-crc:afs3 works, but OpenAFS
does not like them.
Thanks,
Qing
--
--
Qing Chang
Senior Systems Administrator
M6-624 Research Computing
Sunnybrook Health Sciences Centre
2075 Bayview Ave.
Toronto, Ontario, M4N 3M5
(416) 480-6100 x3263
qch...@sri.utoronto.ca
-crc:afs3,
but not with des-cbc-crc:v4, which is what OpenAFS uses.
Qing
On 11/07/2012 8:28 AM, Simo Sorce wrote:
On Tue, 2012-07-10 at 15:53 -0400, Qing Chang wrote:
please forgive me if this is a question that has been answered somewhere
already.
I am almost finished setting up my first OpenAFS
in IPA to create an arbitrary service principal,
which can be
done with a standalone Kerberos KDC?
Again, you don't have to use the IPA tools. You can use the Kerberos
server tools.
Dan
On 11/07/2012 2:24 PM, Simo Sorce wrote:
On Wed, 2012-07-11 at 10:19 -0400, Qing Chang wrote:
I think I do
On 11/07/2012 3:23 PM, Simo Sorce wrote:
On Wed, 2012-07-11 at 15:21 -0400, Qing Chang wrote:
Because the integration of Kerberos in IPA, Kerberos tools can be used
only in limited
situations, when creating afs/DOMAIN@REALM with kadmin, I got this
error:
add_principal: Kerberos database
On 11/07/2012 5:46 PM, Dmitri Pal wrote:
On 07/11/2012 04:01 PM, Qing Chang wrote:
On 11/07/2012 3:23 PM, Simo Sorce wrote:
On Wed, 2012-07-11 at 15:21 -0400, Qing Chang wrote:
Because the integration of Kerberos in IPA, Kerberos tools can be used
only in limited
situations, when creating
On 20/07/2012 5:14 PM, Rob Crittenden wrote:
Qing Chang wrote:
Greetings,
Migration from OpedLDAP to IPA creates a pair of subtrees for both users
and groups:
compat and accounts, use groups as an example:
dn: cn=acdp,cn=groups,cn=compat,dc=sri,dc=utoronto,dc=ca
dn: cn=acdp,cn=groups,cn
On 23/07/2012 3:33 PM, Rob Crittenden wrote:
Qing Chang wrote:
On 20/07/2012 5:14 PM, Rob Crittenden wrote:
Qing Chang wrote:
Greetings,
Migration from OpedLDAP to IPA creates a pair of subtrees for both users
and groups:
compat and accounts, use groups as an example:
dn: cn=acdp,cn
Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new
ESXi host,
after preparing migration mode as well as adding necessary
objectclasses, tried
to run following:
ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn=Manager
--group-container=ou=group --schema=RFC2307 --with-compat
On 13/08/2012 10:39 AM, Rob Crittenden wrote:
Qing Chang wrote:
Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new
ESXi host,
after preparing migration mode as well as adding necessary
objectclasses, tried
to run following:
ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn
My sincere apologies: I forgot to start slapd on my openldap server...
Qing
On 13/08/2012 10:39 AM, Rob Crittenden wrote:
Qing Chang wrote:
Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new
ESXi host,
after preparing migration mode as well as adding necessary
objectclasses
users to change or reset expired password in
the UI?
Thanks,
Qing Chang
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
In a thread on Freeipa-devel titled freeIPA as a samba backendthere is a
statement as below:
=
IPA will keep all of your passwords in sync - userPassword, sambaNTPassword, sambaLMPassword, and
your kerberos passwords.
389 cannot do this - the functionality that does this is provided by an
Adding group produces error message Type or value exists and fails.
As shown below, I tried a few different group name to ensure that there
is no duplicates:
[root@ipa1 ~]# ipa -d group-add example --desc=Test
ipa: DEBUG: Caught fault 4203 from server http://ipa1/ipa/xml: Type or value
On 16/11/2012 3:25 AM, Martin Kosek wrote:
On 11/16/2012 12:48 AM, Qing Chang wrote:
On 15/11/2012 6:10 PM, John Dennis wrote:
On 11/15/2012 04:21 PM, Qing Chang wrote:
Adding group produces error message Type or value exists and fails.
As shown below, I tried a few different group name
On 16/11/2012 12:11 PM, Dmitri Pal wrote:
On 11/16/2012 10:59 AM, Qing Chang wrote:
just migrated all my user from OpenLDAP and MIT Kerberos to IPA.
Out of more than 400 users, there are around 10 that have problem
accessing Samba or Dovecot IMAP or ssh.
They never have problem login to ipa
On 19/11/2012 3:33 AM, Natxo Asenjo wrote:
hi, Qing
On Sat, Nov 17, 2012 at 8:20 PM, Qing Chang qch...@sri.utoronto.ca wrote:
2, Dovecot + IPA: it is not an IPA issue but sss cache timeout issue, I read
it's 90 min?
When a user changes his/her password, the cache usually is not updated
my dovecot IMAP server would randomly lose memory of users, as an example:
Samba/NFS server knows this user:
[root@smb2 shassan]# getent passwd bqiang
bqiang:*:47105:471:Beiping Qiang:/home2/bqiang:/bin/tcsh
But dovecot server does not:
[root@dovecot2 ~]# getent passwd bqiang
Only when I apply
I hope google did not skip me when searching for an answer.
I'd like to disable inactive accounts migrated from OpneLDAP, so far
I can only do it per web UI. Because I have hundreds of accounts to
disable, I really appreciate if someone can provide a command line
for me.
I actually tried to
I assigned an IPA user account the HostEnrol role and run
ipa-client-install,
when it got to this User authorized to enroll computers:, I used that account,
then got following:
Joining realm failed: No permission to join this host to the IPA domain.
Installation failed. Rolling back changes.
IPA
On 17/01/2013 1:42 PM, Rob Crittenden wrote:
Qing Chang wrote:
I assigned an IPA user account the HostEnrol role and run
ipa-client-install,
when it got to this User authorized to enroll computers:, I used that
account,
then got following:
Joining realm failed: No permission to join this host
On 17/01/2013 2:40 PM, Rob Crittenden wrote:
Qing Chang wrote:
On 17/01/2013 1:42 PM, Rob Crittenden wrote:
Qing Chang wrote:
I assigned an IPA user account the HostEnrol role and run
ipa-client-install,
when it got to this User authorized to enroll computers:, I used that
account,
then got
[29/Apr/2015:09:40:11 -0400] conn=3 op=3 UNBIND
[29/Apr/2015:09:40:11 -0400] conn=3 op=3 fd=64 closed - U1
-
On Wed, Apr 29, 2015 at 12:14 PM, Rob Crittenden rcrit...@redhat.com
wrote:
Qing Chang wrote:
mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap
service
, in __spawn_instance
raise RuntimeError('Configuration of CA failed')
RuntimeError: Configuration of CA failed
-
I hope this is enough information.
Thanks in advance,
Qing Chang
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go
mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap
service was available at all at installation stage.
Thanks,
Qing
On Wed, Apr 29, 2015 at 10:29 AM, Qing Chang tmp...@gmail.com wrote:
CentOS7.1 with IPA server 4.1.
ipa-replica-install --setup-ca --setup-dns ... fails
24 matches
Mail list logo
