2016-06-27 11:05 GMT+02:00 Lukas Slebodnik <lsleb...@redhat.com>:
> On (26/06/16 20:37), John Obaterspok wrote:
> >Hi,
> >
> >I've been running F23 + mod_nss 1.0.14-1 for months to get SubjectAltName
> >to work.
> >F24 update brings back mod_nss to 1.0.12-4
+02:00 John Obaterspok <john.obaters...@gmail.com>:
> Thanks Rob!
>
> I rebuilt the mod_nss-1.0.14-1 version from rawhide for my F23 IPA server
> and it works like a charm.
>
> Thanks,
>
>john
>
> 2016-04-25 16:47 GMT+02:00 Rob Crittenden <rcrit...@
Thanks Rob!
I rebuilt the mod_nss-1.0.14-1 version from rawhide for my F23 IPA server
and it works like a charm.
Thanks,
john
2016-04-25 16:47 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>:
> John Obaterspok wrote:
>
>>
>> 2016-02-11 1:34 GMT+01:00 Fraser Tweed
2016-02-11 1:34 GMT+01:00 Fraser Tweedale <ftwee...@redhat.com>:
> On Sun, Feb 07, 2016 at 12:05:19PM +0100, John Obaterspok wrote:
> > 2016-02-06 23:29 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> >
> > > John Obaterspok wrote:
> > >
> > &
2016-02-06 23:29 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> John Obaterspok wrote:
>
>> Hi,
>>
>> I have a ipa.my.lan and a cname gitserver.my.lan pointing to ipa.my.lan
>>
>> I recently started to get nss error "SSL peer has no certificate fo
Hi,
I have a ipa.my.lan and a cname gitserver.my.lan pointing to ipa.my.lan
I recently started to get nss error "SSL peer has no certificate for the
requested DNS name." when I'm accesing my https://gitserver.my.lan
Previously this worked fine if I had set "git config --global
http.sslVerify
Hello,
I'm running F23 and now IPA fails to start due to crash in smb:
-- Unit smb.service has begun starting up.
jan 22 08:38:52 ipa.win.lan audit[7037]: ANOM_ABEND auid=4294967295 uid=0
gid=0 ses=4294967295 subj=system_u:system_r:smbd_t:s0 pid=7037 comm="smbd"
exe="/usr/sbin/smbd" sig=6
jan
Hi Matt,
It already works fine to use kerberos ticket to access samba shares.
-- john
2015-12-28 14:01 GMT+01:00 Matt . :
> Hi guys,
>
>
> How is the progres on the Samba (Share) Authentication for FreeIpa ?
>
> I hope we already have some work around to use the FreeIPA
/15 07:57, Nicola Canepa wrote:
>
> Hello, I tried 2 weeks ago from Mavericks (OSX 10.9), but I had the
> opposite problem: kinit works fine, while I'm unable to see users with
> Directory Admin ((it always says it cant' connect, either with or without
> SSL)
> I disabled anonymous se
Hi Cal,
Does a kinit work from a terminal? Does it work if you use "kinit user" or
just if you use "kinit user@REALM.suffix"
-- john
2015-12-20 15:09 GMT+01:00 Cal Sawyer :
> Hi, all
>
> I'm attempting to set up LDAP auth (against IPA server 4.10) from a OSX
> 10.10.5
ards,
-- john
2015-11-08 23:55 GMT+01:00 Simo Sorce <s...@redhat.com>:
> On 08/11/15 08:07, John Obaterspok wrote:
>
>> Hello,
>>
>> Anyone got git-http-backend working with freeipa group auhentication and
>> would like to share their apache .conf file?
&g
Hello,
Anyone got git-http-backend working with freeipa group auhentication and
would like to share their apache .conf file?
I've tried this on the IPA server with a dummy git repository setup in
/opt/gitrepos/test1.git
gitserver.my.lan is a CNAME for ipaserver.my.lan
First, "git clone
2015-11-05 17:07 GMT+01:00 John Obaterspok <john.obaters...@gmail.com>:
>
>
> 2015-11-05 12:26 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>:
>
>> On Thu, 05 Nov 2015, John Obaterspok wrote:
>>
>>> Hi,
>>>
>>> I waited a coupl
Hi,
I waited a couple of days and when "dnf list freeipa-server
--releasever=23" said 4.2.3 I hit the upgrade. Unfortunately I noticed to
late that I received 4.2.2 during "dnf system-upgrade".
Any ideas how to get it going again? Or is it easier to start from scratch
if I only have ~ 10 IPA
2015-11-05 12:26 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>:
> On Thu, 05 Nov 2015, John Obaterspok wrote:
>
>> Hi,
>>
>> I waited a couple of days and when "dnf list freeipa-server
>> --releasever=23" said 4.2.3 I hit the upgrade. Unfortunat
Hi Seli,
In /etc/sssd/sssd.conf add below:
selinux_provider=none
to the domain section. Then restart sssd.
-- john
2015-08-13 16:23 GMT+02:00 seli irithyl seli.irit...@gmail.com:
Here's the sssd_domain log part during an ssh
(Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]]
2015-06-02 12:11 GMT+02:00 Jakub Hrozek jhro...@redhat.com:
On Tue, Jun 02, 2015 at 10:28:29AM +0100, Ivars Strazdiņš wrote:
Ar laipniem sveicieniem,
Ivars Strazdiņš
On 2. jūn. 2015, at 07:21, Lukas Slebodnik lsleb...@redhat.com
wrote:
How many groups does problematic user
Hello,
I'm using OSX 10.10.3 (Yosemite) and I've followed the Freeipa/OSX guide at
linsec.ca.
I can do the following with very fast response time:
- id ipauser on osx host
- klist/kdestroy/kinit a ticket
- ssh via SSO to ipaserver with this ticket
- ping osxhost osxhost.local from ipaserver
-
I have about the same setup:
This is the setup (everything is up-to-date):
- ipa-server: F21, ipa-server 4.1, samba 4.1
- win-client: Windows 7 Home Premium
I tried to enroll the win-client in the domain but failed on the windows
side due to home editions not being able to join a domain.
But I
2015-04-24 17:47 GMT+02:00 Rob Crittenden rcrit...@redhat.com:
John Obaterspok wrote:
Hello,
I'm on F21 and if I login to my workstation I can then sso using ssh to
host X. But then I'm also able to sso from x - y.
If I'm on x and issue klist I see this:
klist: No credentials cache
2015-04-15 15:08 GMT+02:00 Lukas Slebodnik lsleb...@redhat.com:
On (15/04/15 08:53), Jakub Hrozek wrote:
I pushed the selinux performance patches upstream yesterday. They will
make
their way to 7.2, 6.7 and I guess Lukas might also cherry-pick them for
Fedora.
Packages for fedora 21,22
Hi Dan,
I had a problem that login time increased by ~ 15 seconds from F20 - F21.
That was worked around by adding selinux_provider = none to the domain
section in /etc/sssd/sssd.conf
Have you checked that dns lookups + reverse lookups work on the ipa server?
Is id -G the_user_name and is the
Hi Jan,
See:
https://www.redhat.com/archives/freeipa-users/2015-February/msg00131.html
https://www.redhat.com/archives/freeipa-users/2014-October/msg00362.html
-- john
2015-03-24 17:58 GMT+01:00 Jan Pazdziora jpazdzi...@redhat.com:
Hello,
after enabling
in the dse.ldif
should be changed. There have been cases where the postinstall scripts were
not propeerly executed.
Could you stop your DS and run:
setup-ds.pl --update
if it still is not corrected, try
setup-ds.pl -ddd --update
On 02/27/2015 01:07 PM, John Obaterspok wrote:
Hello,
Anyone
Hello,
Anyone seen this after updating to 389-ds-base-1.3.3.8-1.fc21.x86_64
Netscape Portable Runtime error -5977:
/usr/lib64/dirsrv/plugins/libdes-plugin.so: cannot open shared object file:
No such file or directory
Could not open library /usr/lib64/dirsrv/plugins/libdes-plugin.so for
plugin
2015-01-12 10:13 GMT+01:00 Alexander Bokovoy aboko...@redhat.com:
On Mon, 12 Jan 2015, John Obaterspok wrote:
2015-01-11 16:33 GMT+01:00 Jakub Hrozek jhro...@redhat.com:
On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote:
2015-01-10 13:32 GMT+01:00 Gianluca Cecchi
2015-01-11 16:33 GMT+01:00 Jakub Hrozek jhro...@redhat.com:
On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote:
2015-01-10 13:32 GMT+01:00 Gianluca Cecchi gianluca.cec...@gmail.com:
To get the whole root environment you have to run
su - root
did you try
2015-01-10 13:32 GMT+01:00 Gianluca Cecchi gianluca.cec...@gmail.com:
To get the whole root environment you have to run
su - root
did you try with it?
ahh... that works fine Gianluca!
Final question, if I have a file on the share like:
[john@ipaserver mountpoint]$ ll test.txt
2015-01-09 10:11 GMT+01:00 Alexander Bokovoy aboko...@redhat.com:
On Fedora 21 we have /etc/request-key.d/cifs.upcall.conf and
/etc/request-key.d/cifs.idmap.conf to allow kernel to properly fetch
Kerberos keys and map IDs of CIFS identities. These configurations are
part of cifs-utils
2015-01-09 18:12 GMT+01:00 Alexander Bokovoy aboko...@redhat.com
So if you have all these configs right, can you add --verbose to
mount.cifs arguments _before_ -o options?
mount -t cifs //ipaserver.MY.LAN/TheShare --verbose -o sec=krb5
and you can enable debugging before mounting in
2015-01-09 10:11 GMT+01:00 Alexander Bokovoy aboko...@redhat.com:
On Thu, 08 Jan 2015, John Obaterspok wrote:
Hello,
I've tried to do the following on the client (and also on the ipaserver
itself) where I want to the the ipaserver share mounted.
[root@ipaserver mnt]# mount -t cifs
Hello,
I have a samba share on the freeipa 4.1 server that I want to mount from
another client that is part of the ipa domain
I've tried:
mount -t cifs //ipaserver.DOMAIN.LAN/share /mnt/point -o sec=krb5
Shouldn't I be able to do the mount this way?
-- john
--
Manage your subscription for the
okay, I see. the below line caused a *new* keytab to be created and caused
smb from starting.
1) ipa-getkeytab -s ipaserver -p cifs/ipaserver.my.lan -k /etc/krb5.keytab
I've fixed this and now ipa starts fine again.
2015-01-08 20:31 GMT+01:00 John Obaterspok john.obaters...@gmail.com:
Hello
) manual page (e.g. man mount.cifs)
(root has an admin ticket aquired)
Any hints for a newbie?
-- john
2015-01-08 18:51 GMT+01:00 Simo Sorce s...@redhat.com:
On Thu, 8 Jan 2015 10:01:50 +0100
John Obaterspok john.obaters...@gmail.com wrote:
Hello,
I have a samba share on the freeipa 4.1
:
El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió:
Hello,
I've tried this as well. My IPA is not connected to an AD. My smb.conf
looks almost the same. The differences are:
- I got the default workgroup set (MY or something)
- No FILE:/ prefix for keytab file
I had
2014-11-02 21:51 GMT+01:00 Loris Santamaria lo...@lgs.com.ve:
El dom, 02-11-2014 a las 19:54 +0100, John Obaterspok escribió:
I have still not been able to logon to Win7 PC with my IPA user.
Currently I get No mapping between account names and security IDs was
done when I try to login
Hello,
I might be interested in this as well. Does this mean it would be possible
for a windows client to access samba FS through IPA provided credentials?
Currently my Windows PC gets IPA ticket (through MIT kerberos application)
and can use this ticket to login to Linux server via putty. I
Hello,
I've tried this as well. My IPA is not connected to an AD. My smb.conf
looks almost the same. The differences are:
- I got the default workgroup set (MY or something)
- No FILE:/ prefix for keytab file
I had the samba and ipserver on the same box so I just had to add the cifs
server and
2014-10-27 12:19 GMT+01:00 Martin Basti mba...@redhat.com:
On 26/10/14 21:39, John Obaterspok wrote:
Hi,
I enabled mkosek-freeipa repo for F20 and updated freeipa-server from
3.3.5 to 4.1. The yum update reported just a single error:
Could not load host key: /etc/ssh/ssh_host_dsa_key
:35 softhsm_pin
Any ideas?
-- john
2014-10-27 19:05 GMT+01:00 Martin Basti mba...@redhat.com:
On 27/10/14 18:53, John Obaterspok wrote:
2014-10-27 12:19 GMT+01:00 Martin Basti mba...@redhat.com:
On 26/10/14 21:39, John Obaterspok wrote:
Hi,
I enabled mkosek-freeipa repo for F20
:09 GMT+01:00 Martin Basti mba...@redhat.com:
On 27/10/14 19:57, John Obaterspok wrote:
Hello Martin,
Still no go.
I installed the softhsm-devel package (that only contains header files),
removed the token directory, reinstalled the bind bind-pkcs11, did
ipa-dns-install that completed
Martin Basti mba...@redhat.com:
On 27/10/14 20:34, John Obaterspok wrote:
hmm... Could not connect to the Directory Server
So I started it with start-dirsrv since systemctl start ipa failed.
Then it was a breeze, ipa-dns-install worked fine.
# systemctl --failed
0 loaded units listed.
I'm
Hello Rob,
Did systemd report any failed services? (systemctl --failed)
-- john
2014-10-25 16:40 GMT+02:00 Rob Verduijn rob.verdu...@gmail.com:
Hello all,
I'm running freeipa 3.3.0 on fedora 20 x86_65 and it is set up as my main
dns server.
I've tried the upgrade to 4.1 using the copr
Hi,
I enabled mkosek-freeipa repo for F20 and updated freeipa-server from 3.3.5
to 4.1. The yum update reported just a single error:
Could not load host key: /etc/ssh/ssh_host_dsa_key
After reboot I had 3 services that failed to start:
ipa, kadmin, named-pkcs11
Doing strace -f named-pkcs11 -u
Hello,
I'm using FreeIPA for my home network and it works really great.
FreeIPA is running on NAS server where hw isn't latest greatest.
I've noticed the dogtag java/tomcat process is using up to 1 gig of
RAM and the java process is usually in the top spot for powertop
wakeups.
Is it normal
2014-03-23 19:45 GMT-04:00 Dmitri Pal d...@redhat.com
2014-03-23 9:01 GMT+01:00 John Obaterspok john.obaters...@gmail.com:
Hello,
How do I get vsftpd login to work with an existing ticket?
I've added ftp as an identity service (ftp/ipaserver.my@my.lan)
Is there anything else I
Hello,
How do I get vsftpd login to work with an existing ticket?
I've added ftp as an identity service (ftp/ipaserver.my@my.lan)
Is there anything else I need to do to allow ftp login to vsftpd?
-- john
___
Freeipa-users mailing list
Hello,
A couple of times each day the win 7 machine is not able to lookup hosts on
the ipa domain. A ipconfig /renew always allows ipa hosts to be resolvable
again.
Any ideas why this happens?
-- john
___
Freeipa-users mailing list
:09
Any other suggestions?
-- john
2014-03-23 18:52 GMT+01:00 Will Sheldon m...@willsheldon.com:
What is the difference in the output of ipconfig /all before and after
the ipconfig /renew?
Kind regards,
Will Sheldon
On Sunday, March 23, 2014 at 1:21 AM, John Obaterspok wrote:
Hello
49 matches
Mail list logo