on finding out what is going on here? I see
the timeout of 5 minutes - but why waiting on ports that are not part of
IPA?
Thank you
Janelle
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info
Hi again
Just wondering if anyone has found a work around to get freeipa
installed on RHEL 7 -- the server works fine, but it never finishes the
client install and you can't force a client install either.
You end up with this in the logs, which I see has been reported, but
wondering if
That worked - thanks everyone!! Now I need to do my part and find a bug
and report it before others do :-)
~J
On 10/8/14 8:26 AM, Rob Crittenden wrote:
Janelle wrote:
Hi again
Just wondering if anyone has found a work around to get freeipa
installed on RHEL 7 -- the server works fine
.centos.noarch (ipa)
Requires: jackson-jaxrs-json-provider
and yet, I have never had that issue until this weekend. :-(
Any help?
Janelle
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org
-provider for package:
pki-base-10.2.0-3.el7.centos.noarch
-- Finished Dependency Resolution
Error: Package: pki-base-10.2.0-3.el7.centos.noarch (freeipa)
Requires: jackson-jaxrs-json-provider
You could try using --skip-broken to work around the problem
On 10/13/14 9:18 AM, Janelle wrote
to be a master
to be able to create another replicate? Am I missing something obvious
here?
Thank you,
~Janelle
On 10/13/14 3:18 PM, Dmitri Pal wrote:
On 10/12/2014 08:07 PM, James wrote:
On 12 October 2014 19:55, Janelle janellenicol...@gmail.com wrote:
Hi again,
I was wondering if there were any
and that resolved the dependencies.
Hope this helps,
Janelle
On 10/13/14 9:48 PM, Fraser Tweedale wrote:
On Mon, Oct 13, 2014 at 09:52:40AM -0700, Janelle wrote:
After further investigation - it looks like the PKI base was altered/updated
because even on a running server a yum update produces same error
from the AD world and trying to replace it, so please excuse my
ignorance in this area.
thanks
Janelle
On 10/14/14 6:48 AM, Rob Crittenden wrote:
Janelle wrote:
Hi again,
A lot of this information has been very useful. I did have a question I
could not answer. I noticed in the Deployment
Hi everyone..
Well, since the fun of getting 4.0.4 on CentOS 7 - and just removing the
branch of 10.2 PKI - that was easy. But trying to get 4.1 installed - it
complains about needing 10.2, so I am wondering if anyone has been
successful in this endeavor??
Thanks
~J
--
Manage your
hi all..
As we head into the weekend, I hope you all take time to play and
enjoy. At the same time, if you are online and have any ideas - are
there any good tuning suggestions for beefing up 389ds for an
environment with approx 4000 users and approx 1000 hosts?
My guess is the cache
Hi --
Has anyone seen this before?
# ipa-replica-manage del kermit.xyzzy.com --force
unexpected error: [Errno -2] Name or service not known
?? Very confused as to What service or name is not known?
This is 4.0.5 running on CentOS 7.
~J
--
Manage your subscription for the Freeipa-users
Hi all..
I continue to come up with strange and unusual problems. Here is a new
one - use the dbmon.sh script and trying to tune the dbcache...
This is on a replica BTW
First -- THIS WORKS:
INCR=60 BINDDN=cn=directory manager BINDPW=asecret VERBOSE=2 dbmon.sh
and I see all the info I
...@redhat.com
November 11, 2014 at 10:39 AM
On 11/11/2014 11:30 AM, Janelle wrote:
Hi all..
I continue to come up with strange and unusual problems. Here is a
new one - use the dbmon.sh script and trying to tune the dbcache...
This is on a replica BTW
First -- THIS WORKS:
INCR=60 BINDDN=cn
Happy Monday everyone,
I have a strange issue I am seeing with replica creations, but it does
not seem to be consistent. Sometimes, when trying to install the
replica I get errors trying to connect to the master via SSH:
/[root@ipa3 ~]# ipa-replica-install
I did find that as the work-around - just trying to understand why it
comes up sometimes...
Did you find any issues with the workings of a replica if you had to
resort to this method?
Thanks.
~J
On 11/17/14 10:57 AM, Craig White wrote:
Janelle, this may not be that useful but I found
Hi all..
Was on vacation - now I'm back. Have a new problem I thought I would run
by you --
I have replica agreements between a server and 3 others. They all show
up in ipa-replica-manage list, BUT when I try to disconnect one of them :
ipa: INFO: Replication Update in progress: FALSE:
Here is a bit of baffling one on 4.0.5:
Replica install p11-kit???
Connection from master to replica is OK.
Connection check OK
p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
...
/14 2:56 PM, Dmitri Pal wrote:
On 12/03/2014 04:40 PM, Janelle wrote:
Here is a bit of baffling one on 4.0.5:
Replica install p11-kit???
This is a part of the DNSSEC set of packages.
Connection from master to replica is OK.
Connection check OK
p11-kit: ipa.p11-kit: x-public-key-info: invalid
, Rich Megginson wrote:
On 12/04/2014 08:39 AM, Rich Megginson wrote:
On 12/04/2014 01:45 AM, Petr Spacek wrote:
On 4.12.2014 05:02, Janelle wrote:
Thanks -- still a bit strange that it did not show up on some
servers - vary
random and intermittent.
BTW - a bit of information others might find
On 12/4/14 8:30 AM, Alexander Bokovoy wrote:
On Thu, 04 Dec 2014, Janelle wrote:
Hi all,
just (pam)auth and nslcd
It was ported from a running OpenLDAP environment to IPA. Just
trying to do conversions in stages so as not to change too much all
at once. Thought I could go from OpenLDAP
of jobs running across all
the servers that do a lot of sudo and group lookups and more have to
happen. Also, approx 1100 users accessing servers in vary random
ways - but just using ssh/pssh/other-tools.
Not sure if this helps - but perhaps?
~Janelle
On 12/4/14 8:41 AM, Ludwig Krispenz
Hi all..
Not sure if this is IPA related, but here it is:
1. IPA 4.1.2 install on CentOS 7
2. IPA 4.1.2 install on Fedora 21
So both systems are systemd based - the fedora system reboots in less
than 30 seconds. The CentOS system reboots and has strange timers
showing that it is waiting on
Identical configurations on the same subnet - using same DNS resolvers..
Both host-based FWs disabled just because I thought that too.
Time to do some more studying of systemd and all the dependencies.
~J
On 12/15/14 4:34 PM, Dmitri Pal wrote:
On 12/15/2014 01:28 PM, Janelle wrote:
Hi all
On 12/16/14 12:19 AM, Patrick Hurrelmann wrote:
On 15.12.2014 19:28, Janelle wrote:
Hi all..
Not sure if this is IPA related, but here it is:
1. IPA 4.1.2 install on CentOS 7
2. IPA 4.1.2 install on Fedora 21
So both systems are systemd based - the fedora system reboots in less
than 30 seconds
Good morning/evening All,
So, another strange thing I see with 4.1.2 running on FC21 (server). On
some replicas if I attempt to modify the 389-ds backend, I get
credential errors. Even ldapsearch fails - which as me baffled. I am
trying to tune the servers but this has me confused as to
the folders for
changes in files to see what the heck is going on and WHAT changed it
and if it happens again.
thanks for the help
~J
On 12/18/14 10:28 AM, Rich Megginson wrote:
On 12/18/2014 09:49 AM, Janelle wrote:
Good morning/evening All,
So, another strange thing I see with 4.1.2 running
I am the only one who has access to these systems, so unless I did it in
my sleep.. :-)
~J
On 12/19/14 12:14 AM, Ludwig Krispenz wrote:
On 12/18/2014 08:16 PM, Rich Megginson wrote:
On 12/18/2014 11:59 AM, Janelle wrote:
I am looking at the 2 entries in dse.ldif - and indeed
Hi all,
I was playing around with the OTP app in 4.x and it is really nice. I
wonder if there is a way to force some hosts require to use it, but not
all the hosts from a server? I want some of the servers to be locked
down more securely, but others can just require a password.
thanks
~J
Hi everyone, Happy New Year.
Was following this thread and wondering about those of us with a couple
of 2000-3000 servers to run ipa-client-install on? Any suggestions? Was
looking around for even the basics of puppet or chef configs, but
nothing exists.
Any suggestions? One of the
On 2/12/15 7:48 AM, Rich Megginson wrote:
On 02/12/2015 08:38 AM, Michael Lasevich wrote:
Thank you, this is very helpful. I forgot about 'super admin', which
is why I was not even seeing the values before. :-)
How are the the values encrypted (or hashed?)
It sounds like the password is
wrote:
On 01/07/2015 02:51 PM, Janelle wrote:
Hello fellow IPAers
I know this has been written about before - the python scripts and
fedora-domain vs rhel-domain on RHEL/CentOs 7. The question is - was there a
permanent fix yet? I continue to run into it during installs and have to edit
python
- I made a bad assumption.
Janelle
On 1/7/15 7:19 AM, Martin Kosek wrote:
On 01/07/2015 02:51 PM, Janelle wrote:
Hello fellow IPAers
I know this has been written about before - the python scripts and
fedora-domain vs rhel-domain on RHEL/CentOs 7. The question is - was there a
permanent fix yet
out
duruing the server install. This is of course with CentOS 7 and IPA 4.1.2.
Any options/comments?
Thank you
Janelle
(install snippet)
Done.
Restarting the directory server
Restarting the KDC
Restarting the certificate server
Sample zone file for bind has
On 3/17/15 12:14 PM, Dmitri Pal wrote:
On 03/17/2015 12:12 PM, Janelle wrote:
On 3/17/15 9:06 AM, Martin Kosek wrote:
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to
restart after it
has been running sometime. pki-tomcatd keeps
Hello,
I was wondering, I don't seem to be able to put multiple SSH keys into
IPA? Am I missing something? it seems to replace the one that was there
instead of adding an additional.
~J
--
Manage your subscription for the Freeipa-users mailing list:
On 3/18/15 10:10 PM, Kim Perrin wrote:
This is about the 6th time of tried installing this replica. Each time
I run the ipa-replica-manage del and ipa-csreplica-manage del command
before trying. I also build new replica install files each time.
Obviously I can't figure out what the problem is.
Hello again,
Ok, probably a stupid question. If you increase cache sizes and tune
389-ds on the backend, do those changes replicate or do you need to make
them across the other servers as well?
For example:
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace:
On 3/17/15 9:06 AM, Martin Kosek wrote:
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to restart after it
has been running sometime. pki-tomcatd keeps failing. It starts up with these
errors, then adds a lot more. Maybe this might
Hello,
I have seen this pop up a few times, but no real answers - at least none
that I am finding..
I have not run into it and this was a brand new server farm with about
4000 migrated users from OpenLDAP? Is there something I might be missing
when migrating?
ipa: ERROR: Operations error:
That makes perfect sense. I lost a connection to the master. I can fix
that.
Thank you!
~J
On 3/24/15 3:26 PM, Rob Crittenden wrote:
Janelle wrote:
Hello,
I have seen this pop up a few times, but no real answers - at least none
that I am finding..
I have not run
it.
Thank you
~J
On 3/29/15 8:38 PM, Dmitri Pal wrote:
On 03/27/2015 08:22 PM, Janelle wrote:
Hello,
Just wondering if there is an easy way to increase anonymous binds on
the back end for non Kerberos clients?
I have seen some mention of it, and that IPA has limits, can't can't
find a lot of detail
Hello again...
Looking around, but probably just not in the right place. I would like
to be able to disable httpd on all but a pair of servers, so we kind of
force all updates to come from a master and slave pair. Just trying
to keep updates defined to 2 servers rather than all of them in an
Hello again,
This is a more general question as I am new to dirsrv a bit. I have
read through a lot of the docs, including 389-ds, but with regards to
IPA, well, I am not 100% clear and perhaps this could help others in the
future.
Are there guidelines or suggestions for RUV's and cleaning
Hi all,
Found an odd issue and a question. If you change user pw with ipa user-mod
-password and the client is configured for LDAP, then the user is not forced
to change the pw on initial login.
However, my other question is, can you set a user pw WITHOUT pre-expiring?!
~J
--
Manage your
On 3/31/15 6:49 AM, Dmitri Pal wrote:
On 03/31/2015 09:38 AM, Janelle wrote:
Hello again,
Is this a feature or a bug?
Migration mode - works fine the first time. However, if you need to
run it a second time because someone added either new users or groups
to your LDAP config and you want
Hello again,
Is this a feature or a bug?
Migration mode - works fine the first time. However, if you need to run
it a second time because someone added either new users or groups to
your LDAP config and you want to bring those over, if you re-run
migration, it indeed brings all the new users
On 3/23/15 4:04 AM, Martin Kosek wrote:
On 03/23/2015 04:07 AM, Janelle wrote:
Hello
Starting to see a lot of these and wondering what I am dealign with?
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipa1.example.com:389/o%3Dipaca) failed.
Hm, I do not met this error yet
Hello
Starting to see a lot of these and wondering what I am dealign with?
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipa1.example.com:389/o%3Dipaca) failed.
~J
--
Manage your subscription for the Freeipa-users mailing list:
, Jakub Hrozek jhro...@redhat.com wrote:
On Sat, Feb 28, 2015 at 11:07:20AM -0800, Janelle wrote:
Hello,
I was wondering - I have searched around and seen a few questions and
solutions, but nothing I try is fixing my environment.
Things have been working quite well with IPA 4.0.5, simple things
Hello,
I was wondering - I have searched around and seen a few questions and
solutions, but nothing I try is fixing my environment.
Things have been working quite well with IPA 4.0.5, simple things with
auth and logins - some with full ipa-client-install configured, others
just using LDAP
Hello,
Just wondering if there is an easy way to increase anonymous binds on
the back end for non Kerberos clients?
I have seen some mention of it, and that IPA has limits, can't can't
find a lot of detail?
Thank you
~J
--
Manage your subscription for the Freeipa-users mailing list:
Hello,
When I was working with OpenLDAP, and AD - and did not deal with RUVs
the way I am with 389-ds and IPA.
I am trying to understand what is normal for values. If I am looking
at this (and seem to have no replication problems):
ipa-replica-manage list-ruv
ipa001.example.com:389: 13
?
uid=12345(some-user) gid=101(agroup) groups=101(agroup), 102(another),
103(another2)
What if one replica listed it as:
uid=12345(some-user) gid=101(agroup) groups=101(agroup), 103(another2),
102(another)
But all the others listed as the first line? Is that indication of a
problem?
Janelle
On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
On 4/17/15 5:59 PM, Dmitri Pal wrote:
On 04/17/2015 08:07 PM, Janelle wrote:
On Apr 17, 2015, at 16:36, Dmitri Pal d...@redhat.com wrote:
On 04/17/2015 04:52 PM, Janelle wrote:
On 4/17/15 1
Hi all,
Just wondering if there are issues with running CA replicas on all the servers?
Are there maybe performance issues or anything that I might not be aware of?
~Janelle
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account usera they get a ticket as
expected. However, if I login to a 6.6 client, it doesn't seem to work.
Both were enrolled the same,
Hi all,
Just wondering if anyone has put together a guide for integrating PWM
with IPA? I know there is a section on 389-ds, but that is kind of
raw-389 and not the highly modified-for-IPA 389-ds. I would like to set
this up for my users, but really don't want to do it using that guide
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account usera they get a
ticket as
expected
On 5/6/15 8:12 PM, Vaclav Adamec wrote:
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to decode
thread), if you are sure that's not any live replica server behind
this id than just try cleanallruv.pl -w X -b dc= -r 9
Vasek
On Thu, May 7, 2015 at 2:25 AM, Janelle
Hi again..
Seems to be an ongoing theme (replication). How does one remove these?
unable to decode: {replica 9} 553ef80e00010009 55402c390009
I am hoping this is a stupid question with a really simple answer that I
am simply missing?
~J
--
Manage your subscription for the
On 5/7/15 12:59 AM, thierry bordaz wrote:
On 05/07/2015 05:39 AM, Janelle wrote:
On 5/6/15 8:12 PM, Vaclav Adamec wrote:
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to decode
thread), if you are sure that's not any live replica server behind
this id than just try
On 5/8/15 8:43 AM, Ludwig Krispenz wrote:
On 05/08/2015 05:30 PM, Rob Crittenden wrote:
Janelle wrote:
On 5/7/15 12:59 AM, thierry bordaz wrote:
On 05/07/2015 05:39 AM, Janelle wrote:
On 5/6/15 8:12 PM, Vaclav Adamec wrote:
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable
On 5/5/15 6:47 AM, Dmitri Pal wrote:
On 05/04/2015 09:38 PM, Janelle wrote:
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT
On 5/4/15 1:02 PM, Simo Sorce wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account usera they get a ticket as
expected. However
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account usera they get a
ticket as
expected
On 5/15/15 3:30 AM, Ludwig Krispenz wrote:
On 05/13/2015 06:34 PM, Janelle wrote:
On 5/13/15 9:13 AM, Rich Megginson wrote:
On 05/13/2015 10:04 AM, Janelle wrote:
On 5/13/15 8:49 AM, Rich Megginson wrote:
On 05/13/2015 09:40 AM, Janelle wrote:
Recently I started seeing these crop up across
On May 15, 2015, at 08:57, Ludwig Krispenz lkris...@redhat.com wrote:
On 05/15/2015 02:45 PM, Janelle wrote:
On 5/15/15 3:30 AM, Ludwig Krispenz wrote:
On 05/13/2015 06:34 PM, Janelle wrote:
On 5/13/15 9:13 AM, Rich Megginson wrote:
On 05/13/2015 10:04 AM, Janelle wrote:
On 5/13/15
On May 18, 2015, at 04:31, Martin Kosek mko...@redhat.com wrote:
On 05/18/2015 01:49 AM, Janelle wrote:
On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
On 4/17/15 5:59 PM, Dmitri Pal wrote:
On 04/17/2015 08:07 PM, Janelle wrote
On 5/10/15 11:57 PM, Alexander Bokovoy wrote:
On Sun, 10 May 2015, Janelle wrote:
On 5/5/15 6:47 AM, Dmitri Pal wrote:
On 05/04/2015 09:38 PM, Janelle wrote:
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth
On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
On 4/17/15 5:59 PM, Dmitri Pal wrote:
On 04/17/2015 08:07 PM, Janelle wrote:
On Apr 17, 2015, at 16:36, Dmitri Pal d...@redhat.com wrote:
snip for shorter thread
Simple. And my test made
On May 18, 2015, at 09:47, Nathaniel McCallum npmccal...@redhat.com wrote:
On Mon, 2015-05-18 at 09:45 -0500, Janelle wrote:
Ok, let me ask this a different way, because maybe there is a way,
and I am just not seeing it.
I have 2 datacenters with typical bastions in each. I have enabled
On 5/18/15 7:47 AM, Nathaniel McCallum wrote:
On Mon, 2015-05-18 at 09:45 -0500, Janelle wrote:
Ok, let me ask this a different way, because maybe there is a way,
and I am just not seeing it.
I have 2 datacenters with typical bastions in each. I have enabled
OTP and that works fine via ssh
, it seems like it is not commercially ready?
Any ideas/thoughts/comments?
thank you
Janelle
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 5/13/15 8:49 AM, Rich Megginson wrote:
On 05/13/2015 09:40 AM, Janelle wrote:
Recently I started seeing these crop up across my servers:
slapi_ldap_bind - Error: could not bind id [cn=Replication Manager
masterAgreement1-ipa01.example.com-pki-tomcat,ou=csusers,cn=config]
authentication
On 5/13/15 9:13 AM, Rich Megginson wrote:
On 05/13/2015 10:04 AM, Janelle wrote:
On 5/13/15 8:49 AM, Rich Megginson wrote:
On 05/13/2015 09:40 AM, Janelle wrote:
Recently I started seeing these crop up across my servers:
slapi_ldap_bind - Error: could not bind id [cn=Replication Manager
Once again, replication/sync has been lost. I really wish the product
was more stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts or changes (maybe
a few users changing passwords) and again, 5 out of 16 servers are no
longer in sync.
I can test it
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product
was more stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts or changes
(maybe a few users changing passwords) and again, 5 out of 16 servers
On 4/17/15 9:53 AM, Dmitri Pal wrote:
On 04/17/2015 11:16 AM, Janelle wrote:
Hi,
Is anyone else having issues with OTP since upgrading? For the life
of me I can't get it to accept Sync for the tokens. No matter what
is put in, it just keeps saying the username, password or tokens
entered
Hi,
Is anyone else having issues with OTP since upgrading? For the life of
me I can't get it to accept Sync for the tokens. No matter what is put
in, it just keeps saying the username, password or tokens entered are
incorrect.
To make it simple - I am tryign this on a brand new CentOS 7.1
On 4/17/15 1:19 PM, Dmitri Pal wrote:
On 04/17/2015 01:20 PM, Janelle wrote:
On 4/17/15 9:53 AM, Dmitri Pal wrote:
On 04/17/2015 11:16 AM, Janelle wrote:
Hi,
Is anyone else having issues with OTP since upgrading? For the life
of me I can't get it to accept Sync for the tokens. No matter
On 4/17/15 5:59 PM, Dmitri Pal wrote:
On 04/17/2015 08:07 PM, Janelle wrote:
On Apr 17, 2015, at 16:36, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
On 04/17/2015 04:52 PM, Janelle wrote:
On 4/17/15 1:19 PM, Dmitri Pal wrote:
On 04/17/2015 01:20 PM, Janelle wrote:
On 4/17
On Apr 17, 2015, at 16:36, Dmitri Pal d...@redhat.com wrote:
On 04/17/2015 04:52 PM, Janelle wrote:
On 4/17/15 1:19 PM, Dmitri Pal wrote:
On 04/17/2015 01:20 PM, Janelle wrote:
On 4/17/15 9:53 AM, Dmitri Pal wrote:
On 04/17/2015 11:16 AM, Janelle wrote:
Hi,
Is anyone else
Hello everyone,
Probably a quiet weekend for any responses, but I will toss this out. I
was wondering if anyone has had any issues with load balancers and IPA?
Not with Kerberos, since I know the protocol is designed without load
balancer support, but in the case of using the LDAP portion?
On 4/4/15 11:44 AM, Dmitri Pal wrote:
On 04/04/2015 12:30 PM, Nadav Mavor wrote:
i use F5 and 3 IPA servers no big issues but some notes :
1) as note you cant use it for kerberos
2) for the DNS we use group and not L/B do to the zone serial (the
zone serial num is not geting sync so if you
Hello,
Trying to find a way on a multi-homed server to force IPA and its
related apps to listen on a specific interface. I can find all kinds of
info saying the services listen on all interfaces by default so there
must be a way?
Thank you
~J
--
Manage your subscription for the
On 4/1/15 9:32 AM, Ben .T.George wrote:
Hi
I have re-installed verything from RHEL 7.1 DVD and current ipa
version is 4.0.1
everything is working including AD trust.
but my web interface always giving Your session has expired. Please
re-login.
i faced the issue before that time i
Hello,
Just wondering how you get rid of this - just kind of annoying:
p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
I understand it is related to not setting up DNS, is this correct?
Thank you
~J
--
Manage your subscription for the Freeipa-users mailing list:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts
On 5/19/15 1:21 AM, David Kupka wrote:
On 05/19/2015 09:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product
was more stable, it is so much potential and yet.
Servers
On 5/19/15 12:17 AM, Ludwig Krispenz wrote:
On 05/19/2015 08:58 AM, thierry bordaz wrote:
On 05/19/2015 07:47 AM, Martin Kosek wrote:
On 05/19/2015 03:23 AM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more
stable, it is so much potential
On 5/20/15 12:54 AM, Ludwig Krispenz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable
By default, fedora has all the ports blocked via firewalld
You need to either enable the ports, or disable the firewall.
PORTS='80 443 389 636 88 464'
for PORT in $PORTS; do firewall-cmd --permanent --zone=public
--add-port=$PORT/tcp; done
PORTS='88 464 123'
for PORT in $PORTS; do
On 6/22/15 9:25 AM, Petr Vobornik wrote:
On 06/22/2015 04:15 PM, Janelle wrote:
On 6/22/15 5:15 AM, Petr Vobornik wrote:
On 06/21/2015 08:35 AM, Janelle wrote:
Hi,
Sure. Just login as a normal user to the WEB UI. screen is blank:
Of course, if you click on Actions - you will see those
On 6/22/15 7:37 AM, Rob Crittenden wrote:
Janelle wrote:
On 6/17/15 2:00 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/17/15 6:21 AM, Rob Crittenden wrote:
Janelle wrote:
On 6/17/15 6:14 AM, Rob Crittenden wrote:
Janelle wrote:
Hi,
Had a server - named ipa001.example.com
Maybe this is an obvious question - but I am missign the simple answer.
If you create a master and want to create 3 replicas -- creating the
first replica works just fine, but I want the 2nd replica chained off
the first, and NOT the master. But unless you install a CA on that first
replica,
On 6/19/15 11:22 AM, Andrew E. Bruno wrote:
Hello,
First time trouble shooting an ipa server failure and looking for some
guidance on how best to proceed.
First some background on our setup:
Servers are running freeipa v4.1.0 on CentOS 7.1.1503:
- ipa-server-4.1.0-18.el7.centos.3.x86_64
-
. Very confusing.
There must be an answer or known fix?
~Janelle
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 6/22/15 5:15 AM, Petr Vobornik wrote:
On 06/21/2015 08:35 AM, Janelle wrote:
Hi,
Sure. Just login as a normal user to the WEB UI. screen is blank:
Of course, if you click on Actions - you will see those and you can
click on
them, but you can't do anything else. This is a vanilla server
On 6/17/15 2:00 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/17/15 6:21 AM, Rob Crittenden wrote:
Janelle wrote:
On 6/17/15 6:14 AM, Rob Crittenden wrote:
Janelle wrote:
Hi,
Had a server - named ipa001.example.com -- it was a replica. It
died. It
was re-installed. However, prior to the re
1 - 100 of 199 matches
Mail list logo