Re: [Freeipa-users] EXAMPLE.COM IPA CA Import /etc/httpd/alias

On 05/29/2016 09:18 AM, Günther J. Niederwimmer wrote: > Hello > I found any Help for the IPA Certificate but I found no way to import the IPA > CA ? > I like to create a webserver with a owncloud virtualhost and other.. > > But it is for me not possible to create the /etc/httpd/alias correct ? >

Re: [Freeipa-users] Centos 7.2 ipa-backup failure

On 05/29/2016 05:33 PM, Ken Bass wrote: > Today I tried my very first ipa-backup attempt. The command reported 'The > ipa-backup command was successful' > > YET I saw: > > /usr/sbin/db2ldif: line 157: 22567 Segmentation fault /usr/sbin/ns-slapd > db2ldif -D /etc/dirsrv/slapd-DOMAIN-NET -n userRo

Re: [Freeipa-users] Install best practice -

On 05/29/2016 07:11 PM, Ben .T.George wrote: > Hi > > I would like to know how can i proceed with best practices > > My AD domain is : corp.examle.com.kw > My DNS (appliances ) : kw.test.com > > All my clients are pointed to kw.test.com

Re: [Freeipa-users] Unable to access to web ui

On 05/30/2016 04:36 PM, Martin Basti wrote: > > > On 30.05.2016 14:20, seli irithyl wrote: >> Hi, >> >> Since last update, I'am unable to log in to web ui with FF (e.g. blank page) >> Any idea where too look for ? >> >> Best regards, >> >> Seli >> >> >> >> >> > Hello, > > can you provide version

Re: [Freeipa-users] Centos 7.2 ipa-backup failure

On 05/30/2016 06:57 PM, Ken Bass wrote: > On 05/30/2016 10:32 AM, Martin Kosek wrote: >> On 05/29/2016 05:33 PM, Ken Bass wrote: >>> Today I tried my very first ipa-backup attempt. The command reported 'The >>> ipa-backup command was successful' >>> &

Re: [Freeipa-users] OCSP and CRL in certs for java firefox plugin

On 05/30/2016 10:53 PM, Prasun Gera wrote: > > To summarize, your options seem to be: > * Create ipa-ca DNS record in your primary domain > * Update the main default certificate profile (present in FreeIPA 4.2+) > * Migrate whole FreeIPA deployment to other DNS primary you would co

Re: [Freeipa-users] sessions failing when using different hostname

On 06/01/2016 07:48 PM, Anthony Clark wrote: > Hello All, > > I've been asked to allow access to our FreeIPA web UI from a more user > friendly > url than I'm currently using. So I've set up a CNAME password.example.com > for ns01.example.com

Re: [Freeipa-users] Replica without CA: implications?

On 06/07/2016 04:10 PM, Cal Sawyer wrote: ... > I found that installing a replica with firewalld enabled would consistently > fail > during initial replication. Disabling firewalld always allowed replication > and > later stages to complete > >[24/38]: setting up initial replication >

Re: [Freeipa-users] How to get FreeIPA feature requests ack'd?

On 06/07/2016 05:22 PM, Cal Sawyer wrote: > Hello > > The RH Bugzilla is pretty much unnavigable by anyone who doesn't know the > magic > words, so i'm asking here. Apologies in advance if misdirected. Hi Cal, I updated FreeIPA Trac front page, to help you (and others) more with filing bugs aga

Re: [Freeipa-users] [FreeIPA 4.3.0] Limits exceeded for this query

On 06/07/2016 09:08 PM, Nathan Peters wrote: > I get this when doing almost anything on only one of my Fedora 23 FreeIPA > 4.3.0 > servers. The rest work fine. > > This server also tends to crash quite a bit and the others do not. > > Any tips on what I should be looking for or how to fix that

Re: [Freeipa-users] sessions failing when using different hostname

On 06/08/2016 09:42 AM, Jan Pazdziora wrote: > On Wed, Jun 08, 2016 at 09:29:09AM +0200, Martin Kosek wrote: >> On 06/01/2016 07:48 PM, Anthony Clark wrote: >>> >>> I'm somewhat at a loss to debug this further. I was wondering if the >>> session >>

Re: [Freeipa-users] Replica without CA: implications?

On 06/08/2016 11:05 AM, Cal Sawyer wrote: > > On 08/06/16 09:23, Martin Kosek wrote: >> On 06/07/2016 04:10 PM, Cal Sawyer wrote: >> ... >>> I found that installing a replica with firewalld enabled would consistently >>> fail >>> during initial rep

Re: [Freeipa-users] FreeIPA 4.4

On 06/08/2016 12:18 PM, Winfried de Heiden wrote: > Hi all, > > Any news/progress about FreeIPA 4.4? > > On http://www.freeipa.org/page/Roadmap: *FreeIPA 4.4*: feature release. > Release > planned for end of May 2016. > > Any updated release date...? The new estimate is rather June, there was

Re: [Freeipa-users] Password sync settings not working

On 06/10/2016 01:59 AM, Joshua J. Kugler wrote: > Howdy! > > We are trying to set up password sync. I have read this: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#password-sync > > I have added that attribute: > ec

Re: [Freeipa-users] disable account behavior

On Wed, 2011-06-08 at 17:55 -0700, Stephen Ingram wrote: > I've disabled an account in FreeIPA using the UI and I don't see any > changes in the directory. Are there supposed to be changes there or is > this something that is accomplished in Kerberos? I was hoping to be > able to search the directo

Re: [Freeipa-users] kinit working, but ipa-client-install not (client not found)

On Fri, 2011-06-24 at 10:28 +0200, Pieter Baele wrote: > On Thu, Jun 23, 2011 at 19:59, Rob Crittenden wrote: > > Pieter Baele wrote: > >> > >> My new freeipa installation is working (server + kinit on a host where > >> I configured krb5.conf manually) > >> but ipa-client-install gives the typical

Re: [Freeipa-users] setting user logins by "hand"

On Tue, 2011-10-11 at 22:10 +, Steven Jones wrote: > Hi, > > Looks like the IPA server on RHEL6.2beta is setting user logins, I need this > to be a manually editable field so I can follow company policy > > So at the moment adding steven jones works out as sjones when I need jonesst1 > set

Re: [Freeipa-users] ipa: ERROR: Auto Membership is not configured

On Sun, 2011-10-16 at 22:55 +0200, Sigbjorn Lie wrote: > Hi, > > When I attempt to create a automember rule, I get an error message "ipa: > ERROR: Auto Membership is not configured". > > [root@ipa01 ~]# ipa automember-add --type=group s_serviceaccounts > ipa: ERROR: Auto Membership is not config

Re: [Freeipa-users] FreeIPA's 'DNS'

On Mon, 2011-11-21 at 11:50 -0500, Dmitri Pal wrote: > On 11/21/2011 05:29 AM, Sigbjorn Lie wrote: > > Hi, > > > > Why not use a forwarders statement in the named.conf? Works for me. > > > > > > zone "11.168.192.in-addr.arpa." in { > > type forward; > > forwarders { 192.168.1.1; 192

[Freeipa-users] Optionistic approach for new DNS API

Hello all, we just had a good discussion with Rob and Endi about different approach to the new DNS API. Current DNS API proposal (patches 174-176) introduced new API based on different commands, e.g. for MX RR type: ipa dnsrecord-mx-add ZONE NAME --preference=0 --exchanger=server1.example.com. ip

Re: [Freeipa-users] Optionistic approach for new DNS API

On Wed, 2011-12-14 at 17:01 -0500, Dmitri Pal wrote: > On 12/14/2011 04:41 PM, Martin Kosek wrote: ... > > > > In CLI it may look like this: > > # ipa dnsrecordmx-show example.com @ --structured > > dnsrecordmx? I assume it is a typo, right? Right. All new options sp

Re: [Freeipa-users] Optionistic approach for new DNS API

On Thu, 2011-12-15 at 15:20 -0600, Endi Sukma Dewata wrote: > On 12/14/2011 3:41 PM, Martin Kosek wrote: > > ipa dnsrecord-mod ZONE NAME VALUE? --type=mx --preference=0 > > ipa dnsrecord-del ZONE NAME --type=mx --preference=0 > > --exchanger=server1.example.com. Thanks for

Re: [Freeipa-users] Optionistic approach for new DNS API

On Thu, 2011-12-15 at 19:09 -0500, Adam Young wrote: > On 12/14/2011 04:41 PM, Martin Kosek wrote: ... > > > In CLI it may look like this: > > # ipa dnsrecordmx-show example.com @ --structured > >Record name: @ > > Record type: MX > > Data: 0 ser

Re: [Freeipa-users] automatic dns update failing

On Sun, 2012-02-19 at 17:23 +0100, Marco Pizzoli wrote: > Hi, > During my setup today I'm always failing in enrolling clients with > automatic dns updates. > I'm playing with FreeIPA 2.1.90, but I guess this is a general > problem, not strictly due to the alpha version. > > I'm doing a "ipa-client

Re: [Freeipa-users] automatic dns update failing

On Mon, 2012-02-20 at 17:08 +0100, Marco Pizzoli wrote: > > > On Mon, Feb 20, 2012 at 9:46 AM, Martin Kosek > wrote: > On Sun, 2012-02-19 at 17:23 +0100, Marco Pizzoli wrote: > > > Hi, > > During my setup today I'm always fai

Re: [Freeipa-users] Bug in documentation or in CLI tools?

On Wed, 2012-02-22 at 22:07 +0100, Marco Pizzoli wrote: > Hi guys, > in a previous question about FreeIPA 2.1.90 I submitted to you, I > received from Martin the answer to use the command: > > "ipa dnszone-mod --dynamic-update=TRUE > " > > I used it and I successfully achieved my purpose, but c

Re: [Freeipa-users] 2.1.90 rc1 testing on F17 alpha

On Sun, 2012-03-11 at 17:55 -0400, Dmitri Pal wrote: > On 03/11/2012 04:22 PM, Stephen Ingram wrote: > > Now I've made it to the WebUI. Login works great (also via the new > > form auth). Click on IPA Server tab and then Configuration yields: > > > > IPA Error 4208 - get-effective-rights: missing s

Re: [Freeipa-users] 2.1.90 rc1 testing on F17 alpha

t;> On 03/12/2012 11:06 AM, Stephen Ingram wrote: > >>>>> On Mon, Mar 12, 2012 at 7:19 AM, Rich Megginson > >>>>> wrote: > >>>>>> On 03/12/2012 01:34 AM, Martin Kosek wrote: > >>>>>>> On Sun, 2012-03-11 at 17:55 -040

Re: [Freeipa-users] Role Required for Web Portal Access

On Thu, 2012-03-15 at 03:57 -0400, Tim Hildred wrote: > Hey all; > I preparing to use IPA as the Directory Server for my RHEV installation. > Formerly in RHEV, you could change users passwords using the RHEV User Portal > itself. With RHEV 3.0, this is no longer posssible. Instead, users need to

Re: [Freeipa-users] [Freeipa-devel] FreeIPA beta1: SELinux prohibits memcached

On Tue, 2012-03-20 at 12:44 +0100, Marco Pizzoli wrote: > Hi guys, > I don't know if you already know this, but in my logs I can find this: > > > Mar 20 12:14:47 freeipa01 setroubleshoot: SELinux is > preventing /usr/bin/memcached from create access on the sock_file > ipa_memcached. For complete

Re: [Freeipa-users] [Freeipa-devel] FreeIPA beta1: SELinux prohibits memcached

On Tue, 2012-03-20 at 13:14 +0100, Marco Pizzoli wrote: > Hi Martin, > > On Tue, Mar 20, 2012 at 1:02 PM, Martin Kosek > wrote: > On Tue, 2012-03-20 at 12:44 +0100, Marco Pizzoli wrote: > > Hi guys, > > I don't know if you already

Re: [Freeipa-users] Error during ipa-replica-install

Hello Marco, judging from the output you sent, it looks like you had an installed replica on freeipa03, then stopped it with "ipactl" stop and after that tried to run ipa-replica-install again - krb5.conf and /var/log/messages you sent would support this theory. IPA replica agreement should be fi

Re: [Freeipa-users] Error during ipa-replica-install

On Sun, 2012-03-25 at 15:55 +0200, Marco Pizzoli wrote: > Hi Martin, > > On Thu, Mar 22, 2012 at 11:50 AM, Martin Kosek > wrote: > Hello Marco, > > judging from the output you sent, it looks like you had an > installed > replica

Re: [Freeipa-users] hosts/clients joining IPA but dns updating not working

On Tue, 2012-03-27 at 01:15 +, Steven Jones wrote: > Hi, > > I just started adding hosts/clients but DNS isnt being updated for the > client(s). > > Screenshot of error is attached > Hello Steven, there is something wrong with your host keytab. As written in the output, ipa-client-ins

Re: [Freeipa-users] ipa-client install error

On Tue, 2012-05-01 at 18:31 -0400, Dmitri Pal wrote: > On 05/01/2012 06:15 PM, Steven Jones wrote: > > So this opens a chicken and egg? > > > > ie when RHEL6.3 comes out and I upgrade the IPA server(s) to 6.3 all the > > older 6.2 clients will break? but I cant upgrade the clients until after >

Re: [Freeipa-users] ipa-client install error

On Wed, 2012-05-02 at 09:44 -0400, Rob Crittenden wrote: > Steven Jones wrote: > > So this opens a chicken and egg? > > > > ie when RHEL6.3 comes out and I upgrade the IPA server(s) to 6.3 all the > > older 6.2 clients will break? but I cant upgrade the clients until after > > the servers are do

Re: [Freeipa-users] RHEL6.3 documentation error...

Hi Steven, thanks for reporting this, I created a Bugzilla for the doc: https://bugzilla.redhat.com/show_bug.cgi?id=824768 Martin On Thu, 2012-05-24 at 04:26 +, Steven Jones wrote: > Hi, > > Page 381 section 18.7.2 says, > > ipa replica-manage connect srv2.example.com srv4.example.com > >

Re: [Freeipa-users] two way changes

On Thu, 2012-05-24 at 05:50 +, Steven Jones wrote: > Hi, > > Just windering but I thought that whether I did change son the > original master, or on the replica that changes would flow to the > other both ways? or do changes only flow original master to replica? > > Since we use multi-mast

Re: [Freeipa-users] ipa ports

On Wed, 2012-05-23 at 19:27 -0400, Dmitri Pal wrote: > On 05/23/2012 05:40 PM, Jan-Frode Myklebust wrote: > > We have quite strict firewalls, so I need to specify the IPA network > > ports accurately. So, we have now opening for: > > > > 80/tcp, 88/tcp, 389/tcp, 443/tcp, 464/tcp, 636/tcp > >

Re: [Freeipa-users] ipa-client-install hangs on ipa-getkeytab

On Mon, 2012-05-28 at 10:21 +0400, free...@noboost.org wrote: > Hi All, > > This one has me stumped! > For some reason my Centos 5.8 x64 Linux server hangs during > "ipa-client-install" > > Server: > * ipa-admintools-2.1.3-9.el6.x86_64 > * ipa-client-2.1.3-9.el6.x86_64 > * ipa-pki-ca-theme-9.0.3-

Re: [Freeipa-users] ipa-client-install hangs on ipa-getkeytab - Fixed!!

On Wed, 2012-05-30 at 08:02 +0400, free...@noboost.org wrote: > On Tue, May 29, 2012 at 09:00:43AM +0200, Martin Kosek wrote: > > On Mon, 2012-05-28 at 10:21 +0400, free...@noboost.org wrote: > > > Hi All, > > > > > > This one has me stumped! > > > F

Re: [Freeipa-users] FreeIPA 2.1 - restrict users to a set of hosts

On Sat, 2012-06-02 at 06:52 -0700, Joe Linoff wrote: > Hi: > > > > I am a newbie that is trying out FreeIPA for the first time. So far I > am extremely impressed with this system but I ran into a problem that > I need some help with. I am trying to figure out how to HBAC to > restrict a set of

Re: [Freeipa-users] Converting a user group to a non-posix group

On Sat, 2012-06-09 at 14:12 +0200, Sigbjorn Lie wrote: > Hi, > > Is there a supported method for converting a posix user group to a > non-posix user group? > > > Regards, > Siggi I am not aware of any supported method. This step is more tricky than making a non-posix group a posix one, because

Re: [Freeipa-users] Converting a user group to a non-posix group

On Mon, 2012-06-11 at 13:05 +0200, Sigbjorn Lie wrote: > On Mon, June 11, 2012 12:53, Sigbjorn Lie wrote: > > > > > On Mon, June 11, 2012 12:21, Martin Kosek wrote: > > > >> On Sat, 2012-06-09 at 14:12 +0200, Sigbjorn Lie wrote: > >> > >> >

Re: [Freeipa-users] Installation Hang on Fedora 17

On Tue, 2012-06-12 at 15:37 +0100, Darran Lofthouse wrote: > On 06/11/2012 05:29 PM, Dmitri Pal wrote: > > Have you downgraded your DS packages as recommended here > > http://www.freeipa.org/page/DS_Issues_Note ? > > > > Thank you Dmitri, that has now got me through the set up process - at > the

Re: [Freeipa-users] IPA 2.2.0 document inaccuracy

On Tue, 2012-06-12 at 14:48 -0700, David Copperfield wrote: > For the replication removal steps documented at > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Identity_Management_Guide/removing-replica.html. > > > > > The step 3 is inaccurate: 'del' should be 'disconne

Re: [Freeipa-users] IPA replica install "A CA is already configured on this system."

On 06/25/2012 11:37 PM, Dan Scott wrote: > Hi, > > I'm trying to install a new Fedora 17 replica of my existing Fedora 16 > FreeIPA servers as part of my migration process. > > I first attempted the installation using an old replica file, but ran > into some issues so I uninstalled and generated

Re: [Freeipa-users] What is the best way to make batch changes to the LDAP?

On 06/27/2012 01:56 AM, Joe Linoff wrote: > Hi Everybody: > > > > Here is a python approach that I am experimenting with based on reading the > source code. It seems to work but it is re-entrant? Does this make sense? Is > there a better way (like ldapmodify)? > > > > #!/usr/bin/env python

Re: [Freeipa-users] How can I change my password from a python script?

On 06/28/2012 03:34 AM, Joe Linoff wrote: > Hi Everybody: > > > > I need to add a lot of users to an LDAP system for testing and I would like to > do it in batch mode. For my small tests have been doing something like this: > > > > #!/bin/bash > > # Script to create a new user. > > ipa us

Re: [Freeipa-users] How can I change my password from a python script?

On Thu, 2012-06-28 at 16:42 -0700, Joe Linoff wrote: > Hi Petr: > > I implemented what you suggested and everything worked pretty well but I > ran into three issues that you might be able to help me with. > > ISSUE #1 > The first issue (and the most important) is that the password is only > tempo

Re: [Freeipa-users] How can I change my password from a python script?

n. > > Regards, > > Joe > > -Original Message- > From: Alexander Bokovoy [mailto:aboko...@redhat.com] > Sent: Friday, June 29, 2012 12:31 AM > To: Martin Kosek > Cc: Joe Linoff; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] How can I change my

Re: [Freeipa-users] Sudo documentation correction (sudo 1.7.4p-5 update breaks working configuration)

On 07/11/2012 12:02 PM, James Hogarth wrote: > Hi all, > > Having just spent an hour debugging this during my centos6.2 to > centos6.3 updates here's a heads up for others and a correction to the > documentation at docs.redhat.com > > The update to sudo mentioned changed sudo to use /etc/sud

Re: [Freeipa-users] IPA Error 4205 attribute "idnsAllowTransfer" not allowed

On 07/30/2012 02:57 PM, Simo Sorce wrote: > On Mon, 2012-07-30 at 12:11 +0200, Robert Bowell wrote: >> Hi Simo, >> >> Thanks for your reply. >> >> Yes the IPA server has been updated from 2.1 to 2.2. Prior to the >> update, DNS zones could be created without any issues. >> >> I have also noticed

Re: [Freeipa-users] IPA Error 4205 attribute "idnsAllowTransfer" not allowed

On 07/30/2012 03:21 PM, John Blaut wrote: > Hi > > I am following the same issue with Robert. > > In /etc/dirsrv/slapd-/schema/99user.ldif we can see that these new > attributes have been added. Hello John, I assume that the new attributes were not added to the MAY list in idnsZone objectclass

Re: [Freeipa-users] ipa krbtpolicy-mod --maxlife

On 07/30/2012 05:00 PM, george he wrote: > Hello all, > I'm trying to change the krb ticket life time for myself, so I used > ipa krbtpolicy-mod MYUSERNAME --maxlife 36 > but then after I do kinit, my new ticket is still going to expire after 24 > hours, which is the default ticket life, even t

Re: [Freeipa-users] resetting an admin account.

On 07/27/2012 12:48 AM, Steven Jones wrote: > I have tried to reset my admin password (admjonesst1) using the admin account > toa temp password, > > So I run a kinit admjonesst1 to reset it to a perm one and I get, > > > [jonesst1@8kxl72s ~]$ kinit admjonesst1 > Password for admjones...

Re: [Freeipa-users] ip changed

On 08/30/2012 05:38 AM, george he wrote: > Hello all, > I have free-ipa set up on my lab machines all running Fedora 17. > Today the lab was moved to another building on campus and the IPs have to be > changed. > Now that the IPs are changed, I cannot even run kinit on the ipa-server. > The error m

Re: [Freeipa-users] Migrate from SunONE DS5.2 - UnicodeDecodeError

On 09/20/2012 02:55 PM, Rob Crittenden wrote: > Pieter Baele wrote: >> Hi, >> >> I have a known problem when using the migration tool. >> Is there already a solution for this? >> >> As in: >> https://www.redhat.com/archives/freeipa-users/2012-January/msg00200.html >> >> ipa migrate-ds ldap://x.x.x

Re: [Freeipa-users] ipa host-add having both an IPv4 and an IPv6 address

On 09/20/2012 10:35 PM, Sigbjorn Lie wrote: > Hi, > > I see that I can add hosts with either an IPv4 or an IPv6 address when using > "ipa host-add --ip-address=". > > Is there a way to add a host specifying both an IPv4 and an IPv6 address at > the > same time? > > Adding the --ip-address optio

Re: [Freeipa-users] winsync agreement wipes IPA users

When using bare ldapsearch, you are hitting 389-ds limits - in your case nsslapd-sizelimit. This can be increased either globally or (this seems as a more secure solution) for a user you bind as: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/

Re: [Freeipa-users] Do we need ipa-client-update script?

On 09/22/2012 01:22 AM, Sigbjorn Lie wrote: > On 09/21/2012 10:45 AM, Petr Spacek wrote: >> Hello users, >> >> we have a question for client machine administrators: >> >> On 09/21/2012 10:12 AM, Martin Kosek wrote: >> >> > ..., that it may be us

Re: [Freeipa-users] sudden ipa errors.

Hello Nathan, you can file the bug on Red Hat Bugzilla (bugzilla.redhat.com), you can use this link: https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%206 Thanks in advance! Martin On 09/21/2012 05:53 PM, Nathan Lager wrote: > Sure thing, can you point me to where

Re: [Freeipa-users] confusing users

On 10/09/2012 12:59 AM, Steven Jones wrote: > Hi, > > When a user logs in for the first time nad they have to set a new password, if > it doesnt meet the passowrd standard/policy it fails with a "authentication > token manipulation error" is it possible to get that changed so it says > "password d

Re: [Freeipa-users] confusing users

iversity, Wellington, NZ > > 0064 4 463 6272 > > > From: Martin Kosek [mko...@redhat.com] > Sent: Tuesday, 9 October 2012 7:54 p.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] confusing users > > On 10/09/2012 12:

Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release

On 10/12/2012 08:06 PM, Rob Crittenden wrote: > The FreeIPA team is proud to announce version FreeIPA v3.0.0. > > It can be downloaded from http://www.freeipa.org/Downloads. Correction: FreeIPA 3.0.0 can be downloaded from http://www.freeipa.org/page/Downloads Martin __

Re: [Freeipa-users] Failed installation

Hello Bret, This may be a long shot, but when I sometimes hit this kind of errors when CA installation crashed and there is still some remaining CA configuration (in /var/lib/pki-ca). I usually fix this with standard "ipa-server-install --uninstall -U" and then running this command: /usr/bin/pkir

Re: [Freeipa-users] Failed installation

On 10/18/2012 01:23 PM, Bret Wortman wrote: > Tomcat is definitely not running and there's no log in /var/log/pki-ca. > SELinux > is disabled and not running. The same RPMs are installed on both my > functioning > and nonfunctioning system, at least as far as "# rpm -qa | grep tomcat | sort" > re

Re: [Freeipa-users] DNS forwarding problem

On 10/22/2012 08:28 PM, Fred van Zwieten wrote: > Hello, > > I have a problem. My setup: > > - IPA server for domain example.com on ipa.example.com > > - DNS server sub.example.com on host.sub.example.com >

[Freeipa-users] Announcing FreeIPA v2.2.1 Release

permission. Jan Cholasta (1): * SSH configuration fixes. Martin Kosek (1): * Become IPA 2.2.1 Petr Viktorin (2): * replica-install: Don't copy Firefox config extension files if they're not in the replica file * Create Firefox extension on upgrade and replica-install Petr V

Re: [Freeipa-users] DNS / Allow PTR sync

On 11/06/2012 10:38 AM, Petr Spacek wrote: > Hello Mike, > > are you talking about IPA WebUI or CLI or DNS dynamic update mechanism? On > which distribution and IPA version? > > On 11/05/2012 10:35 PM, Michael Mercier wrote: >> Hello, >> >> A couple of questions regarding DNS / Allow PTR sync. >>

Re: [Freeipa-users] sssd/pam login issues after upgrade to 2.2.1 on Fedora 17

On 11/12/2012 05:44 PM, Anthony Messina wrote: > On Monday, November 12, 2012 09:51:14 AM Anthony Messina wrote: >> On Monday, November 12, 2012 09:17:17 AM Anthony Messina wrote: > I also find that when I do a manual ldapsearch for the > non-upgraded clients as > > > follows:

Re: [Freeipa-users] sssd/pam login issues after upgrade to 2.2.1 on Fedora 17

On 11/13/2012 02:01 PM, Martin Kosek wrote: > On 11/12/2012 05:44 PM, Anthony Messina wrote: >> On Monday, November 12, 2012 09:51:14 AM Anthony Messina wrote: >>> On Monday, November 12, 2012 09:17:17 AM Anthony Messina wrote: >>>>>> I also find that w

Re: [Freeipa-users] adding group fails with "Type or value exists"

On 11/16/2012 12:48 AM, Qing Chang wrote: On 15/11/2012 6:10 PM, John Dennis wrote: On 11/15/2012 04:21 PM, Qing Chang wrote: Adding group produces error message "Type or value exists" and fails. As shown below, I tried a few different group name to ensure that there is no duplicates: [root@

Re: [Freeipa-users] Problem adding DNS Zones

On 11/16/2012 04:11 PM, Bret Wortman wrote: Using FreeIPA on a private network (where it's easier to just alias our own servers to these names than to edit config file after config file). Any idea what I'm doing wrong here? # ipa dnszone-add 0.pool.ntp.org --name-server=d

Re: [Freeipa-users] ipa-replica-install fails

On 12/11/2012 05:25 PM, Dmitri Pal wrote: > On 12/11/2012 10:53 AM, Bret Wortman wrote: >> My replica install fails to create a DS instance: >> >> : >> [2/30]: creating directory server instance >> ipa : CRITICAL failed to create ds instance Command >> '/usr/sbin/setup-ds.pl

Re: [Freeipa-users] sudo made a bit easier to configure

On 12/20/2012 04:43 PM, Han Boetes wrote: Hi, I discovered that using this recipe makes setting up sudo-ldap very simple. Even when anonymous binds is disabled. TLS_CACERT /etc/ipa/ca.crt TLS_REQCERT demand SASL_MECH GSSAPI BASE dc=domain,dc=com URI ldap://auth-ipa.domain.com

Re: [Freeipa-users] backup create restore

On 12/21/2012 01:07 PM, Артур Файзуллин wrote: HI! What about adding this functionality to IPA-server: create backup # ipa backup-create --create --output-file=pathtofile restore from backup # ipa-server-install --restore-from-backup=pathtofile I think this feature will be very usefull :) H

Re: [Freeipa-users] freeIPA 3.1.0 for Redhat Enterprise 6.3?

Hello David, FreeIPA 3.1 requires several major dependencies that are not available in RHEL 6.x versions - the most notable ones are PKI-CA of version 10.0 and 389-ds-base of version 1.3.0 which introduced transaction support. I think the easiest way to get version 3.1 would be to wait for ne

Re: [Freeipa-users] two questions on IPA usage

On 12/20/2012 12:34 AM, David Copperfield wrote: Hi Howdy, Two questions on IPA usage are listed below. Please help. 1, How to reset a normal IPA user's password through web interface when the password is expired? when the normal user's password is close to expiration but still not expir

Re: [Freeipa-users] IPA 2.2.0-16 still needs CLEANRUV and CLEANALLRUV

On 12/19/2012 11:24 PM, David Copperfield wrote: Hi howdy, This is trying to confirm whether we still need to perform the steps of cleaning RUV records, when a freeIPA master, or a replica is removed. Months back it was rumored that some work was being done on underlying 389 LDAP and the RNV c

<    5   6   7   8   9   10