On 09/25/2014 05:35 PM, Traiano Welcome wrote:
Hi Martin
On Wed, Sep 24, 2014 at 2:18 PM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
On 09/24/2014 01:06 PM, Traiano Welcome wrote:
Hi List
I'm currently running IPA 3.3 on Centos 7, and successfully
On 09/26/2014 11:19 AM, Sandor Juhasz wrote:
Hello,
i want to bind applications to the ldap, via ldap connector, so this should be
fine.
I have made the ldif, but i have no idea how to apply it, because simple
ldapmodify gives and error.
I would then start with sharing the LDIF and the error
On 09/25/2014 04:11 AM, Alex Harvey wrote:
Hi all
I'm new to IPA and struggling a bit to automate some tasks.
I am unable to delete hosts from the command line although have no problem
doing this using the GUI, e.g.
[root@myipaserver ~]# ipa host-del myhost.example.com
ipa: ERROR:
On 09/25/2014 01:08 PM, Sandor Juhasz wrote:
Hello,
i need a bit of help on how to create virtual dit structure on an existing
ipa.
I need it to create separate structure to authenticate users for services
which
don't support ldap search filters.
Ah, I think you want to do what
On 09/24/2014 01:11 AM, Tommy McNeely wrote:
Hi all,
I have seen the documentation on how to disable anonymous access
*completely* at
http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/disabling-anon-binds.html
However, I think that those base rootdse queries are probably
On 09/24/2014 01:06 PM, Traiano Welcome wrote:
Hi List
I'm currently running IPA 3.3 on Centos 7, and successfully authenticating
Linux clients (Centos 6.5).
I'd like to setup Solaris 10 as an IPA client, but this seems
problematic. I am following this guide:
On 09/24/2014 01:49 AM, Tommy McNeely wrote:
DISREGARD!
Sorry all, do not actually try my query, it makes authentication not work
at least on CentOS6.
Here is the doc I actually read the first time:
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html
. (Not COPR)
On 24-09-2014 14:31, Martin Kosek wrote:
On 09/24/2014 01:23 PM, Tevfik Ceydeliler wrote:
Hi, Do you know when new version Freeipa (v4) places on redhat or centos
repository?
Please define new version - do you mean FreeIPA 4.0.3? Or FreeIPA 4.1?
Also,
by repository, you mean
On 09/23/2014 03:59 AM, Ade Lee wrote:
On Mon, 2014-09-22 at 13:39 -0600, swartz wrote:
On 9/22/2014 9:14 AM, Ade Lee wrote:
Another question - what is the output of ls -l /etc/pki-ca/CS.cfg ?
ls -l /etc/pki-ca/CS.cfg
-rw-r-. 1 pkiuser pkiuser 49196 Sep 19 11:29 /etc/pki-ca/CS.cfg
In
/Linux_Domain_Identity_Authentication_and_Policy_Guide/ln-idp9643248.html
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info
On 09/22/2014 10:07 PM, Nathan Kinder wrote:
On 09/22/2014 05:03 AM, Murty, Ajeet (US - Arlington) wrote:
Security scan of FreeIPA server ports uncovered weak, medium and null
ciphers on port 389 and 636. We are running ‘ipa-server-3.0.0-37.el6.i686’.
How can I disable/remove these
On 09/20/2014 01:02 AM, swartz wrote:
Hello,
Encountered same issue as described here:
https://www.redhat.com/archives/freeipa-users/2013-July/msg00133.html
https://www.redhat.com/archives/freeipa-users/2014-August/msg00224.html
Plain vanilla IPA setup. No changes, no customizations.
On 09/18/2014 06:12 AM, Dmitri Pal wrote:
On 09/17/2014 10:56 PM, Dan Mossor wrote:
Good day, folks.
I am curious what the suggested upgrade path is for FreeIPA. Currently, I am
running freeipa-server-3.3.5-1.fc20.x86_64 on a virtual Fedora 20 server and
am planning my upgrade to FreeIPA
On 09/15/2014 05:01 PM, Martin Kosek wrote:
On 09/15/2014 03:31 PM, Natxo Asenjo wrote:
hi,
Centos 6.5.
I want to create a certificate request for our mysql servers. I came up
with this command line:
$ sudo /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname
--fqdn`-mysql.crt
On 09/12/2014 09:19 PM, Dmitri Pal wrote:
On 09/12/2014 02:43 PM, Michael Lasevich wrote:
That is awesome, but I am clearly missing some insight as to how this is
supposed to work. Can you point me to some more specific info on how to
accomplish this.
I tried using the ipa-getcert request
On 09/15/2014 03:31 PM, Natxo Asenjo wrote:
hi,
Centos 6.5.
I want to create a certificate request for our mysql servers. I came up
with this command line:
$ sudo /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname
--fqdn`-mysql.crt -k /etc/pki/tls/private/`hostname
On 09/09/2014 05:27 PM, Olga Kornievskaia wrote:
On Tue, Sep 9, 2014 at 10:41 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Olga Kornievskaia wrote:
On Mon, Sep 8, 2014 at 7:41 PM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com
On 09/09/2014 06:01 PM, Eric Hart wrote:
I'm trying to find a way to enable FreeIPA to allow Self-Signed Certificates.
I haven't found a way to enable that capability yet..
I've manually edited configuration files within /etc/dirsrv/slapd-EXAMPLE-COM,
specifically the
On 09/11/2014 02:06 AM, Dmitri Pal wrote:
On 09/10/2014 07:10 PM, Tamas Papp wrote:
hi All,
Is there an offficial API documentation available?
Unfortunately not much. You can search archives and find some recommendations
that helped people in the past.
On 09/12/2014 01:22 PM, Petr Spacek wrote:
On 12.9.2014 13:18, Dmitri Pal wrote:
On 09/12/2014 07:13 AM, Dmitri Pal wrote:
On 09/12/2014 12:13 AM, barry...@gmail.com wrote:
Hi:
i set max life no expiry already but still pomt reset password every 3 month
any idea to disable it ??? what
On 09/12/2014 03:36 PM, Tamas Papp wrote:
On 09/12/2014 02:47 PM, Martin Kosek wrote:
On 09/11/2014 02:06 AM, Dmitri Pal wrote:
On 09/10/2014 07:10 PM, Tamas Papp wrote:
hi All,
Is there an offficial API documentation available?
Unfortunately not much. You can search archives and find
On 09/04/2014 05:11 PM, Guillermo Fuentes wrote:
Hello list,
We’re running FreeIPA with a master and 3 replicas. The replication
stopped working and currently we’re adding resources only to the
master. This is the environment we have:
m1:
OS: CentOS release 6.5
FreeIPA: 3.0.0-37
On 09/04/2014 02:48 AM, Martin Kosek wrote:
Ah, ok. As Rob advised, you will need to delete it via ldapdelete CLI or via
any LDAP GUI application of choice.
BTW, this is upstream ticket tracking better means to resolve replication
conflicts:
https://fedorahosted.org/freeipa/ticket/1025
Good to hear Guillermo, I am glad you are back up and running. I am just
curious, what as the root cause of your replication errors in the end? I did
not catch that from the thread. Is it something we can fix in FreeIPA or is it
just a configuration error?
Thanks,
Martin
On 09/05/2014 08:06
structure.
Your case is a bit different from most, where you want to host two
completely separate kinds of users.
rob
On Wed, Sep 3, 2014 at 9:10 AM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
On 09/03/2014 03:08 PM, Rob Crittenden wrote:
Martin Kosek wrote
to have the same issue as user-delete.
rob
On 09/03/2014 10:43 AM, Rob Crittenden wrote:
Martin Kosek wrote:
Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL
operation and see what was the error code that DS gave when it refused to
delete the user?
Were I to guess
Actually, FreeIPAbind-dynd-ldap use idnszoneactive attribute (TRUE/FALSE) to
define which zones are active and which are not.
On 09/04/2014 02:23 PM, Chris Whittle wrote:
Look at nsaccountlock if it's TRUE then they are disabled.
On Thu, Sep 4, 2014 at 7:20 AM, Sebastian Leitz
On 09/03/2014 03:08 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 09/03/2014 09:02 AM, Martin Kosek wrote:
In the meantime, you can use the workaround that Rob sent, you would just
need
to delete it again when the fix is in, so that the permissions do not step
on
each other.
Actually
.
Thank all for the help!
On Tue, Sep 2, 2014 at 5:19 PM, Martin Kosek mko...@redhat.com wrote:
On 09/02/2014 10:42 AM, Zip Ly wrote:
@Martin
The second admin is my service account. I use this account to communicate
with our webapplication (it uses keytab and post/curl json to ipa). I can
Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL
operation and see what was the error code that DS gave when it refused to
delete the user?
Martin
On 09/03/2014 06:18 PM, Ron wrote:
user-find sees a user but user-del cannot remove it. What can I do?
Thanks.
Regards,
On 09/02/2014 10:42 AM, Zip Ly wrote:
@Martin
The second admin is my service account. I use this account to communicate
with our webapplication (it uses keytab and post/curl json to ipa). I can
add users without a problem. But when it comes to changing password, the
password is expired
On 09/01/2014 07:50 AM, Dmitri Pal wrote:
On 08/29/2014 09:32 PM, Matthew Sellers wrote:
Hi Everyone!
I am using FreeIPA 3.3.5 on Fedora 20 and attempting to configure FreeIPA to
send notifies to non-IPA slaves, but it seems broken on IPA ( notify packets
are never sent to to slaves ).
I
On 08/29/2014 10:21 AM, Zip Ly wrote:
@Martin
1) Yes, I did executed 8.5.3 from the wiki. Is this is reason for the
systems behaviour?
Yes.
if so why doesnt't it applies for both admins?
Because only a DN of the first admin was added. It applies only to objects
bound with this DN then.
On 08/28/2014 04:18 PM, Zip Ly wrote:
Hi,
I'm trying to change a user password without reset.
If I use the (primary) admin to change the password then it doesn't need a
password reset, because the expire lifetime is 90 days.
This is strange. Did you by any chance added this admin's
On 08/27/2014 07:47 AM, Kat wrote:
Hi all...
Migrating from Open LDAP and it works fine to FreeIPA to 3.x but 4.x I get
migration errors?
/Constraint violation: invalid password syntax - passwords with storage scheme
are not allowed/
I did find one reference to this in the archives, but it
Thanks for sharing your (rather painful) experience, I am glad you made it
working in the end.
Just note that we are currently (read FreeIPA 4.0.x and FreeIPA 4.1) working
making the cert operations in the installers smoother so that after so that
people like you would have much easier job.
On 08/22/2014 10:41 PM, Michael Lasevich wrote:
Trying to use ipa command line admin tools from Ubuntu 14.04 box against
3.0.0 CentOS 6 server and running into trouble.
Seems like upgrading server is not an option without upgrading the server,
and 3.3.0 client is not compatible with 3.0.0
On 08/25/2014 12:51 PM, Megan . wrote:
Good Morning,
I'm very new to freeIPA.
Welcome on board!
I'm running centOS 6.5 with freeIPA v3
I have the freeIPA server up but i'm working on getting SUDO
configured. Currently i'm having problems getting sudo commands to
work on the client.
On 08/20/2014 05:24 PM, Rich Megginson wrote:
On 08/20/2014 09:18 AM, Baird, Josh wrote:
Hi,
We are attempting to run ipa-client-install in the %post section of a
Kickstart in order to join the host to an IPA domain (3.3/RHEL7 IdM). We are
using something like:
On 08/20/2014 09:49 PM, Dmitri Pal wrote:
On 08/20/2014 09:43 PM, Rob Crittenden wrote:
Walid wrote:
Thanks Rob, we have native python2.4, and anaconda python 2.7, so i
guess if anything needs python 2.6 or greater it would not be an issue.
I am just wondering if there are people using the
On 08/19/2014 11:08 PM, Chris Whittle wrote:
Here is what I get if I try to start it manually... Any ideas?
[root@itservices /]# /usr/sbin/ipactl start
Starting Directory Service
Starting dirsrv:
COLLECTIVEBIAS-COM... [ OK ]
PKI-IPA...
, Aug 20, 2014 at 2:29 AM, Martin Kosek mko...@redhat.com wrote:
On 08/19/2014 11:08 PM, Chris Whittle wrote:
Here is what I get if I try to start it manually... Any ideas?
[root@itservices /]# /usr/sbin/ipactl start
Starting Directory Service
Starting dirsrv:
COLLECTIVEBIAS-COM
On 08/18/2014 09:35 PM, Michael Lasevich wrote:
I wanted to use the python ipalib directly, but like you mentioned, I found
very little documentation and what I found indicated I was going to just
pass cli arguments to it, it seemed to be not much better than calling the
wrapper directly :-(
On 08/14/2014 10:23 PM, Michael Lasevich wrote:
Is there somewhere a documented minimum set of permissions required to
create a special role/account/principal to auto-join machines to the domain?
I am not all too comfortable to run this as admin user and not quite ready
to set up the
.
-M
On Fri, Aug 15, 2014 at 1:18 AM, Martin Kosek mko...@redhat.com wrote:
On 08/14/2014 10:23 PM, Michael Lasevich wrote:
Is there somewhere a documented minimum set of permissions required to
create a special role/account/principal to auto-join machines to the
domain?
I am not all too
On 08/15/2014 11:25 AM, Michael Lasevich wrote:
...
The only thing that bugs me is that I am calling IPA python code from my
salt reactor python code via subprocess - there has got to be a better,
more direct way - but I found documentation too confusing to follow at 1
am - will be a project
On 08/13/2014 02:15 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 08/12/2014 11:49 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
The documentation seems to be a little fuzzy on setting up two
CAs, some parts indicate this is a bad idea because the CRLs can
clobber each
On 08/13/2014 02:27 AM, William wrote:
On Tue, 2014-08-12 at 13:51 -0400, Rob Crittenden wrote:
William wrote:
Hi,
I am trying to allow a radius service account the ability to read
ipaNTHash. I carried out the following steps:
You can't delegate permissions to a service. See
Thank you! I liked this page to
http://www.freeipa.org/page/HowTos#Authentication
and also improved formatting of the page. I am not sure about the role
section though, we do not use role objectclass, so Okta's search probably
returns no results anyway. It may be better to keep that blank IMO.
On 08/10/2014 01:58 PM, James James wrote:
Hello,
Is there a way to patch my ipa .3.0.0 with this patch:
https://www.mail-archive.com/freeipa-devel@redhat.com/msg20528.html ?
The DateTime data type will be very useful !
Regards
It would be quite difficult, if not only because of the
On 08/11/2014 04:24 PM, Jakub Hrozek wrote:
On Mon, Aug 11, 2014 at 05:18:03PM +0300, Alexander Bokovoy wrote:
On Sat, 09 Aug 2014, Erinn Looney-Triggs wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It would seem to be prudent to set the minssf setting for 389 to 56,
however I am
On 08/07/2014 01:39 PM, Curtis L. Knight wrote:
On Tue, Aug 5, 2014 at 11:26 PM, Rob Crittenden rcrit...@redhat.com wrote:
Curtis L. Knight wrote:
On Tue, Aug 5, 2014 at 7:21 AM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
On 08/05/2014 12:32 PM, Martin Kosek wrote
request for Server-Cert for slapd
httpd/alias we get an up to date cert ... not sure if anything else broken by
doing that though ...
I assume maybe the replcia install/mgmt under 2.x was slightly or perhaps
majorly different ...
rgds
Matt
On 31/07/2014 6:21 pm, Martin Kosek wrote
On 08/04/2014 07:06 PM, Nordgren, Bryce L -FS wrote:
Hmm, sorry for incomplete instructions then. I updated the instructions to
cope with that situation better (details in
https://fedorahosted.org/freeipa/ticket/4466#comment:2). Please feel free
to report more findings or even better help us
On 08/05/2014 12:03 AM, Erinn Looney-Triggs wrote:
On 08/04/2014 01:51 PM, Ade Lee wrote:
OK - I suspect you may be running into an issue with serial number
generation. Each time we install a clone, we end up allocating a new
range of serial numbers for the clone.
The idea is to keep
On 08/04/2014 10:41 PM, Erinn Looney-Triggs wrote:
On 08/04/2014 08:46 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 08/04/2014 04:01 AM, Martin Kosek wrote:
On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
Whether related or not I am getting the following in my
RHEL 6.5 IPA
On 08/05/2014 12:05 PM, Curtis L. Knight wrote:
Hey,
I have been trying to build rpms from different releases without much
success. I can build 4.0+ rpms but I have not tested them. Going backward
like with release-3-3-5, it fails on lint/pylint routine. I comment out the
lint call in the
On 08/05/2014 12:32 PM, Martin Kosek wrote:
On 08/05/2014 12:05 PM, Curtis L. Knight wrote:
...
#./make-lint $(LINT_OPTIONS)
run 'make rpms' again to get beyond lint errors shown below
cd install; if [ ! -e Makefile ]; then ../autogen.sh --prefix=/usr
--sysconfdir=/etc --localstatedir=/var
On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
Whether related or not I am getting the following in my RHEL 6.5
IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log:
[26/Jul/2014:20:23:23 +] slapi_ldap_bind - Error: could not
send startTLS re quest: error -1 (Can't contact
On 08/04/2014 01:36 AM, Nordgren, Bryce L -FS wrote:
Spoke too soon. I needed the following extra selinux policy module to make
all the AVCs go away.
BTW: the instructions on http://www.freeipa.org/page/PKI really only work if
you leave the password blank when you create a new database
On 08/01/2014 12:40 AM, Kat wrote:
Hi,
I must be missing something obvious in getting memberof plugin to work.. Any
ideas?
Thanks in advance...
~K
--
./fixup-memberof.pl -D 'cn=Directory Manager' -b 'dc=red,dc=lemon,dc=com' -w
- -v
On 08/01/2014 08:23 AM, barry...@gmail.com wrote:
Hi :
Is it possible to read clear text of password of ipa users by admin ?
No. Admin can't even read the hash
# ldapsearch -Y GSSAPI -b
uid=fbar,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com uid
userPassword
SASL/GSSAPI
On 07/30/2014 07:16 PM, Robert Walker wrote:
Hi,
I've got 2 IPA servers running in a relationship. One is ok as far as
logging into the webui and the other will only let me kinit admin on the
console of the server. When I try to login into the webui Your session has
expired. Please
On 07/31/2014 07:49 AM, Matt Bryant wrote:
All,
Got an issue with an IPA replica in that the certs in /etc/httpd/alias
/etc/dirsrv/slapd-IPA-REALM have expired.
I assume that this replica does not have a CA and we are only dealing with
service HTTPD and DIRSRV service certificates.
Have
on
Scientific Linux, is there a workaround?
Thanks.
Luca Tartarini
2014-07-30 15:00 GMT+02:00 Simo Sorce sso...@redhat.com:
On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote:
On 07/29/2014 03:47 PM, Luca Tartarini wrote:
Hi everyone,
I am new in FreeIPA, I am trying to configure
suggested ..
rgds
Matt Bryant
On 31/07/14 17:33, Martin Kosek wrote:
On 07/31/2014 07:49 AM, Matt Bryant wrote:
All,
Got an issue with an IPA replica in that the certs in /etc/httpd/alias
/etc/dirsrv/slapd-IPA-REALM have expired.
I assume that this replica does not have a CA and we
On 07/28/2014 07:29 PM, jaseywang wrote:
Hi
I tried to install freeipa-client on Ubuntu 10.04 12.04, but none of them
worked :-(
At the moment, only 12.04 ships the apt repo so that I can use apt to
install the freeipa-client(2.1.4-0ubuntu1). Although I can installed the
package
On 07/29/2014 03:47 PM, Luca Tartarini wrote:
Hi everyone,
I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The
configuration is the following: Service Provider (host with Scientific
Linux 6) with ipsilon-client and Identity Provider (another host with
Scientific Linux 6)
On 07/24/2014 07:04 PM, Nordgren, Bryce L -FS wrote:
One of our larger users was in a similar situation a few years ago and
ended up running Fedora until RHEL caught up and then migrating the servers.
I'm running it on F20 because it seemed like the dependencies would make
running it on
level right as unicode string
=== Tomáš Babej (3) ===
* trusts: Validate missing trust secret properly
* ipatests: tasks: Fix dns configuration for trusts
* trusts: Make cn=adtrust agents sysaccount nestedgroup
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management
On 07/23/2014 01:36 PM, Choudhury, Suhail wrote:
Hi,
I'm finding that on all IPA servers in 1 cluster the replication status shows
as either busy or started, but no succeeded status is being reported:
[root@recsds2 ~]# ipa-replica-manage list -v $HOSTNAME
recsds1.bskyb.com: replica
On 07/23/2014 01:58 PM, Choudhury, Suhail wrote:
I have the following errors on different boxes:
[root@recsds1 sch32]# tail -f /var/log/dirsrv/slapd-RECS-BSKYB-COM/errors
[23/Jul/2014:12:28:54 +0100] NSMMReplicationPlugin - CleanAllRUV Task:
Replicas have not been cleaned yet, retrying in
Ah, so this is all a matter of old docs. --selfsign installation are
deprecated, we now use CA-less instead.
I updated http://www.freeipa.org/page/Howto/Promoting_a_self-signed_FreeIPA_CA
and added a warning with links to appropriate resources.
HTH,
Martin
On 07/23/2014 05:54 PM, John Moyer
On 07/19/2014 01:08 AM, Nordgren, Bryce L -FS wrote:
So if I understand the 389-ds ticket correctly, I can add pre-hashed
passwords
via ldapmodify to the 389 server using directory manager as the bind dn? I
just can't use the ipa command line tool/script.
The short answer is no. Trying
On 07/21/2014 01:30 PM, Atanas Bachvaroff wrote:
Martin Kosek wrote:
On 07/21/2014 01:04 PM, Atanas Bachvaroff wrote:
Hello,
I've been experiencing strange problems trying to manually modify the
userPassword attributes in the FreeIPA's 389 directory (FreeIPA 3.3.4 on
Fedora 20). I'm using
On 07/21/2014 03:38 PM, Eldo Joseph wrote:
Is it possible to disable AES256 Encryption from IPA, while making Kerberos
principals...
-Eldo-
I think you would need to hand update krbDefaultEncSaltTypes in
cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working.
Can you share
Ok, though in that case the application has 3 other encryption types to kinit
with (in default configuration)
Martin
On 07/21/2014 04:28 PM, Eldo Joseph wrote:
Martin,
Application compatible issue, AES256 is not been supported.
Thanks,
Eldo
On 21/07/2014 7:15 pm, Martin Kosek mko
On 07/17/2014 04:56 PM, Anthony Messina wrote:
After upgrading to Fedora 20's stable 389-ds-base-1.3.2.19-1.fc20.x86_64,
I noticed the following errors during the restart cycle. I have a simple
2 host MMR setup. Should I be concerned about these? If so, I'd be open
to recommendations.
On 07/18/2014 03:12 PM, Dmitri Pal wrote:
On 07/18/2014 08:17 AM, Innes, Duncan wrote:
Hi Petr,
On 18/07/2014 11:24, Petr Vobornik wrote:
Hello Duncan,
thank you for the input. If you or somebody else have any Web UI
ideas/RFEs, feel free to write them down. I would like to
know what
On 07/18/2014 03:16 PM, Eldo Joseph wrote:
Hi,
Is it possible to add a user principal with admin privileges.
like kadmin: addprinc -randkey user1/ad...@domain.com
when ever tried I got this
Kerberos database constraints violated
Thanks,
Eldo
We do not allow adding principals
On 06/17/2014 03:39 AM, barry...@gmail.com wrote:
Now cannot use ipa command line like ipa passwd, any missing ? need
reimport back the ipa cert?
ipa: ERROR: did not receive Kerberos credentials
certutil -d /etc/dirsrv/slapd-ABC-COM -L
Go Daddy Secure Certification Authority - The
On 06/17/2014 09:35 AM, Martin Kosek wrote:
On 06/17/2014 03:39 AM, barry...@gmail.com wrote:
Now cannot use ipa command line like ipa passwd, any missing ? need
reimport back the ipa cert?
ipa: ERROR: did not receive Kerberos credentials
certutil -d /etc/dirsrv/slapd-ABC-COM -L
Go
read all the details in the page referred above.
Feedback welcome!
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https
No worries. Note that at the end of ipa-server-install, you get a list of DNS
records (SRV, A) required to be added (in a BIND zone format). Additional
required updates caused by new/removed FreeIPA replicas are on your own though.
Martin
On 05/28/2014 10:44 AM, rob.har...@stfc.ac.uk wrote:
On 05/26/2014 09:00 PM, Davis Goodman wrote:
On Mon, May 26, 2014 at 1:17 PM, Davis Goodman
davis.good...@digital-district.ca wrote:
On Mon, May 26, 2014 at 4:22 AM, Martin Kosek mko...@redhat.com wrote:
On 05/25/2014 09:44 PM, Davis Goodman wrote:
On Wed, May 21, 2014 at 12:06 PM
On 05/27/2014 01:12 PM, Martin Kosek wrote:
On 05/26/2014 09:00 PM, Davis Goodman wrote:
On Mon, May 26, 2014 at 1:17 PM, Davis Goodman
davis.good...@digital-district.ca wrote:
On Mon, May 26, 2014 at 4:22 AM, Martin Kosek mko...@redhat.com wrote:
On 05/25/2014 09:44 PM, Davis Goodman
On 05/25/2014 09:44 PM, Davis Goodman wrote:
On Wed, May 21, 2014 at 12:06 PM, Martin Kosek mko...@redhat.com wrote:
On 05/21/2014 01:31 PM, Davis Goodman wrote:
http://www.digital-district.ca/
On May 21, 2014, at 6:54 , Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote
On 05/23/2014 06:42 AM, Sanju A wrote:
Dear All,
Is there any command to export the user and host list to a csv or text format
There is no such command out of the shelf, I would personally just write a
short Python script to export the hosts (or anything else) in a format I need.
Example for
On 05/23/2014 12:15 PM, Matt . wrote:
Hi All,
Is a wildcard DNS record supported at the moment ?
If so, how to accomplish this ?
Thanks!
Matt
It is not supported at the moment, but it will be supported from FreeIPA 4.0
(currently planned to be released at the end of June)
Upstream
On 05/23/2014 03:44 PM, Petr Spacek wrote:
On 23.5.2014 13:59, Matt . wrote:
Hi Martin,
I have seen it indeed and discusses on #freeipa
Is it not possible to install bind-dyndb-ldap 4.0 manually on CentOS 6.5 ?
In theory yes, but nobody tested that.
Please note that new bind-dyndb-ldap
.
Then the python syntax is ~
args = ['arg1', 'arg2']
options = dict(option1=foo, option2=bar)
api.Command['command_name'](*args, **options)
HTH
On 05/23/2014 07:54 AM, Martin Kosek wrote:
On 05/23/2014 06:42 AM, Sanju A wrote:
Dear All,
Is there any command to export the user and host
On 05/21/2014 08:36 AM, Davis Goodman wrote:
Hi,
Lately I’ve been having issues of replication between my server and my 2
replicas.
I decided I was going to delete my 2 replicas and start over keeping my
master intact.
I wasn`t successfull in getting all 3 servers to replicate to
On 05/21/2014 09:12 AM, Davis Goodman wrote:
On May 21, 2014, at 2:45 , Martin Kosek mko...@redhat.com wrote:
On 05/21/2014 08:36 AM, Davis Goodman wrote:
Hi,
Lately I’ve been having issues of replication between my server and my 2
replicas.
I decided I was going to delete my 2
On 05/21/2014 01:31 PM, Davis Goodman wrote:
http://www.digital-district.ca/
On May 21, 2014, at 6:54 , Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
On 05/21/2014 09:12 AM, Davis Goodman wrote:
On May 21, 2014, at 2:45 , Martin Kosek mko...@redhat.com
On 05/17/2014 04:22 AM, Chris Whittle wrote:
I have an existing key and crt that has be successfully installed on other
subdomain servers... Where is the best place to start?
To start what? :-) Without knowing what you want to achieve, I would like to
point you to our training presentation
On 05/17/2014 04:27 PM, Christopher Swingler wrote:
Short and to the point, but I have the same question. :)
On May 16, 2014, at 9:08 PM, Chris Whittle cwhi...@gmail.com wrote:
Is there a doc anywhere?
CC-ing Petr Vobornik to help with that. You can already achieve some theming
with
On 04/28/2014 01:03 PM, Bret Wortman wrote:
We are planning to reconfigure our core Freeipa servers, basically building a
replacement infrastructure and migrating to it. What we're planning right now
is
a core of three Freeipa servers each of which has a CA, with as much
distribution of
On 04/28/2014 05:16 PM, Simo Sorce wrote:
On Mon, 2014-04-28 at 16:11 +0100, Andrew Holway wrote:
I realized that you probably want to disable anonymous access to LDAP. It
will prevent random strangers to enumerate all users in your database...
This sounds like a bug no? anonymous access to
On 04/24/2014 10:46 PM, Dmitri Pal wrote:
On 04/23/2014 07:23 PM, Stephen Benjamin wrote:
...
I am not sure it is doing the right thing. In the blog you specify
bindpw for SUDO, this means you are configuring SUDO without SSSD
integration. If you use IPA it is a command switch on the
On 04/25/2014 01:59 AM, Chris Whittle wrote:
I am wanting to use Free IPA as the authentication source for Google Apps. I
can't seem to find any documentation on how to accomplish this. Anyone have
any
experience they would be willing to share? Or install is on CentOS 6.5 fyi.
I did a
501 - 600 of 867 matches
Mail list logo