On 12/08/2014 08:00 PM, Megan . wrote:
> I looked through the logs on the server and i see the below error in
> the apache error log when i try to register a client:
>
> [Mon Dec 08 12:20:38 2014] [error] SSL Library Error: -12195 Peer does
> not recognize and trust the CA that issued your certifi
On 12/09/2014 10:05 AM, Martin Kosek wrote:
> On 12/07/2014 07:29 PM, Gianluca Cecchi wrote:
>> On Sun, Dec 7, 2014 at 3:44 PM, Gianluca Cecchi
>> wrote:
>>
>>> Hello,
>>> I'm quite near to have users and groups working using ipa 3.3 as in CentOS
>
teresting.
>
>
>
>> thanks
>> theirry
>
>
>> On 12/09/2014 10:01 AM, Martin Kosek wrote:
>>> On 12/07/2014 03:01 PM, Niranjan M.R wrote:
>>>> On 12/06/2014 12:24 AM, Dmitri Pal wrote:
>>>>> Hello,
>>>>> WE NEED HELP!
On 12/09/2014 12:50 AM, Gianluca Cecchi wrote:
> On Mon, Dec 8, 2014 at 7:17 PM, Gianluca Cecchi
> wrote:
>
>> OK. I will check requirements to write into The wiki
>>
>
>
> When I try to login with my Fedora OpenID account and choose as nickname my
> real name and press "login" actually it inde
On 12/09/2014 11:15 AM, thierry bordaz wrote:
> On 12/09/2014 10:48 AM, Niranjan M.R wrote:
> On 12/09/2014 02:57 PM, thierry bordaz wrote:
Hello,
Niranjan, may I have access to your test machine.
> It's a vm on my laptop. I am trying to reproduce on another VM
> to which i can
gt; ---
>>> No client certificate CA names sent
>>> ---
>>> SSL handshake has read 2095 bytes and written 591 bytes
>>> ---
>>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>>> Server public key is 2048 bit
>>> Secure Renegotiation IS supported
>>&
On 12/10/2014 03:36 AM, Dmitri Pal wrote:
> On 12/09/2014 08:43 PM, Thomas Lau wrote:
>> Hi All,
>>
>> FreeIPA Default is using 60days password expiry, how could I change it?
>
> You go to password policies and change the global password policy.
> You change MAX lifetime.
> This is a global settin
On 12/10/2014 12:57 PM, Chris Card wrote:
> Hi,
> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a freeipa
> server and a freeipa client machine.
> I've set up a user with ssh keys, and can successfully ssh onto the client
> machine.
> I'm trying to setup sudo rules so that if
On 12/10/2014 04:54 PM, Chris Card wrote:
>
>
>>
>>> On 12/10/2014 12:57 PM, Chris Card wrote:
>> thanks Martin,
I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
freeipa server and a freeipa client machine.
I've set up a user with ssh keys, and can successfully
On 12/11/2014 09:42 AM, Chris Card wrote:
>
>> On 12/10/2014 04:54 PM, Chris Card wrote:
>>>
>>>
> On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
>> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
>> freeipa server and a freeipa client machine.
On 12/10/2014 08:20 PM, Dmitri Pal wrote:
> On 12/10/2014 06:55 AM, Gianluca Cecchi wrote:
>> On Tue, Dec 9, 2014 at 10:50 AM, Martin Kosek > <mailto:mko...@redhat.com>> wrote:
>>
>> On 12/09/2014 12:50 AM, Gianluca Cecchi wrote:
>> > On Mo
On 12/11/2014 01:57 PM, Chris Card wrote:
>> On 12/11/2014 09:42 AM, Chris Card wrote:
>>>
On 12/10/2014 04:54 PM, Chris Card wrote:
>
>
>>
>>> On 12/10/2014 12:57 PM, Chris Card wrote:
>> thanks Martin,
I've installed freeipa 4.1.1 on Fedora 21, and successfully s
On 12/11/2014 04:38 PM, Dmitri Pal wrote:
On 12/11/2014 08:08 AM, Martin Kosek wrote:
On 12/11/2014 01:57 PM, Chris Card wrote:
On 12/11/2014 09:42 AM, Chris Card wrote:
On 12/10/2014 04:54 PM, Chris Card wrote:
On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
I've inst
On 12/11/2014 06:19 PM, Matt Chesler wrote:
I have a cluster of four IPA masters that should be performing fully meshed
replication. I discovered yesterday that a recently created user only existed
on a single master. After looking through all four masters, it appears that
several recent update
On 12/15/2014 10:16 AM, dbisc...@hrz.uni-kassel.de wrote:
> Hi,
>
> On Tue, 25 Nov 2014, Rich Megginson wrote:
>
>> On 11/25/2014 12:32 PM, dbisc...@hrz.uni-kassel.de wrote:
>>>
>>> with the help of Thierry and Rich I managed to debug the running ns-slapd on
>>> Server1 (see below). The failing a
On 12/29/2014 09:54 PM, Dmitri Pal wrote:
> On 12/20/2014 05:02 AM, Ben .T.George wrote:
>>
>> Hi
>>
>> I was trying to configure centos as ipa client and got failed with that,.
>>
>> anyone please help me to configure centos as ipa client through manual
>> configuration.
>>
>> Regards,
>> Ben
>>
>
On 01/02/2015 07:47 PM, Craig White wrote:
> Subject pretty much says it all.
>
> Starting to play around with rundeck and was thinking it would be nice if I
> could create a user that had the ability to sudo, without password, a public
> key and the ability to run commands.
>
> But the use of
On 01/04/2015 12:29 AM, Anthony Messina wrote:
> I was hoping to "migrate" from F20 to F21 using:
> http://www.freeipa.org/page/Howto/Migration
> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
The migration procedure is only needed if you run FreeIPA server with PKI based
o
Thanks, I just changed it to follow Mediawiki syntax and renamed it to
http://www.freeipa.org/page/Howto/Centralised_Logging_with_Logstash/ElasticSearch/Kibana
to keep current Howto structure. Please feel free encouraged to fill up any
more details as you go with your adventures that the communit
On 01/05/2015 02:05 PM, Anthony Messina wrote:
>
> Quoting Martin Kosek :
>
>> On 01/04/2015 12:29 AM, Anthony Messina wrote:
>>> I was hoping to "migrate" from F20 to F21 using:
>>> http://www.freeipa.org/page/Howto/Migr
s running it
unattended mode. This way you will avoid having it baked in your configs
directly:
# cat /root/enrollman_password | ipa-client-install --unattended --principal
enrollman
HTH.
>
> ~J
>
>
> On 1/5/15 3:27 AM, Martin Kosek wrote:
>> On 12/29/2014 09:54 PM, Dmitri
like
adding *your* FreeIPA related blogs to the list! Please just send as a link to
the RSS feed of your blog (or rather category/tag devoted to the FreeIPA
project) and we will add it to the list.
Enjoy!
--
Martin Kosek
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc
On 01/07/2015 02:51 PM, Janelle wrote:
> Hello fellow IPAers
>
> I know this has been written about before - the python scripts and
> fedora-domain vs rhel-domain on RHEL/CentOs 7. The question is - was there a
> permanent fix yet? I continue to run into it during installs and have to edit
> pytho
re - I made a bad assumption.
> Janelle
>
>
> On 1/7/15 7:19 AM, Martin Kosek wrote:
>> On 01/07/2015 02:51 PM, Janelle wrote:
>>> Hello fellow IPAers
>>>
>>> I know this has been written about before - the python scripts and
>>> fedora-domain vs
On 01/08/2015 10:45 AM, Pavel Březina wrote:
> On 01/07/2015 06:32 PM, Craig White wrote:
>> Still struggling with this...
>>
>> $ sudo /sbin/service pe-puppet restart
>> [sudo] password for rundeck:
>> Stopping puppet: [ OK ]
>> Starting puppet:
On 01/07/2015 06:43 PM, John Desantis wrote:
> Hello all,
>
> Just an update on this issue for anyone else who experiences a similar issue.
>
> It looks like the automatic renewal of the certificates failed on our
> master due the certmonger service being "stuck". I stopped the
> service, stoppe
On 01/08/2015 07:54 PM, Rob Crittenden wrote:
John Desantis wrote:
Hello all,
I didn't reply to the list, so I'll forward in my response.
The only remaining hiccup is now the replica's certmonger service
keeps dying while failing to re-issue the "ipaCert" in
/etc/httpd/alias. Log snippets ar
On 01/08/2015 09:12 PM, John Desantis wrote:
Martin, Rob, and Nalin,
The patch worked for me
(https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=1357eade4c5086e6c837a49f3008616317f88e5f),
thank you so much for the assistance!
The process was simple. I'll quickly outline it for other user
On 01/12/2015 10:04 AM, Petr Spacek wrote:
> On 11.1.2015 22:16, Dale Macartney wrote:
>> Morning folks
>>
>> I am currently working on a little pet project which I think some would
>> find useful.
>>
>> I would like to introduce some group policy like functionality into a
>> FreeIPA domain.
>>
>>
On 01/12/2015 03:53 PM, dbisc...@hrz.uni-kassel.de wrote:
> Hi,
>
> no ideas about this one?
>
> I'm unsure if I did something wrong, but since I installed both systems the
> same way, I really don't know, what could be wrong.
>
> One thing that may be related: The working system (the one that d
On 01/13/2015 10:38 AM, Brian Topping wrote:
> On Jan 13, 2015, at 1:56 PM, Brian Topping wrote:
>>
>> Hi folks, really pleased with the latest versions of FreeIPA. Very robust,
>> quite impressive!
Good to hear! :-)
>>
>> In the process of setting it up, I ended up having to move servers a cou
On 01/13/2015 04:53 PM, Bram Vandoren wrote:
> Hi All,
> We run a FreeIPA server (3.0.0) on SL6. Fedora 21 clients are unable to
> complete freeipa-client-install. It fails due to a parsing error of the CA
> certificate. I tracked down the error and it seems our cn=CACert,cn=ipa,cn=etc
> entry is i
On 01/13/2015 09:06 PM, Megan . wrote:
> I am having a very difficult time getting the ipa server installed on
> our test server.
>
>
>
> CentOS release 6.6 (Final)
> Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17
> 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>
> ip
On 01/14/2015 07:34 PM, Dmitri Pal wrote:
> On 01/14/2015 01:11 PM, Ejner Fergo wrote:
>> Hola,
>>
>> This is a response to:
>> https://www.redhat.com/archives/freeipa-users/2014-October/msg00126.html
>>
>> Scott, maybe you already found the solution, but I've been banging my head
>> with the same
On 01/15/2015 06:31 PM, Quayle, Bill wrote:
I am migrating an openLDAP tree into ipa, and when I run ipa migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect to 'ldap://10.x.x.x:389’:
It has transferred 9762 records, but seems to hit a timeout that causes i
On 01/16/2015 09:14 AM, Ludwig Krispenz wrote:
On 01/16/2015 08:43 AM, Martin Kosek wrote:
On 01/15/2015 06:31 PM, Quayle, Bill wrote:
I am migrating an openLDAP tree into ipa, and when I run ipa migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect to
oo) and using --continue
option. Then it will jump directly to group migration.
I am still thinking it would make sense to also check the migrated OpenLDAP
logs and see if there is anything interesting when the migration breaks.
HTH,
Martin
Bill
-Original Message-
From: Martin Kosek [m
On 01/16/2015 08:21 PM, Quayle, Bill wrote:
>
>
>> -Original Message-----
>> From: Martin Kosek [mailto:mko...@redhat.com]
>> Sent: Friday, January 16, 2015 12:51 PM
>> To: Quayle, Bill; Ludwig Krispenz
>> Cc: 'freeipa-users@redhat.com'
>
On 01/16/2015 11:38 PM, Rob Crittenden wrote:
> Dmitri Pal wrote:
>> On 01/16/2015 02:21 PM, Quayle, Bill wrote:
>>>
>>>> -Original Message-
>>>> From: Martin Kosek [mailto:mko...@redhat.com]
>>>> Sent: Friday, January 16, 2015 1
On 01/19/2015 08:01 PM, Dmitri Pal wrote:
On 01/19/2015 01:50 PM, sipazzo wrote:
I am having trouble finding relevant documentation on using freeipa to manage
sudoers for a Solaris client. Has anyone successfully set this up without
adding a bunch of non-standard packages? I am running freeipa 3
On 01/20/2015 04:49 PM, Quayle, Bill wrote:
...
Hm, this is definitely not how the migrate-ds is supposed work :-/ I wish we
can find the problem to avoid such difficulties for other users.
As this is an evaluation setup, I can tear-down and rebuild to try to capture
more data, if you want.
Also, when upgrading, please make sure to upgrade to the 6.6.z version of SSSD
- there were couple important fixes. AFAIK, the version should be
sssd-1.11.6-30.el6_6.3
Martin
On 02/02/2015 10:35 PM, Genadi Postrilko wrote:
> Thank you for your reply.
> I think ill go with the first option, it abo
On 02/05/2015 01:21 PM, Dmitri Pal wrote:
> On 02/05/2015 05:54 AM, Matt . wrote:
>> In the past we have done some testsetups with password expiring after
>> we added a user, at the moment I have difficulties with this on 4.1.2
>>
>> What I need is the following:
>>
>> - We add a user using json/ki
On 02/06/2015 12:53 AM, Christopher Young wrote:
> Obvious next question: Any plans to implement that functionality or advice
> on how one might get some level of functionality for this? Would it be
> possible to create another command-line based openssl CA that could issue
> these but using IPA
On 02/06/2015 06:59 AM, Les Stott wrote:
> Hi,
>
> I found a bug in the pki packages and CA replica installation.
>
> Environment:
> Rhel 6.6
> IPA Server 3.0.0-42
> Pki components:
> pki-symkey-9.0.3-38.el6_6.x86_64
> pki-common-9.0.3-38.el6_6.noarch
> pki-setup-9.0.3-38.el6_6.noarch
> pki-selin
On 02/09/2015 07:42 AM, alireza baghery wrote:
> i check on both server ssh each other's name and ssh successful and resolve
> name was also correct on each server
> but i can not login with user admin from ipareplica via ssh (root@ipareplica]#
> ssh admin@ipasrv ===> failed)
>
> [root@ipareplica
ved
>
> On Mon, Feb 9, 2015 at 11:19 AM, Martin Kosek wrote:
>
>> On 02/09/2015 07:42 AM, alireza baghery wrote:
>>> i check on both server ssh each other's name and ssh successful and
>> resolve
>>> name was also correct on each server
>>> but
Did you try the "ssh admin@`hostname`" command? It should show if ssh to admin
via SSSD&FreeIPA really works.
On 02/09/2015 11:18 AM, alireza baghery wrote:
> account admin recognize and show uid gid and groups
> On Feb 9, 2015 1:42 PM, "Martin Kosek" wrote:
>
On 02/09/2015 03:31 PM, Dmitri Pal wrote:
> On 02/09/2015 08:34 AM, alireza baghery wrote:
>> yes try "ssh admin@hostname" but do not work
>> log secure-
>>
>> Feb 9 15:42:20 ipasrv sshd[13414]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.3
On 02/07/2015 12:27 AM, Chris Mohler wrote:
> I'm having some troubles. I have an older IPA install Version 3.0.0. on Centos
> 6.6. It's currently the only master for my domain. I have about 4k user
> accounts on here and it's a live system called "idm"
>
> I'm trying to upgrade to V4.x as I am ho
On 02/09/2015 05:16 PM, Chris Mohler wrote:
> On 02/09/2015 10:18 AM, Martin Kosek wrote:
>> On 02/07/2015 12:27 AM, Chris Mohler wrote:
>>> I'm having some troubles. I have an older IPA install Version 3.0.0. on
>>> Centos
>>> 6.6. It's currently
On 02/12/2015 08:20 AM, Dmitri Pal wrote:
> On 02/12/2015 01:25 AM, Michael Lasevich wrote:
>> Ok, after a few awkward questions from an auditor, I am starting to face the
>> uncomfortable truth that my understanding about how FreeIPA works is a lot
>> fuzzier than I would like.
>>
>> Specifically
On 02/13/2015 01:32 PM, David Kupka wrote:
> Hello Bryan,
> I'm currently working on this. This feature should be available in
> freeipa-4.2.
Right. Until this is done, you should be anyway able to setup chrony yourself
before running ipa-client-install. It would respect your choice (unless you
p
t a requirement or can it be installed after
> machine has been setup and is running ipa?
>
> Bryan
>
> On Fri, Feb 13, 2015 at 9:01 AM, Martin Kosek wrote:
>
>> On 02/13/2015 01:32 PM, David Kupka wrote:
>>> Hello Bryan,
>>> I'm currently working on this.
On 02/16/2015 10:29 AM, alireza baghery wrote:
> i install IPA on CENTOS 6.5 with Replication
> when configure every role in IPA, role Copy to Replica
> but Conversely, it does not work (role from Replica DO not copy to IPA)
> i do the following:
>
> *on server IPA:*
> #ipa-replica-manage list
>
On 02/17/2015 12:08 AM, Rob Crittenden wrote:
> Steven Jones wrote:
>> ?
>>
>>
>> [root@xx ipa]# ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX
>> SASL/GSSAPI authentication started
>> SASL username:
>> SASL SSF: 56
>> SASL data security layer installed.
>> # extended LDIF
>> #
On 02/18/2015 07:46 PM, Dmitri Pal wrote:
> On 02/18/2015 12:17 PM, Cory Carlton wrote:
>> Hey all.
>>
>> We are in the process of essentially moving data centers while additionally
>> changing to new OS(rhel from centos) - so we are building replica with master
>> option servers to the new networ
On 02/19/2015 01:06 AM, Martin Minkus wrote:
> Hello all,
>
> Am wondering what support FreeIPA has for Application Specific
> Passwords? My research seems to indicate 'none'. I've seen quite a few
> people ask about this, usually the example is wanting a separate
> password for dovecot etc.
>
>
On 02/19/2015 05:14 PM, Dmitri Pal wrote:
> On 02/19/2015 10:07 AM, Jani West wrote:
>> Trying to migrate from CentOS 6.6 with FreeIPA 3.0.0-42 to CentOS 7.0 with
>> FreeIPA 3.3.3-28 by using replication.
>>
>> I have prepared replication file and moved it to the new replica server.
>> Configured t
On 02/19/2015 05:23 PM, Dmitri Pal wrote:
> On 02/19/2015 05:06 AM, Jan Pazdziora wrote:
>> On Wed, Feb 18, 2015 at 04:06:39PM -0800, Martin Minkus wrote:
>>> Except where we don't want single sign on, and separate passwords are
>>> advantageous or even required:
>>>
>>> - Web logins
>> Could you
On 02/20/2015 02:00 AM, Dan Mossor wrote:
I just installed a new server on Fedora 21 Server, using the rolekit deployment
tool. Everything was installed and configured (I hope) properly, but I'm
running into a problem. The version is freeipa-server-4.1.2-1.fc21.x86_64, and
I can connect to the We
On 02/20/2015 06:56 AM, Les Stott wrote:
Hi all,
The following is blocking the ability for me to install a CA replica.
Environment:
RHEL 6.6
IPA 3.0.0-42
PKI 9.0.3-38
On the master the following is happening:
ipa-getcert list
Number of certificates and requests being tracked: 5.
(but it
On 02/20/2015 09:36 AM, Günther J. Niederwimmer wrote:
Hello,
have any a functional Link for this Problem.
I found nothing that is working correct ? :-(.
I only know about Dovecot HOWTOs on
http://www.freeipa.org/page/HowTos#Mail_Services
If there is a problem with the instructions and you w
On 02/21/2015 02:05 PM, Thomas Raehalme wrote:
> Hi!
>
> I am in the process of migrating FreeIPA master to another server following
> the instructions on page
> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master.
>
> In the instructions 'post-save command' should have one of
On 02/23/2015 11:13 AM, Veera Veluchamy wrote:
> Hi,
>
> I have configure FreeIPA server in centos and synchronized
> with windows active directory .If I create any users in AD it will be
> automatically synchronized with IPAServer . But I'm unable to configure IPA
> client in m
On 02/25/2015 03:11 AM, Les Stott wrote:
>
>
>> -Original Message-
>> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
>> boun...@redhat.com] On Behalf Of Les Stott
>> Sent: Monday, 23 February 2015 8:01 PM
>> To: Rob Crittenden; Martin K
fixed,
ipa-replica-install --setup-ca worked as expected.
Thanks to Endi Sukma Dewata and Martin Kosek for putting me on the right track.
You are welcome. This case actually got me thinking what we can do to automate
and check this misconfiguration *before* running in such hard-to-debug problem
On 02/27/2015 09:30 AM, mete bilgin wrote:
Hello,
I'm trying to install ipa-server with trust (Win 2008R2). trustdomain-find will
work but when i try to trust-fetch-domains "ipa: ERROR: AD domain controller
complains about communication sequence. It may mean unsynchronized time on both
sides, fo
On 02/27/2015 09:39 AM, mete bilgin wrote:
2015-02-27 10:33 GMT+02:00 Martin Kosek mailto:mko...@redhat.com>>:
On 02/27/2015 09:30 AM, mete bilgin wrote:
Hello,
I'm trying to install ipa-server with trust (Win 2008R2).
trustdomain-find will
wo
On 02/27/2015 10:01 AM, mete bilgin wrote:
2015-02-27 10:45 GMT+02:00 Martin Kosek mailto:mko...@redhat.com>>:
On 02/27/2015 09:39 AM, mete bilgin wrote:
2015-02-27 10:33 GMT+02:00 Martin Kosek mailto:mko...@redhat.com>
<mailto:mko...@redhat.com <mailto:mk
On 02/28/2015 07:18 AM, Rob Crittenden wrote:
> Hadoop Solutions wrote:
>> Hi Rob,
>>
>> please find the attached log of /var/log/ipaserver-install.log
>>
>> kindly let me know the solution for this..
>
> Can you see if you have any SElinux failures?
>
> # ausearch -m AVC -ts recent
>
> I see s
On 03/03/2015 05:38 AM, Jason Prouty wrote:
>
>
> Is there a method to auto disable users who have logged in 90 days.
> I have a security requirement to auto disable users who have not logged in
> after 90 days.
>
There is no such facility implemented in vanilla FreeIPA. I think there was
anot
TPS(443) port!
>
>
>
> Thanks,
> Shaik
>
> On 3 March 2015 at 20:06, Martin Kosek wrote:
>
>> On 02/28/2015 07:18 AM, Rob Crittenden wrote:
>>> Hadoop Solutions wrote:
>>>> Hi Rob,
>>>>
>>>> please find the attached lo
On 03/03/2015 04:34 PM, Dmitri Pal wrote:
> On 03/03/2015 07:22 AM, Martin Kosek wrote:
>> On 03/03/2015 05:38 AM, Jason Prouty wrote:
>>>
>>> Is there a method to auto disable users who have logged in 90 days.
>>> I have a security requirement to auto
On 03/04/2015 04:57 AM, Hugh wrote:
> All,
>
> We're running ipa-server-3.0.0-42/389-ds-base-1.2.11.15-48 on CentOS 6.5
> and synching to AD. We're able to synch users, but can't synch groups.
> When I was adding in the ntGroup objectclass, it appears that that
> requires ntUserDomainId to be s
On 03/04/2015 09:43 AM, re...@hushmail.com wrote:
> Hi,I've read the thread from Nov and checked out
> http://www.freeipa.org/page/HowTo/vsphere5_integration however i'm
> still having trouble getting vpshere to use freeipa as an identity
> source.
> I've set the base DN for users and groups, the c
On 03/04/2015 02:33 PM, Hugh wrote:
> On 3/4/2015 2:00 AM, Martin Kosek wrote:
>> On 03/04/2015 04:57 AM, Hugh wrote:
>> Hello Hugh,
>>
>> Before you dive in further in the FreeIPA winsync and groups, please note
>> that
>> FreeIPA does not support group syn
to the user search looking for 'objectClass=groupOfUniqueNames'
> which my groups don't seem to contain.
>
>
> I'm very much an ldap newbie but I thought at step two in the vsphere
> integration howto I modified the groups schema to include that object class?
>
On 03/05/2015 09:29 AM, Gianluca Cecchi wrote:
> On Thu, Mar 5, 2015 at 8:54 AM, Martin Kosek wrote:
>
>>
>> I am also CCing Gialunca who contributed the HOWTO. I checked it again and
>> tried to apply it on my FreeIPA 4.1.3, my compat group now contain the
>> pr
ipaanchoruuid=%{ipaanchoruuid}
> schema-compat-entry-attribute: objectclass=posixGroup
> schema-compat-entry-attribute: objectclass=groupOfUniqueNames
> schema-compat-entry-attribute: uniqueMember=%regsub("%{member}","^(.*)accounts
> (.*)","%1compat%2")
> sc
On 03/05/2015 11:18 AM, Gianluca Cecchi wrote:
> On Thu, Mar 5, 2015 at 10:37 AM, Martin Kosek wrote:
>
>>
>>>
>>> users' updates were force by vSphere originated queries.
>>> For example without adding iNetOrgPerson objectclass, when I wanted to
>
figuration.
Martin
On 3/5/2015 at 5:44 PM, "Martin Kosek" wrote:
Thanks. The configuration looks OK, I wonder why the uniqueMember
is not
generated for your compat groups - it works on my FreeIPA 4.1.3
server.
Did you restart the Directory Server after you changed the Schema
On 03/06/2015 02:38 AM, Dan Mossor wrote:
On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal mailto:d...@redhat.com>> wrote:
http://i.imgur.com/mhX86Ng.png
It should show up if you do not have a ticket. Destroy the ticket on the
client and try to access the server via browser, you should
On 03/06/2015 04:38 AM, Herwono W Wijaya wrote:
Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin user can be
used and always get an error for other users.
You mean admin user from vCenter, not admin user from FreeIPA, right?
Did you follow this HOWTO:
http://www.freeipa.org/p
On 03/06/2015 08:35 AM, Alexander Bokovoy wrote:
On Fri, 06 Mar 2015, Martin Kosek wrote:
On 03/06/2015 02:24 AM, re...@hushmail.com wrote:
Just to confirm I should restart the server after i've run the ldapmodify?
Right. It would be safer thing to do, if you modified the S
On 03/06/2015 09:34 AM, Andrew Holway wrote:
Hi,
Were using rabbitmq to shunt bits of data around various systems to provide
better security we would like all of our acmq connections to be authenticated
and encrypted.
I'm looking for appropriate documentation or some friendly guidance of how
se
On 03/06/2015 10:56 AM, Roberto Cornacchia wrote:
Hi there,
I'm planning to deploy freeIPA on our lan.
It's small-ish and completely based on FC21, so I expect everything to work
like a charm.
Except one detail. We have Synology NAS station, which uses DSM 5.0.
The ideal plan is to use it as ho
:37 PM, Gianluca Cecchi wrote:
On Fri, Mar 6, 2015 at 8:34 AM, Martin Kosek mailto:mko...@redhat.com>> wrote:
On 03/06/2015 04:38 AM, Herwono W Wijaya wrote:
Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin
user can be
used and always get an er
On 03/06/2015 01:30 PM, Matt . wrote:
Hi,
I'm figuring out how to regenerate the webserver certificates so I can
use a loadbalancer in front of my ipa servers.
I see in the docs there is information about this, but not for the
webservice. Does anyone have some directions ?
Thanks.
Matt
Cer
On 03/06/2015 01:16 PM, Dmitri Pal wrote:
On 03/06/2015 04:32 AM, Martin Kosek wrote:
On 03/06/2015 09:34 AM, Andrew Holway wrote:
Hi,
Were using rabbitmq to shunt bits of data around various systems to provide
better security we would like all of our acmq connections to be authenticated
and
d not working for me, always get this error
Error: Idm client exception: control not found
and also try using this:
http://www.freeipa.org/page/HowTo/vsphere5_integration#Permission_Update
On 3/6/15 7:49 PM, Martin Kosek wrote:
I am glad you have it working. However, I would like to discourage
This is the directory on FreeIPA server that the vCenter is authenticating
useres against.
On 03/06/2015 02:40 PM, Herwono W Wijaya wrote:
there is no directory "/var/log/dirsrv/" in 5.5u2b version
On 3/6/15 8:34 PM, Gianluca Cecchi wrote:
On Fri, Mar 6, 2015 at 2:12 PM, Ma
On 03/06/2015 05:59 PM, Dan Mossor wrote:
On Fri, Mar 6, 2015 at 9:43 AM, Dmitri Pal mailto:d...@redhat.com>> wrote:
On 03/06/2015 10:35 AM, Dan Mossor wrote:
On Fri, Mar 6, 2015 at 9:21 AM, Dmitri Pal mailto:d...@redhat.com>> wrote:
From your workstation can you use the d
Thanks for all the data. So it looks like your browser properly forward the
session cookie, but it is not recognized on the server even though it was
stored before.
Especially these lines are strange:
[Sun Mar 08 13:16:29.909637 2015] [:error] [pid 3004] ipa: DEBUG: store
session: session_id=4803
lot of this to fix this issue.
>
> the issue has been solved by kdestroy and re-initiate the ticket.
>
> after that restarted ipa service, it got worked
>
> Regards,
> ben
>
> On Mon, Mar 9, 2015 at 10:57 AM, Martin Kosek wrote:
>
>> Thanks for all the data.
On 03/11/2015 06:33 PM, Gould, Joshua wrote:
We’re trying to setup RHEL7 with the latest updates. Our ipa-server shows
ipa-server-4.1.0-18.el7.x86_64.
On 3/11/15, 12:39 PM, "Dmitri Pal" wrote:
On 03/11/2015 11:13 AM, Gould, Joshua wrote:
We¹re trying to setup IPA with it acting as an interme
On 03/11/2015 09:05 PM, Dmitri Pal wrote:
> On 03/11/2015 03:15 PM, Erinn Looney-Triggs wrote:
...
>> Third, there appears to be a behavior change from in ipalib. I cleaned up a
>> little inventory script for ansible, you can take a look at it here:
>> https://github.com/ansible/ansible/blob/devel/
On 03/12/2015 12:17 AM, Dmitri Pal wrote:
> On 03/11/2015 04:37 PM, Steven Jones wrote:
>> ==
>> [root@vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns
>> --forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg
>> --skip-conncheck
>> Checking forwarders, please wa
I think you should now check dirsrv errors logs on both server and the replica.
It should have more info what went wrong with starting the replication.
Please also check
# systemctl status dirsrv@YOUR-REALM.service
to check there are no SASL buffer related error messages.
On 03/10/2015 12:58 AM
On 03/10/2015 03:06 PM, Alexander Bokovoy wrote:
> On Tue, 10 Mar 2015, Benjamin Reed wrote:
>> On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
>>> Are you following these instructions?
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authenticati
401 - 500 of 980 matches
Mail list logo