Hello,
We are deploying FreeIPA (which it's a great project BTW) as our Identity
Management System. As we don't want any info from the directory to be
publically available, we tried disabling anonymous binds but it breaks UI
logins on Macs (10.8.5 and 10.9.1)
FreeIPA logs show that OS X
Hello list,
We’re running FreeIPA with a master and 3 replicas. The replication
stopped working and currently we’re adding resources only to the
master. This is the environment we have:
m1:
OS: CentOS release 6.5
FreeIPA: 3.0.0-37
CA: pki-ca-9.0.3
# ipa-replica-manage list -v `hostname`
.example.com
@m3 # ipa-replica-manage re-initialize --from m1.example.com
Thanks so much for your hint Martin!
On Fri, Sep 5, 2014 at 12:43 PM, Guillermo Fuentes
guillermo.fuen...@modernizingmedicine.com wrote:
Hi Martin,
Attached are m2.log, m3.log and m4.log files.
1) All masters are time synced
as the root cause of your replication errors in the end? I did
not catch that from the thread. Is it something we can fix in FreeIPA or is
it just a configuration error?
Thanks,
Martin
On 09/05/2014 08:06 PM, Guillermo Fuentes wrote:
Update:
m2 and m3 are now in sync!
After making sure
On Wed, Jul 29, 2015 at 11:25 AM, Lukas Slebodnik lsleb...@redhat.com wrote:
On (29/07/15 10:52), Guillermo Fuentes wrote:
Thanks so much for the info David!
We're using the latest version available via EPEL, which is 10.1.2.
pki-core is not available in epel7
https://admin.fedoraproject.org
Hi all,
We're also trying to migrate from 3.0 (CentOS 6.6) to 4.1 (CentOS 7.1).
Starting with FreeIPA 3.0 and to avoid the SSL certificate warning
when accessing the GUI, we installed a 3rd part certificate for https:
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
We're
!
Guillermo
On Wed, Jul 29, 2015 at 9:13 AM, David Kupka dku...@redhat.com wrote:
On 29/07/15 01:47, Guillermo Fuentes wrote:
Hi all,
We're also trying to migrate from 3.0 (CentOS 6.6) to 4.1 (CentOS 7.1).
Starting with FreeIPA 3.0 and to avoid the SSL certificate warning
when accessing the GUI
for RHEL 7, but I don't
see it?
~J
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Guillermo Fuentes Rodriguez
Computer Systems Analyst
(561) 880-2998 x1337
'set pagination off' -ex 'thread apply
all bt full' -ex 'quit' /usr/sbin/ns-slapd `pidof ns-slapd` >
/var/log/stacktraces/stacktrace.`date +%s`.txt 2>&1
Thank you so much for your help,
Guillermo
On Wed, Jun 1, 2016 at 6:52 PM, Guillermo Fuentes
<guillermo.fuen...@modernizin
Hi all,
We are experiencing a similar issue like the one discussed in the
following thread but we are running FreeIPA 4.2 on CentOS 7.2:
https://www.redhat.com/archives/freeipa-users/2015-February/msg00205.html
LDAP service stops responding to queries (hangs). LDAP connections on
the server
I'm now taking stack traces every minute and waiting for it to hang
again to check it. It happens usually under load but it's
unpredictable. Must likely tomorrow.
GUILLERMO FUENTES
SR. SYSTEMS ADMINISTRATOR
561-880-2998 x1337
guillermo.fuen...@modmed.com
On Wed, Jun 1, 2016 at 2:03 PM
word:
> dn:
> changetype: modify
> add: altServer
> altServer: ldap://gyre.example.com
>
> modifying entry ""
> ^D
>
> $ ldapsearch -LLL -x -b "" -s base altServer
> dn:
> altServer: ldap://gyre.example.com
>
> My test rig is a single
this attribute.
Can this be done in a way I'm missing?
Thanks in advance!
GUILLERMO FUENTES
SR. SYSTEMS ADMINISTRATOR
561-880-2998 x1337
guillermo.fuen...@modmed.com
[image: [ Modernizing Medicine ]] <http://www.modmed.com/>
[image: [ Facebook ]] <http://www.facebook.com/modernizin
re enforced). IPA refuses PLAIN authentication on SSL.
>
>
> If you do this manually instead of OpenDirectory compatible way, your
> machine doesn't create an account for itself in IPA so service access
> without login are not available, it doesn't download the root CA
> automatically
egg...@redhat.com> wrote:
> On 06/13/2016 01:13 PM, Guillermo Fuentes wrote:
>
>> Hi Rich,
>>
>> After I started running the stack traces, the problem hasn't happen as
>> frequently as it use to but today I was able to get the stack traces.
>> As they aren't similar I'll
Hi Fraser,
The cluster was migrated from FreeIPA 3 (CentOS 6) to FreeIPA 4
(CentOS 7) a year ago.
- Output of 'ldapsearch -s sub -b ou=authorities,ou=ca,o=ipaca':
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no
As we're enforcing encryption, here is via ldaps:
$ ldapsearch -H ldaps://`hostname` -D "cn=Directory Manager" -W -s
sub -b ou=authorities,ou=ca,o=ipaca Enter LDAP
Password:
# extended LDIF
#
# LDAPv3
# base
Hi list,
I'm trying to sign a service certificate but it's failing with "CA not found".
The CA does exist but for some reason the ipa cert-request can't find it:
$ ipa ca-show ipa
Name: ipa
Description: IPA CA
Authority ID: 0cb513ea-6084-4144-a61c-7a0a8368d25c
Subject DN: CN=Certificate
appreciate it!
Have a great time off!
Guillermo
On Fri, Feb 10, 2017 at 5:03 AM, Fraser Tweedale <ftwee...@redhat.com> wrote:
> On Thu, Feb 09, 2017 at 09:01:01PM -0500, Guillermo Fuentes wrote:
>> As we're enforcing encryption, here is via ldaps:
>> $ ldapsearch -H ldaps://`hostn
-minssf: 0
If the directory service is stopped, you can edit the attribute
in /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif and start the service.
Hope it helps,
Guillermo
GUILLERMO FUENTES
SENIOR SYSTEMS ADMINISTRATOR
T: 561-880-2998 x1337
E: guillermo.fuen...@modmed.com
[image: [ Modernizin
20 matches
Mail list logo