Hi Guys,
I'm having a failure on my upgrade for 4.4.2-1 on Fedora 24
I already checked some info and:
ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX
Gives me TU instead of MII as expected.
Any suggestions further ?
Thanks,
Matt
2016-10-17T22:19:10Z DEBUG Starting external pr
and fine. I also had some weird
DNS error and bind didn't want to start anymore because of expecting a
; I thought this had something todo with a forwarder which wasn't.
For now I'm good, but do you want extra info ?
Thanks,
Matt
2016-10-18 7:49 GMT+02:00 Martin Babinsky :
> On 1
Doesn't get the user a default mailaddress when you add him under the
REALM domain ?
2017-01-02 17:50 GMT+01:00 Petr Vobornik :
> On 01/02/2017 05:00 PM, nirajkumar.si...@accenture.com wrote:
>> Hi Team,
>>
>> Is there any way to make email as mandatory field before creating any user
>> from
>> W
synced users
so they can login on both environments (servers).
Would there be some way to accomplish this ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi,
Is it possible to create a user that can/is allowed (to) only add
hosts using the ipa-client-install ?
Would be nice to know.
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for
box", but I have the feeling
I'm missing something here.
I hope someone can help me out!
Thanks!
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi All,
Is a wildcard DNS record supported at the moment ?
If so, how to accomplish this ?
Thanks!
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi Martin,
I have seen it indeed and discusses on #freeipa
Is it not possible to install bind-dyndb-ldap 4.0 manually on CentOS 6.5 ?
Cheers,
Mattt
2014-05-23 13:57 GMT+02:00 Martin Kosek :
> On 05/23/2014 12:15 PM, Matt . wrote:
> > Hi All,
> >
> > Is a wildcard DNS re
OK, but I wonder where I can remove that * check in IPA... it must be
somewhere in a template I think.
2014-05-23 15:50 GMT+02:00 Petr Spacek :
> On 23.5.2014 15:46, Martin Kosek wrote:
>
>> On 05/23/2014 03:44 PM, Petr Spacek wrote:
>>
>>> On 23.5.2014 13:59, Matt
Indeed!
2014-05-23 20:33 GMT+02:00 Dmitri Pal :
> On 05/23/2014 09:52 AM, Matt . wrote:
>
> OK, but I wonder where I can remove that * check in IPA... it must be
> somewhere in a template I think.
>
>
> You mean you want to contribute to the IPA code to change the validato
Hi All,
Is it possible in some way to automount a WebDav share to a Ubuntu
Client when a user logings in on the commandline ?
I'm only able to use WebDav on these machines.
I hope this is solvable.
Cheers,
Matt
___
Freeipa-users mailing
Hi,
Thanks for that quick search, I wasn't searching on autofs.
I will let you know!
Cheers,
Matt
2014-06-09 12:24 GMT+02:00 Natxo Asenjo :
>
> On Mon, Jun 9, 2014 at 12:16 PM, Matt . wrote:
>>
>> Hi All,
>>
>> Is it possible in some way to automount a WebD
Hi,
I'm only concerned about how to pass the password in this one... it
seesm to be hardcoded and I would like to have it used by
ldap/freeipa.
Cheers,
Matt
2014-06-09 12:35 GMT+02:00 Matt . :
> Hi,
>
> Thanks for that quick search, I wasn't searching on autofs.
>
Hi,
Yes this is happening, or should with:
share -fstype=davfs,user,rw,dir_mode=0777,file_mode=0666
http://webdavserver//webdav
But it doesn't connect, or I don't see any logs about it.
Ab on IRC tested this and it should work, but I'm missing something I think.
Cheers,
Matt
OK, it seems that GSSAPI is key here, now I need to find out if I need
something extra for GSSAPI on the WebDav Server.
2014-06-10 11:10 GMT+02:00 Matt . :
> Hi,
>
> Yes this is happening, or should with:
>
> share -fstype=davfs,user,rw,dir_mode=0777,file_mode=0666
> http://we
Anyone some news on this ? I'm kinda stuck with the normal webdav
mount howto's I find.
2014-06-10 22:03 GMT+02:00 Matt . :
> OK, it seems that GSSAPI is key here, now I need to find out if I need
> something extra for GSSAPI on the WebDav Server.
>
> 2014-06-10 11:10 GM
[ OK ]
Restarting HTTP Service
Stopping httpd:[ OK ]
Starting httpd:[ OK ]
I hope someone can help me out!
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.
Hi,
Yes I did in the past. THe DNS tabs are there and named is installed.
Can I run that "over" without any issue ?
In any other case I just can reinstall the ipa software on the replica
and create a new setup for it...
Cheers,
Matt
2014-08-04 1:52 GMT+02:00 Simo Sorce :
> On Su
Hi,
I got this solved but the replica doesn't do it's forwards on the
zone's it need to foreward for, the master with the same settings
does.
I have done a new install but the same happens.
WHat could be wrong here ?
Cheers,
Matt
2014-08-04 10:13 GMT+02:00 Martin Kosek :
>
Hi,
Sorry, my fault, there was a FW fule in between.
Thanks for the heads up.
Matt
2014-08-07 14:53 GMT+02:00 Petr Spacek :
> On 5.8.2014 11:24, Matt . wrote:
>>
>> Hi,
>>
>> I got this solved but the replica doesn't do it's forwards on the
>> zone
sssd, but not always.
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
OK, found it... I needed to comment out my other ldap lines, but I
wonder why this is needed on CentOS and Ubuntu works without them.
2014-10-12 21:14 GMT+02:00 Matt . :
> Hi All.
>
> I'm using sudo rules on Ubuntu machines perfectly, but on CentOS I get:
>
> User username i
I remove it it
can login again.
Removing uid@sub.domain.local and only having n...@domain.tld doesn't
work either.
Anyone an idea how I can set uid@sub.domain.local bind a primary ?
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/ma
Hi Dimitri,
What do you mean by how ? Can you be more specific what you want to know ?
2014-11-21 23:42 GMT+01:00 Dmitri Pal :
> On 11/20/2014 09:15 PM, Matt . wrote:
>>
>> Hi Guys,
>>
>> For authenticating a user in Kolab I need uid@sub.domain.local as
>> e
olab_auth_admin_login']= 'admin';
$config['kolab_auth_admin_password'] = 'xx';
$config['kolab_auth_auditlog'] = true;
}
// Administrative role field (from fieldmap configuration) which
must be filled with
// specif
HI Dimitri,
Thanks, but it seems following the kolab devs that if kolab cannot
determine the base dn, the other two do not matter.
So what would you change exactly ?
There might be need changed more.
I hope we can get this fixed !
Thanks,
Matt
2014-11-22 0:51 GMT+01:00 Dmitri Pal :
> On
HI,
Yes and that doesn't let me login... that's the issue.
2014-11-22 1:45 GMT+01:00 Dmitri Pal :
> On 11/21/2014 07:12 PM, Matt . wrote:
>>
>> HI Dimitri,
>>
>> Thanks, but it seems following the kolab devs that if kolab cannot
>> determine the bas
I need to say, saslauth caches it, didn't restart that one actually as
it's kinda late!
2014-11-22 1:55 GMT+01:00 Matt . :
> HI,
>
> Yes and that doesn't let me login... that's the issue.
>
> 2014-11-22 1:45 GMT+01:00 Dmitri Pal :
>> On 11/21/2014 0
urce
/etc/postfix/ldap/mydestination.cf
But when I do a postmap check on this cf with domain.tld that gives a
match, as it should...
So that might need some modification ?
2014-11-22 2:14 GMT+01:00 Dmitri Pal :
> On 11/21/2014 07:57 PM, Matt . wrote:
>>
>> I need to say, saslauth caches
Hi,
OK got it working by changing the mailadres to u...@domain.tld
Actually no IPA question, but you might know, my email is not
delivered in one file /var/mail/uid instead of the maildir format it
should do.
At least it arrives well! Thanks
2014-11-22 2:23 GMT+01:00 Matt . :
> Hi that was
Hi All,
I see it's possible to add an extra field to a user by creating a new
userobjectclass.
The issue is that this field is not yet @ the user, but can we create it here ?
/usr/lib/python2.6/site-packages/ipalib/plugins/user.py
Any direction would be great!
Thanks,
Matt
--
Manage
Hi Dimitri,
I need to use multiple email adresses, but not under mail, mail needs
to be primary.
I have seen I can add mailAttribute ?
I need to have them as field, and the best would be something like
alias1, alias2, aliasX
Would be doable ?
Cheers,
Matt
2014-11-24 17:51 GMT+01:00 Dmitri
Hi,
I need to make sure I have a primary one which is mail, the other ones
should not matter, but I think it's wiser to have it like I know what
is where.
The reason why I need to is because I'm using Kolab which needs at
least a primary mail attribute.
Cheers,
Matt
2014-11-24 19:22
Is this still the known bug in 4.x ?
And can I fix it ?
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
OK, thank for that.
But should an IPA install not add them by default ? Maybe this is some
4.x dev which is still needed ?
I need to look what I exactly need.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freei
Readin up on this the weak password setting should work, but it doesn't.
What are my chances here as I need to do a "ipa pwpolicy-mod --maxlife 200"
Or can this be done from a ldap browser too ?
2014-12-29 23:31 GMT+01:00 Matt . :
> OK, thank for that.
>
> But should an
(anymore)
Does someone have a clue how to fix this ? I'm quite sure this is possible.
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
HI,
I'm already doing so without any luck. If you remember something,
would be nice to know!
So it should be possible to do still ?
2015-02-05 14:26 GMT+01:00 Dmitri Pal :
> On 02/05/2015 07:59 AM, Matt . wrote:
>>
>> Hi,
>>
>> OK, but as far as I underst
those days that it seems to be lost or so.
Thanks,
Matt
2015-02-05 13:21 GMT+01:00 Dmitri Pal :
> On 02/05/2015 05:54 AM, Matt . wrote:
>>
>> In the past we have done some testsetups with password expiring after
>> we added a user, at the moment I have difficulties with this
to higher up the
first calcuation...
I need the global kerberos calculation time for that, but where is it located ?
That would solve my issue for sure!
> On 02/05/2015 08:32 AM, Matt . wrote:
>>
>> HI,
>>
>> I'm already doing so without any luck. If you remember
Yes, when receiving your email I found that indeed. My ldapEditor
doesn't allow me to add that value, so this need to be done using the
commandline ?
2015-02-05 15:03 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> HI,
>>
>> I'm already doing so without any
OK this works out good, I can login without changing my password directly.
But my expire is still on a day which should be set higer.
min is on 0 everywhere, max is 90 days.
How to accomplish that ?
2015-02-05 17:13 GMT+01:00 Matt . :
> Yes, when receiving your email I found that indeed.
I'm quite sure you can without changing code, I need to find out where
it's set again... it's doable.
2015-02-05 22:04 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> OK this works out good, I can login without changing my password directly.
>>
>> But my expire i
Hi,
I'm figuring out how to regenerate the webserver certificates so I can
use a loadbalancer in front of my ipa servers.
I see in the docs there is information about this, but not for the
webservice. Does anyone have some directions ?
Thanks.
Matt
--
Manage your subscription for the Fr
uld I proceed ? I
added the host like
ldap.domain... where my ldap servers are ldap-01 and ldap-02
Thanks!
Matt
2015-03-06 14:08 GMT+01:00 Martin Kosek :
> On 03/06/2015 01:30 PM, Matt . wrote:
>>
>> Hi,
>>
>> I'm figuring out how to regenerate the webserver certifica
Hi,
But as the user is the same, I could use the same keytab for each ipa server ?
I need to use the API indeed, so need to issue the http service.
Any other options ?
2015-03-06 14:24 GMT+01:00 Petr Spacek :
> On 6.3.2015 14:08, Martin Kosek wrote:
>> I'm figuring out how to regenerate the w
is make it more clear ?
2015-03-06 15:31 GMT+01:00 Petr Spacek :
> On 6.3.2015 15:13, Matt . wrote:
>> Hi,
>>
>> But as the user is the same, I could use the same keytab for each ipa server
>> ?
>>
>> I need to use the API indeed, so need to issue the http servi
step 6
Thanks again!
Cheers,
Matthijs
2015-03-06 16:16 GMT+01:00 Petr Spacek :
> On 6.3.2015 15:39, Matt . wrote:
>> I have 2 IPA servers where I kinit to and post to the api using curl/json.
>
> If we are talking purely about scripting, you can use IPA Python API. It will
> han
this well when doing these command
from PHP for an example. Building in extra checks in front could be
done but it not ideal as a loadbalancer can handle such things much
better.
Thanks!
Cheers,
Matt
2015-03-06 16:41 GMT+01:00 Dmitri Pal :
> On 03/06/2015 10:24 AM, Matt . wrote:
>>
Hi,
I will balance with IP persistance so I think there won't be any
mixing as long as that "used" server is online.
2015-03-06 19:16 GMT+01:00 Dmitri Pal :
> On 03/06/2015 11:05 AM, Matt . wrote:
>>
>> OK, understood.
>>
>> But when a webservice does e
uestion remains, how?
2015-03-07 10:37 GMT+01:00 Matt . :
> Hi,
>
> I will balance with IP persistance so I think there won't be any
> mixing as long as that "used" server is online.
>
> 2015-03-06 19:16 GMT+01:00 Dmitri Pal :
>> On 03/06/2015 11:05 A
Hi Guys,
Is Rob able to look at this ? I hope he has some sparetime as I'm
kinda stuck with this issue.
Thanks!
2015-03-08 12:30 GMT+01:00 Matt . :
> I'm reviewing some things.
>
> When I'm using a loadbalancer, which I prefer in this setup I need to
> have th
Hi,
Security wise I can understand that.
Yes I have read about that... but that would let me use the
loadbalancer to connect ? I was not sure if the SAN would "connect" as
"other" host.
2015-03-12 15:07 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi Guys,
>>
I remember.
Or do I ?
Something else; did you had a nice PTO ?
2015-03-12 15:54 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi,
>>
>> Security wise I can understand that.
>>
>> Yes I have read about that... but that would let me use the
>> loadbalancer to c
uiet use_uid
session required pam_unix.so
session optional pam_sss.so
This is not what we want with a centralized auth and policy system so
I hope we can fix this bug soon.
Ideas are welcome!
Cheers,
Matt
___
Freeipa-users mailing list
F
013, Matt . wrote:
>
>> Hi,
>>
>> A lot of people seem to have problem with Sudo and FreeIPA.
>>
>> How to enable sudo is described here:
>>
>> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_**
>> Integration.pdf<http://www.freeipa.org/i
James,
Is this in RHEL based systems only ? On Ubuntu there seems to be still
issues.
A full printout of the config file(s) would be nice to see as most people
write other things down they have working, but the working ones don't write
their full config down.
Thanks.
Cheers,
Matt
2013
erver ? We have put a lot of time into the
user_show part and that works, now westill need the user_add (and so on).
Has anyone some sort of sample/howto for this ?
Thanks in advance.
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi Alexander,
That is great!
I hope that someone can find this topic and use it as reference as it tool
us some time to find the other one :)
Thanks!
Cheers,
Matt
2013/7/29 Alexander Bokovoy
> Hi Matt,
>
>
> On Mon, 29 Jul 2013, Matt . wrote:
>
>> Hi all,
>>
e here actually.
Something simple must be wrong I guess.
Thanks so far for the effort!
Cheers,
Matt
2013/7/29 Alexander Bokovoy
> Hi!
>
>
> On Mon, 29 Jul 2013, Matt . wrote:
>
>> Hi Alexander,
>>
>> That is great!
>>
>> I hope that someone can f
y need the A -> B -> C part exectured from a php script to add a
user with user_add.
More details about that are welcome.
Thanks!
Cheers,
Matt
2013/7/30 Dmitri Pal
> On 07/29/2013 03:02 PM, Alexander Bokovoy wrote:
> > Hi!
> >
> > On Mon, 29 Jul 2013, Ma
user has in
FreeIPA.
After this you can run a curl script from the commandline with a
"add_user" and actually add that user to IPA. So that works.
That is what we actually want to do from PHP but testing this with a
HTTP/HTTPD user in IPA doesn't work.
Shouldn't that
Hi guys,
I'm testing out some installation and want to update my docs.
I'm using a self signed cert and need to talk to the json/api.
Which certs do I need to combine for my request, as I need an issuer too.
The /etc/ipa/ca.crt combined with an export of the webcert ?
Matt
--
M
Hi,
Yes I found that out using some blof of Alexander.
Thanks! as I thought we needed a combination of the issues also, but I
saw one some tetsmachine this was not needed anymore, cannot say about
the past anymore.
Cheers,
Matt
2015-11-09 0:04 GMT+01:00 Fraser Tweedale :
> On Fri, Nov
Hi guys,
How is the progres on the Samba (Share) Authentication for FreeIpa ?
I hope we already have some work around to use the FreeIPA credentials
for authing network shares.
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo
Hi John,
With which OS, package version and config ? On Ubuntu 15.10 I'm not
able it seems.
Thanks!
2015-12-30 9:43 GMT+01:00 John Obaterspok :
> Hi Matt,
>
> It already works fine to use kerberos ticket to access samba shares.
>
> -- john
>
> 2015-12-28 14:01 GMT+01
test in minutes :)
Thanks and have a great new year ! (With MIT!)
Matt
2015-12-30 16:38 GMT+01:00 Alexander Bokovoy :
> On Wed, 30 Dec 2015, Matt . wrote:
>>
>> Hi John,
>>
>> With which OS, package version and config ? On Ubuntu 15.10 I'm not
>> able i
out in any way
by lots of logins or tries, etc and be able to test it functions
allright ?
Thanks.
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
too many
logins, and this concerns me as they are not POSIX.
2016-01-14 15:16 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi Guys,
>>
>> I'm having an issue that a user which I use for the API is getting
>> locked out from time to time.
>>
>> I have
-01-14 16:58 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> OK, nice,but this user failed on kinit but is in the group where the
>> policy is set to 0.
>>
>> Can I check on the commandline if it applies to that setting by
>> querying ldap in some way ? It could be that
My fault from the maxfail, I was referencing some doc from
side_control and mixed it up.
For the sysaccount part sounds doable. I will report back for that!
thanks a lot!
2016-01-14 19:06 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> OK, this looks good, but keeps the user locked fro
Hi,
I'm fugiring out if it's possible to strip the ipa start and stop from
the backup method and actually do a fullbackup manually started.
Any idea ?
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
check that out further.
An ipactl start is not needed it seems as the ipa-backup command seems
to start ipa at any time again.
Do you understand/agree here ?
2016-02-17 8:00 GMT+01:00 David Kupka :
> On 16/02/16 20:26, Matt . wrote:
>>
>> Hi,
>>
>> I'm fugiring o
as errors because
it just does it that way.
2016-02-18 16:08 GMT+01:00 Rob Crittenden :
> David Kupka wrote:
>> On 17/02/16 10:47, Matt . wrote:
>>> Hi David,
>>>
>>> I have tested your way out and it seems to be OK.
>>>
>>> The reason why I need
no messages that relate to the connection in event viewer and
nothing other then "[-11 - System error]" in any of the freeIPA log files.
Thanks
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
Any ideas on where to look for more information? I have been unable to
make any progress on this.
Thanks
On 22/05/2012 10:18, Matt wrote:
Hi,
I am attempting to run replication between Windows AD (2008R2) and a
FreeIPA (2.2.0) server (fc-17) in a test setup.
I have bound FreeIPA to
On 29/05/2012 23:15, Rob Crittenden wrote:
Rob Crittenden wrote:
Matt wrote:
Hi,
Any ideas on where to look for more information? I have been unable to
make any progress on this.
Thanks
On 22/05/2012 10:18, Matt wrote:
Hi,
I am attempting to run replication between Windows AD (2008R2) and
e.crt
Directory Manager password:
Enter private key unlock password:
list index out of range
The ipa-server-certinstall command failed.
If I do a #ipa-certupdate the Server-Cert is removed from
/etc/httpd/alias and the install fails because of this.
What can I do to solve this ?
Thanks,
Matt
--
M
Hi Dan,
Ues i have tried that and I get the message that it misses the full
chain for the certificate.
My issue is more, why is the Server-Cert being removed on a certupdate ?
Cheers,
Matt
2017-02-14 2:18 GMT+01:00 Sullivan, Daniel [CRI] :
> Is the chain in mydomain_com_bundle.crt? Have
Certs are valid, I will check what you mentioned.
I'm also no fan of bundles, more the seperate files but this doesn't
seem to work always. At least for the CAroot a bundle was required.
Matt
2017-02-14 14:51 GMT+01:00 Sullivan, Daniel [CRI] :
> Have you validated the cert (a
same issues still exist, the Server-Cert is
removed again on ipa-certupdate and fails.
I have tried this with setenforce 0
Cheers,
Matt
2017-02-14 17:24 GMT+01:00 Florence Blanc-Renaud :
> On 02/14/2017 02:54 PM, Matt . wrote:
>>
>> Certs are valid, I will check what you menti
Hi Florance,
Sure I can, here you go:
Fedora 24
Freeipa VERSION: 4.4.2, API_VERSION: 2.215
I installed this server as self-signed CA
Cheers,
Matt
2017-02-14 17:54 GMT+01:00 Florence Blanc-Renaud :
> On 02/14/2017 05:43 PM, Matt . wrote:
>>
>> Hi Florance,
>>
>
Hi,
Is there any update on this ? I need to install 3 other instances but
I would like to know upfront if it might be a bug.
Thanks,
Matt
2017-02-14 17:59 GMT+01:00 Matt . :
> Hi Florance,
>
> Sure I can, here you go:
>
> Fedora 24
> Freeipa VERSION: 4.4.2, API_VERSION: 2.2
Hi Flo! (if I may call you like that, saves some characters in typing
but with this extra line it doesn't anymore :))
This works perfectly, thank you very much.
No questions further actually :)
Cheers,
Matt
2017-02-16 11:17 GMT+01:00 Florence Blanc-Renaud :
> On 02/15/2017 05:40
Hi Flo,
Sure I can, I will look through the steps closely tomorrow and will
create some lineup here.
Cheers,
Matt
2017-02-16 23:55 GMT+01:00 Florence Blanc-Renaud :
> On 02/16/2017 09:55 PM, Matt . wrote:
>>
>> Hi Flo! (if I may call you like that, saves some characters in typ
?
I'm also curious about what IPA syncs between all hosts, it seems to
be only the Intermediate certs and not the install domains
certificate, this needs to be installed manually after a local
#ipa-certupdate on each node ?
I hope you can clearify this out.
Thanks,
Matt
2017-02-17 0:15 GM
Hi Guys,
Does anyone know what the max length is for a sysaccount username is ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi,
The install seems to be OK this way, but I'm still confused about the
duplicated and the RootCA.
Cheers,
Matt
2017-02-18 14:47 GMT+01:00 Matt . :
> Hi Florance,
>
>
> I'm actually stil investigating this as the following occurs.
>
> I have removed all unneed
Hi Rob,
Yes it does, I understood that there was some reason the duplicate
might exist, but I wonder more why does the RootCA show up when I
removed it and comes back after adding the two intermediates ?
Thanks
Matt
2017-02-20 15:20 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi,
Hi All,
Yes as I stated I see software, multiple, having issues with usernames
larger then 28 characters.
Cheers,
Matt
2017-02-20 15:53 GMT+01:00 Rob Crittenden :
> David Kupka wrote:
>> On Sat, Feb 18, 2017 at 03:06:21PM +0100, Matt . wrote:
>>> Hi Guys,
>>>
>&g
Oh sorry, I thought I did, must have been some conceptmail then :)
2017-02-20 21:21 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi All,
>>
>> Yes as I stated I see software, multiple, having issues with usernames
>> larger then 28 characters.
>
> You didn
Hi Flo,
Yes it does! Thanks for that. Is it not possible to remove a
certificate fully as it always syncs this way ? Or remove it from
/etc/httpd/alias, then from ldap and then sync again ?
Cheers,
Matt
2017-02-21 9:03 GMT+01:00 Florence Blanc-Renaud :
> On 02/20/2017 04:09 PM, Matt . wr
d
Bind rule type: permission
Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
Type: host
Permission flags: V2, MANAGED, SYSTEM
Number of entries returned 3
Can anyone help me out as I'm unsure where this
Hi Rob,
Thanks, but what do you mean here ? The Foreman has a script which
should be OK for it:
https://github.com/theforeman/smart-proxy/blob/develop/sbin/foreman-prepare-realm
Can you check this maybe ?
Thanks,
Matt
2017-03-10 17:21 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> I
Hi Rob,
Thanks for the update, the same error happens when I add a new host,
so I'm lost, the same for the Foreman devs.
What can I check/test further ?
Thanks,
Matt
2017-03-10 21:20 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi Rob,
>>
>> Thanks, but what do y
Hi Rob,
I have this solved, I think it was an issue in the foreman-proxy.
The reason why there are two users in the role was to test other
usernames, as you cannot use foreman-proxy for this for an example.
I need to update the Foreman ticket about it.
Thanks for helping out.
Cheers,
Matt
Hi guys,
Is it possible to create in a simple way the SRV domains for kerberos
on subdomains ? it's a pain to add them all manually when you have a
lot of subdomains.
I hope someone has a solution.
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
Hi Alexander,
Superb, thanks a lot for this quick fix!
Matt
2017-04-04 20:48 GMT+02:00 Alexander Bokovoy :
> On ti, 04 huhti 2017, Matt . wrote:
>>
>> Hi guys,
>>
>> Is it possible to create in a simple way the SRV domains for kerberos
>> on subdomains ? it&
faster the IPA LDAP only server is installed ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
;s
installed with FreeIPA and the clientconfig for sssd is not there
anymore because of the 'ipa-client-install --uninstall'
2017-04-07 23:11 GMT+02:00 Rob Crittenden :
> Matt . wrote:
>> When I have a full ipa setup and I want to add a host to it that is
>> installed or
101 - 200 of 249 matches
Mail list logo