead to asking passwords. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sssd-ldap-sudo.html You might

Re: [Freeipa-users] Web UI access from outside the home network via port forwarding

Hi Rob, On that note, how do you handle password changes / first time logins for users that are external to the organization? We need to create accounts for external partners, and expose the UI to the outside so that people can login and change their passwords / add their SSH keys. However,

[Freeipa-users] Could not delete change record

Hi, I have 3 replicas running 4.1 and 3 replicas running 4.2. One of the 4.2 replicas is the new master (CRL) and is at the moment replicating against the old 4.1 cluster (we are in the process of migrating). Upon restart of the 4.2 master, I receive many messages in slapd error log about

Re: [Freeipa-users] Web UI access from outside the home network via port forwarding

Hi Jan, Cool doc. Thanks for writing it up! > On 14 Jul 2016, at 07:52, Jan Pazdziora wrote: > > On Mon, Jul 11, 2016 at 07:00:04PM -0700, Harry Kashouli wrote: >> >> I have a freeipa server set up, and would like to access the Web UI >> remotely (from outside my

[Freeipa-users] CentOS 7 and FreeIPA

Hi all, I see that the package in CentOS 7 official repo is only 4.2.0. Is this the recommended version or do people generally use the COPR repository or EPEL? I am talking here about stable production release. Thank you for your help :) -- Christophe smime.p7s

Re: [Freeipa-users] Problem with properly removing replica master from cluster

Hi Petr, The cleaning task worked. No more errors. Thanks for that. Kind regards, — Christophe Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 6, avenue du Swing L

[Freeipa-users] Problem with properly removing replica master from cluster

Dear all, First of all, thanks to mbasti for helping out so far. We have a 3-node master cluster (—setup-ca) on 4.1 and setup a 4th using 4.2.0 as we want to migrate there. First, we had some orphan entries in ipa-replica-manage list. We removed those by manually removing the LDAP node +

[Freeipa-users] SRV records?

Hi, I am getting a bit confused about what is possible / advised to do and how to setup SRV records for our existing setup. Currently, it looks like his: ipa1.domain.ltd ipa2.domain.ltd ipa3.domain.ltd I believe the installed domain and realm is domain.ltd (we added some other realm domains

[Freeipa-users] Replica FQDN / Domain question

Hi all, Small question which might be naive. We have an existing setup with 4 replicas, all with FQDNs like replica1.example.com and REALM example.com. We want to add another replica, replica5, whose FQDN would have a different domain, so say

Re: [Freeipa-users] Replica FQDN / Domain question

tion. Real shame realm can't be changed somehow. For now, no failover for us. Kind regards, Christophe Sent from my iPhone On 1 Feb 2017, at 14:18, Martin Basti <mba...@redhat.com<mailto:mba...@redhat.com>> wrote: On 01.02.2017 14:06, Christophe TREFOIS wrote: Hi all, Small questio

[Freeipa-users] Search result has been truncated - Configured size limit exceeded

Dear all, Since some time now, when we access a user details via the GUI in FreeIPA 4.4, we receive a "Search result has been truncated: Configured size limit exceeded” popup. It seems all fields are properly loaded and updating fields etc works. Does anybody know where this could come from

Re: [Freeipa-users] Search result has been truncated - Configured size limit exceeded

; On 27.01.2017 12:18, Christophe TREFOIS wrote: >> Dear all, >> >> Since some time now, when we access a user details via the GUI in FreeIPA >> 4.4, we receive a >> >> "Search result has been truncated: Configured size limit exceeded” popup. It >>

Re: [Freeipa-users] Login problems

, > On 19 Aug 2016, at 13:24, Jakub Hrozek <jhro...@redhat.com> wrote: > > On Fri, Aug 19, 2016 at 10:20:48AM +0000, Christophe TREFOIS wrote: >> Hi, >> >> We have a 3 way replica against one master. So there is only agreements >> between 1 and 2 and 1

[Freeipa-users] Login problems

Hi, We have a 3 way replica against one master. So there is only agreements between 1 and 2 and 1 and 3. Since recently sometimes the master does not allow me to login anymore, whereas I can login fine to 2 and 3. After a few minutes everything comes back to normal and it works. The master

Re: [Freeipa-users] Replica issue / Certificate Authority

Hi Fraser, We encountered the same issue. We exported the certificate from a "good" replica, using certutil. We then used certutil -A -n ipaCert -d /etc/httpd/alias/ -i /opt/sysadmin/cacert.crt -a -t CT,C on the bad server and then restarted ipa, and certmonger. Now, the certificate is correct

Re: [Freeipa-users] Replica issue / Certificate Authority

-renew: yes -- Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 6, avenue du Swing L-4367 Belvaux T: +352 46 66 44 6124 F: +352 46 66 44 6949 http://www.uni.lu/lcsb

Re: [Freeipa-users] Replica issue / Certificate Authority

Hi Flo, The id needed to execute that command would come from where exactly? Is it the one from getcert list -n ipaCert? Thanks Christophe Sent from my iPhone > On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <f...@redhat.com> wrote: > >> On 01/04/2017 12:41 PM, Christ

Re: [Freeipa-users] Replica issue / Certificate Authority

To all, So to recap, if I hit resubmit once, I get a CA_WORKING, if I do it immediately after again, I get a MONITORING, but the “ca-error: Invalid cookie” comes back. How can I get a valid cookie back? Thanks for your help, Christophe > On 4 Jan 2017, at 14:19, Christophe TREF

Re: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x

I’m not expert but I think ipa-replica-prepare is depcrecated in 4.4 as the procedure become more simple. I think setting up a new cluster of CentOS 7.3 machines and setting up replicas against the old cluster is sufficient. What do the experts say? -- Dr Christophe Trefois, Dipl.-Ing

Re: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x

Ok, thanks for clearing that up Alex :) -- Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 6, avenue du Swing L-4367 Belvaux T: +352 46 66 44 6124 F: +352 46 66 44

Re: [Freeipa-users] CentOS patch management on FreeIPA server

Hi, I think yum update is fine, just don’t do it at the same time. It’s written somewhere in the docs that this could lead to crappy outcome. Also, Lachlan, how do you do backups of FreeIPA? -- Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG

[Freeipa-users] Cant locate CSN after yum update

-14.el7.centos.7.x86_64 ipa-common-4.4.0-14.el7.centos.7.noarch python-libipa_hbac-1.14.0-43.el7_3.14.x86_64 ipa-server-4.4.0-14.el7.centos.7.x86_64 Thanks a lot for any pointers, Christophe -- Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG

Re: [Freeipa-users] Cant locate CSN after yum update

explanation for a newcomer to ldap / ds / freeipa would be greatly appreciated. Thanks a lot for your help! Kind regards, Christophe aka Trefex On 18 May 2017, at 17:04, Christophe TREFOIS <christophe.tref...@uni.lu<mailto:christophe.tref...@uni.lu>> wrote: Hi Ludwig, Since we wer

Re: [Freeipa-users] Cant locate CSN after yum update

Hi Ludwig, Since we were scared, we did a full re-init of that specific replica from the CA master, and it looks like the issue is not appearing anymore. Is this sufficient, or should we still investigate ? Thanks for your help! Christophe -- Dr Christophe Trefois, Dipl.-Ing. Technical

[Freeipa-users] CA CRL not tracking any certificates. Normal?

Hi, I just saw that my CA CRL master is not tracking any certs. However, my other CA master replica is tracking 8 certificates. Is this normal and expected? Thanks, Christophe -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Cant locate CSN after yum update

;lkris...@redhat.com> wrote: > > >> On 05/18/2017 05:35 PM, Christophe TREFOIS wrote: >> Dear Ludwig, >> >> Thanks for your help in IRC to guide me in running the right commands. >> >> Here is the output, toto1 and toto2 are CA master, and toto3 and t