Hello,
I'm trying to configure the oneWaySync option for IPA so only the Windows AD
can replicate changes to IPA.
When I use the command that I listed below it says it works but when I delete a
user form IPA it will then delete the user in Active Directory.
Is my command listed below correct?
[mailto:rmegg...@redhat.com]
Sent: Tuesday, January 22, 2013 3:04 PM
To: Rob Crittenden
Cc: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] OneWaySync Issues
On 01/22/2013 11:46 AM, Rob Crittenden wrote:
Joseph, Matthew (EXP) wrote:
Hello,
I'm trying
Hello Rob,
Sorry typo on my part. The command I put in is actually fromWindows
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, January 22, 2013 2:47 PM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users
Crittenden
Cc: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] OneWaySync Issues
On 01/22/2013 11:46 AM, Rob Crittenden wrote:
Joseph, Matthew (EXP) wrote:
Hello,
I'm trying to configure the oneWaySync option for IPA so only the
Windows AD can replicate
Hello,
I'm currently in the processing of installing/configuring IPA 2.2.0-16 on a
Red Hat 6.4 Server and I'm running into some issues trying to get IPA to
replicate to a Windows 2003 SP2 DC.
Here is the steps I took (I used the Red Hat Identity Management Guide)
1) Create idmpasssync
, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Winsync Issues
On 03/21/2013 12:37 PM, Joseph, Matthew (EXP) wrote:
Hello,
I'm currently in the processing of installing/configuring IPA 2.2.0-16 on a
Red Hat 6.4 Server and I'm running into some issues trying
,dc=domain2,dc=ca
That shouldn't make a difference should it?
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Thursday, March 21, 2013 4:31 PM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Winsync Issues
On 03/21/2013 01:26 PM, Joseph
-replica-manage command and was able to make a connection.
Thanks again,
Matt
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Thursday, March 21, 2013 5:00 PM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Winsync Issues
On 03/21/2013 01
Hello,
I'm trying to point a Solaris 10 server to use IPA as it's NIS Server.
The Solaris 10 server has no issues communicating with IPA but it can only see
a few maps (Users, Groups).
Looking at the documentation it says you can add entries so I tried to for
Hosts but I can't get ypcat hosts
Hey Nalin,
Sorry typo on my part. It does say nis-base.
-Original Message-
From: Nalin Dahyabhai [mailto:na...@redhat.com]
Sent: Wednesday, March 27, 2013 12:57 PM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] IPA - NIS Compatability
Hey,
I'm trying to add a client to IPA and I'm getting the following error;
Joining realm failed because of failing XML-RPC request
This error may be caused by incompatible server/client major versions.
Client is running Red Hat 6.1 with the following IPA and Curl packages
installed;
: Tuesday, April 02, 2013 2:58 PM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Client Installation Error
Joseph, Matthew (EXP) wrote:
Hey,
I'm trying to add a client to IPA and I'm getting the following error;
Joining realm failed because of failing XML
is in DNS and
the host table. He can ping him fine so there is no issue with communication.
Any ideas? Any other logs/information I can provide you?
Thanks,
Matt
-Original Message-
From: Joseph, Matthew (EXP)
Sent: Tuesday, April 02, 2013 3:01 PM
To: 'Rob Crittenden'; freeipa-users
Awesome that was the issue Rob.
Thanks!
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, April 03, 2013 10:14 AM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Client Installation Error
Joseph
Hello,
I'm trying to setup a replica server with ipa-2.2.0-16 on both the Server and
the Replica Server.
Here are the steps I ran (From the Red Hat 6.3 IdM Administration Guide);
IPA_Server:
ipa-replica-prepare ipareplica.example.com --ip-address 192.168.1.2
scp
Hello,
I've having issues with trying to login to our NIS clients that are looking at
IPA as a NIS Server.
The NIS Client can view all of the usernames when I do a ypcat passwd but when
I try to login a with a user account it will not accept the password. I've even
tried setting it as simple
Hey Rob,
The passwd section of nsswitch.conf is the following;
Passwd: files nis
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, April 04, 2013 3:05 PM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users
to get around this?
Matt
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Friday, April 05, 2013 6:40 AM
To: Rob Crittenden; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS
that command I get the following error;
Ldap_bind: No Such Object (32)
I can manually add that to the dse.ldif right? If so where would it go?
Thanks,
Matt
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent
, Matthew (EXP); freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat Password Issues
Joseph, Matthew (EXP) wrote:
My old NIS server we used shadow passwords.
When I migrated my passwd nis file to IPA I'm assuming it also imported the
part of the file that contains the x
Hello,
I imagine this is a common issue/question when trying to implement the password
sync between AD and IPA.
We have two Windows 2003 domain controllers (for redundancy) so when a user
issues a password change on the Windows side there is no primary domain
controller that it will always
...@redhat.com] On Behalf Of Dmitri Pal
Sent: Friday, April 05, 2013 11:56 AM
To: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Active Directory -- IPA Password Sync
On 04/05/2013 10:52 AM, Joseph, Matthew (EXP) wrote:
Hello,
I imagine this is a common issue/question when trying
Hey Rob,
I was able to get NIS passwords working.
I had a space at the end of dn: cn=config (stupid me).
Thanks for the help!
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Friday, April 05, 2013 11:07 AM
To: Joseph, Matthew (EXP); freeipa-users
not complaining about that. It can't seem to find the dn: cn=config
which is weird since I see it in the file.
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Friday, April 05, 2013 11:07 AM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: Re: [Freeipa
(EXP)
Cc: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] ipa-replica-install errors
On 04/04/2013 07:14 AM, Joseph, Matthew (EXP) wrote:
Hello,
I'm trying to setup a replica server with ipa-2.2.0-16 on both the Server and
the Replica Server.
Here are the steps I ran (From the Red
Hey,
Yup, the client side says the following;
Op=-1 fd=64 closed - Peer does not recognize and trust the CA that issued your
certificate.
Matt
From: Nathan Kinder [mailto:nkin...@redhat.com]
Sent: Monday, April 08, 2013 12:28 PM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject
Hey Rob,
Yes I've tried to do that. Everytime I try to run an ipa-replica-install I make
sure I create a new replica file from the server.
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, April 10, 2013 10:47 AM
To: Joseph, Matthew (EXP
Hey Rob,
Here is the output from cerutil -L -d /etc/dirsrv/slapd-DOMAIN-CA/
Server:
Server-Cert u,u,u
Client:
Server-Cert u,u,u
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, April 10, 2013 11:01 AM
To: Joseph, Matthew (EXP); Nathan
@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: ipa-replica-install errors
On 04/10/2013 09:55 PM, Joseph, Matthew (EXP) wrote:
Hey,
I'm still trying to figure out this error but I am getting nothing.
Anyone have any suggestions or ideas on why this is failing?
Matt
*From:*freeipa
Nansi
Sent: Wednesday, April 10, 2013 9:36 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: ipa-replica-install errors
On 04/10/2013 09:55 PM, Joseph, Matthew (EXP) wrote:
Hey,
I'm still trying to figure out this error but I am getting nothing.
Anyone have any
...@redhat.com]
Sent: Thursday, April 11, 2013 10:13 AM
To: Joseph, Matthew (EXP); Jatin Nansi; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: ipa-replica-install errors
Joseph, Matthew (EXP) wrote:
Hey,
Here is the output;
Server-Cert u,u,u
I am using nss-3-13.3-6
I am
...@redhat.com]
Sent: Thursday, April 11, 2013 10:18 PM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: ipa-replica-install errors
On 04/11/2013 08:55 PM, Joseph, Matthew (EXP) wrote:
Hey,
Sorry didn't read your full message and realize you wanted all
Hello,
I'm currently having issues using automount from my clients.
On my IPA Server and Replica there is no issues trying to mount but when I do
it from a client I get some weird results.
I have a mount point on a server that shows as the following in the IPA GUI.
-rw,soft
Hey James,
I configured my IPA server with winsync and I was in the same boat as you.
The IPA user that is created for Active Directory does not require write access
to AD.
My IPA user only has read permissions to the domain and my passwords sync just
fine. When I delete a user from IPA it
sync but it never worked for me the way it
was intended and I just stumbled on giving the user only read access to the
domain.
Matt
From: James A [mailto:ja...@atia.se]
Sent: Tuesday, May 14, 2013 10:42 AM
To: Joseph, Matthew (EXP)
Cc: Chris Hudson; freeipa-users@redhat.com
Subject: EXTERNAL: Re
might be wrong.
Also is your IPA sync user in the same OU as your normal users?
Matt
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Tuesday, May 14, 2013 10:50 AM
To: James A
Cc: freeipa-users@redhat.com
Subject: Re
has. He should
have Read (Also gives him access to Read Domain Password Lockout Policies and
Read Other Domain Parameters)
Matt
From: James A [mailto:ja...@atia.se]
Sent: Tuesday, May 14, 2013 11:26 AM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: Re: EXTERNAL: Re: Syncing
...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Tuesday, May 14, 2013 8:05 AM
To: freeipa-users@redhat.com
Subject: EXTERNAL: [Freeipa-users] Automount issues
Hello,
I'm currently having issues using automount from my clients.
On my IPA Server
Hello,
I've seem to run into an issue with our admin account on our FreeIPA server.
Our password expired (I thought I disabled the password expiration for this
account) and when I run kinit admin it prompts me for a new password.
I type in the old password and then the new one two times but then
Hello,
I've recently had to restart my IPA servers and my NIS compatibility mode has
stopped working.
I've configured my IPA server to run in NIS compatibility mode by doing the
following.
[root@ipaserver ~]# ipa-nis-manage enable
[root@ipaserver ~]# ipa-compat-manage enable
Restart the DNS and
errors came up.
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, January 02, 2014 2:58 PM
To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
Joseph, Matthew (EXP) wrote
.
Yup, I checked the status of the port to make sure nothing else was using it.
I configured it for an empty port below 1024.
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, January 06, 2014 6:13 PM
To: Joseph, Matthew (EXP); d...@redhat.com; freeipa
, January 07, 2014 6:59 AM
To: Joseph, Matthew (EXP); Rob Crittenden; d...@redhat.com;
freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote:
When I run ypcat on the IPA servers it states that ypbind can't communicate.
I
, 2014 6:59 AM
To: Joseph, Matthew (EXP); Rob Crittenden; d...@redhat.com;
freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote:
When I run ypcat on the IPA servers it states that ypbind can't communicate.
I started
a ypcat since it can't find the maps which I would assume
live under that domainname folder.
Any ideas?
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Tuesday, January 07, 2014 9:23 AM
To: Petr
but are the ipa-nis-manage and ipa-compat-manage commands not
used to enable the NIS compatibility mode?
From: Ondrej Valousek [mailto:ovalou...@vendavo.com]
Sent: Tuesday, January 07, 2014 11:12 AM
To: Joseph, Matthew (EXP); Petr Spacek; Rob Crittenden; d...@redhat.com;
freeipa-users@redhat.com
Subject: RE
them all go
through NIS. I had it working for a good year and then it just stopped.
From: Ondrej Valousek [mailto:ovalou...@vendavo.com]
Sent: Tuesday, January 07, 2014 11:44 AM
To: Joseph, Matthew (EXP); Petr Spacek; Rob Crittenden; d...@redhat.com;
freeipa-users@redhat.com
Subject: RE
:36 AM
To: Nalin Dahyabhai; Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
Nalin Dahyabhai wrote:
On Tue, Jan 07, 2014 at 05:22:22AM -0500, Joseph, Matthew (EXP) wrote:
When I run ypcat on the IPA servers it states that ypbind can't
Hello,
I'm currently running into some issues with my replica server.
I noticed it wasn't getting any updates from the master server so I tried to do
a force-sync but it states that it is an invalid password which I know it is
not the case.
I tried doing an ipa-replica-manager list
: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Mark Heslin
Sent: Monday, July 28, 2014 3:13 PM
To: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] IPA Replica Issues
On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote:
Hello,
I'm currently
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Mark Heslin
Sent: Monday, July 28, 2014 3:27 PM
To: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] IPA Replica Issues
On 07/28/2014 02:12 PM, Mark Heslin wrote:
On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote:
Hello,
I'm
://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
I've tried supplying both the old and the new Directory manager password but
neither are working.
-Original Message-
From: Simo Sorce [mailto:s...@redhat.com]
Sent: Monday, July 28, 2014 5:04 PM
To: Joseph, Matthew (EXP)
Cc: Mark
-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Tuesday, July 29, 2014 7:22 AM
To: Simo Sorce
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: IPA Replica Issues
Sorry I should clarify what is weird is I supply the Directory Manager password
and it's
2.2.0-16
Thanks guys.
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Tuesday, July 29, 2014 9:15 AM
To: Simo Sorce
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: IPA
Hey Suhail,
Issue has been resolved; it was actually my replica server being about 10
minutes out of sync from the master which was causing the credential errors.
Matt
From: Choudhury, Suhail [mailto:suhail.choudh...@bskyb.com]
Sent: Wednesday, July 30, 2014 9:00 AM
To: Joseph, Matthew (EXP
, April 14, 2015 12:01 PM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Can't delete group because it states
it's not found
Joseph, Matthew (EXP) wrote:
Hello,
I'm trying to delete a group in IdM but when I do a ipa group-del
group it states
results.
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, April 14, 2015 12:01 PM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Can't delete group because it states
it's not found
Joseph, Matthew (EXP
]
Sent: Tuesday, April 14, 2015 2:32 PM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Can't delete group because it states
it's not found
Joseph, Matthew (EXP) wrote:
Hey Rob,
So I did the following command;
Ldapdelete -D cn=Directory Manager -h
Hrozek
Sent: Thursday, April 16, 2015 10:25 AM
To: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Usernames not being seen on IPA Master
On Thu, Apr 16, 2015 at 01:13:56PM +, Joseph, Matthew (EXP) wrote:
Hello,
I'm running into an issue where a new user account created
Hello,
I'm running into an issue where a new user account created on the master server
is not being seen for changing file permissions and such.
I can login using the newly created user account but when I try to change
permissions on a file/directory it comes up with the following error;
Chown:
Message-
From: Jakub Hrozek [mailto:jhro...@redhat.com]
Sent: Thursday, April 16, 2015 10:56 AM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Usernames not being seen on IPA
Master
On Thu, Apr 16, 2015 at 01:42:52PM +, Joseph, Matthew (EXP
I was able to get the group modified and deleted with your commands Rob.
Thank you very much for the help.
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, April 14, 2015 3:16 PM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: Re
; Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Multiple CA certificates (for PassSync)
On 07/09/2015 07:23 AM, Rob Crittenden wrote:
Joseph, Matthew (EXP) wrote:
Hello,
We are currently in the process of replacing our IdM 3.x server with
4.x
Hello,
We are currently in the process of replacing our IdM 3.x server with 4.x.
There are going to be some major directory changes during the upgrade so I need
to keep both the old and new IdM servers up and running separately.
Part of our configuration is using the password sync between IdM
64 matches
Mail list logo