Coy Hile wrote:
I’m rebuilding my existing heimdal realm using FreeIPA, and right now I’m
having difficulty creating the service principal afs/realm-name@REALM. When I
use ipa service-add, I get output thusly:
[root@ipa-us-east-2 ~]# ipa service-add afs/coyhile@coyhile.com
ipa: ERROR:
name and
the alternate name. That should make the cert work anyway.
rob
2015-03-26 16:48 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
HI Rob,
Yes something is wrong there I guess.
In any case, it doesn't apply to what you're trying to do.
But still, I actually need
Anthony Lanni wrote:
I'm referring to the host certificate; I was looking at the web UI,
under Identity-Hosts in the server details page. The Host Certificate
section says 'No Valid Certificate'.
The server has a /etc/krb5.keytab file, and on the same page the
Enrollment section says
Yogesh Sharma wrote:
Hi,
We are getting error while trying to ssh using users created in IPA server.
root@yogesh-ubuntu-pc:~# ssh -vvv cm8158@52.74.84.94
You don't have a Kerberos ticket and you don't have ssh keys for this
user. kinit cm8158 first or get the ssh keys.
You'll need to use
Matt . wrote:
When digging around I see this documentation:
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/load-balancing.html
I would except that server.example.com is not going to be accepted by
IPA when you visit the webgui like that ?
These are SRV records for the
not work as expected. The UI _might_ work using forms-based
authentication.
I'd strongly urge you to think about the top of this e-mail before
proceeding onto the bottom.
rob
Cheers,
Matt
2015-03-26 14:50 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
When digging around I
Steve (st33v) Neuharth wrote:
Hello,
I hope this is an easy question to answer and forgive me if it has been
answered before. I’ve read through the documentation on how to request an ssl
cert and I cannot seem to find a process to request a client cert for a user.
It seems that all
Coy Hile wrote:
When I look at the SPEC file for freeipa-4.1.3, I see requirements
around Systemd. Is that really a hard requirement, or is it possible to
run newer FreeIPA (that is to say 4.x) on a host that hasn't been
infested by systemd (such as CentOS 6, for example)? At the moment, I'm
.
*From:* sipazzo sipa...@yahoo.com
*To:* Rob Crittenden rcrit...@redhat.com; freeipa-users@redhat.com
freeipa-users@redhat.com
*Sent:* Friday, March 13, 2015 1:32 PM
*Subject:* Re: [Freeipa-users] Fw: Need to replace cert for ipa servers
This environment is over 350 servers, many
Gonzalo Fernandez Ordas wrote:
Exactly the document i was having a look at.
In simple words,is possible to work this around and how,?
Otherwise i have to drop freeipa and get back to 389_ds as still seems
fully ldap sssd compatible.
Have you got any doc clearly stating how to get this done?
Janelle wrote:
Hello,
I have seen this pop up a few times, but no real answers - at least none
that I am finding..
I have not run into it and this was a brand new server farm with about
4000 migrated users from OpenLDAP? Is there something I might be missing
when migrating?
ipa:
Dmitri Pal wrote:
On 03/24/2015 01:15 PM, Ben .T.George wrote:
Hi
current stage is AD users can able to login to solaris box. But i
don't up to what level i can control the user.
i don't think to there is much pan modules in solaris. still i cannot
able to make home directory with pam.
it to the freeIPA wiki.
rob
On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Dmitri Pal wrote:
On 03/24/2015 01:15 PM, Ben .T.George wrote:
Hi
current stage is AD users can able to login to solaris box. But i
Martin Kosek wrote:
This may mean that Dogtag is not up. Can you please check with ipactl status
that it (pki-ca) is up and running and that there are no related SELinux AVCs?
The problem seems to be java-related:
The self test plugin named selftests.container.logger.class contains a
value
Prashant Bapat wrote:
Ok the command you gave me worked. But I was following the PDF and below
command never worked.
ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr
Is that expected ?
Did you restart httpd after adding the schema? A cached copy is used and
restarting will
,
Yes I did restart it.
Ok another problem. I'm not able to add this attr to existing
users. Only
the new ones. Any pointers ?
Thanks.
--Prashant
On 23 March 2015 at 21:19, Rob Crittenden rcrit...@redhat.com
mailto:rcrit
Roberto Cornacchia wrote:
Indeed, id admin does not work and there is no sign of it in the log.
From the client (with admin-tools installed):
$ kinit admin
Password for ad...@hq.example.com mailto:ad...@hq.example.com:
$ ipa user-show admin
User login: admin
Last name: Administrator
GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
Isn't this documented well (yet) ?
Is what documented yet?
rob
The RH docs are always very detailed about it, but I'm not sure
here... I see solutions but not 100% from A to Z to make sure we do it
the proper way.
2015-03-12 16
nat...@nathanpeters.com wrote:
I have FreeIPA installed on several types of Linux machines and they are
all experiencing strange issues with certificates and host keys.
Here is the setup:
Server : FreeIPA 4.1.2 on Centos 7
Client 12 : FreeIPA 3.0.0-42.el6 with sssd 1.11.6-30.el6_6.4 on
nat...@nathanpeters.com wrote:
I have finally gotten all of my Solaris servers to accept AD users but the
behavior is inconsistent.
In my FreeIPA domain, I can login to a Linux server and then ssh to the
Solaris server and I am automatically logged in because of my Kerberos
ticket (I
remember.
Or do I ?
Something else; did you had a nice PTO ?
2015-03-12 15:54 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
Hi,
Security wise I can understand that.
Yes I have read about that... but that would let me use the
loadbalancer to connect ? I was not sure if the SAN
Nicolas Zin wrote:
Hi,
let say that I created a SSL certificate:
ipa service-add HTTP/www.test.lan
ipa service-add-host --hosts=ipa-server.test.lan HTTP/www.test.lan
ipa-getcert request -r -f /etc/pki/tls/certs/www.test.lan.crt -k
/etc/pki/tls/private/www.test.lan.key -N CN=www.test.lan
Giedrius Tuminauskas wrote:
Hi,
I am curious, Is there a possibility to add email address for the
admin user in the IPA web UI?
In my current configuration admin user is a Linux system user and also
used by IPA.
I think there should be possibility to enter an email address for that
user,
Janelle wrote:
On 3/18/15 10:10 PM, Kim Perrin wrote:
This is about the 6th time of tried installing this replica. Each time
I run the ipa-replica-manage del and ipa-csreplica-manage del command
before trying. I also build new replica install files each time.
Obviously I can't figure out what
Janelle wrote:
Hello again,
Ok, probably a stupid question. If you increase cache sizes and tune
389-ds on the backend, do those changes replicate or do you need to make
them across the other servers as well?
For example:
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
changetype:
Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Andrew Holway
*Sent:* Wednesday, March 18, 2015 9:40 AM
*To:* freeipa-users@redhat.com
*Subject:* [Freeipa-users] SSSD in redundant configuration
Hello,
Im
Prasun Gera wrote:
How do I confirm that there are no certs left behind and that
cert-monger isn't tracking them? I'm a bit new to all the components
used by IPA. I do see that the /root/cacert.p12 file is never deleted.
Not clean but this shouldn't prevent re-install.
After an uninstall, I
Tevfik Ceydeliler wrote:
Hi,
Altough I have this configuration in client .conf:
##
client 172.30.47.241 {
secret = 877909
shortname = VodafonePinarsuAPNYeni1
nastype = other
}
client 172.30.47.242 {
Kim Perrin wrote:
Hello all,
For nearly 2 years I’ve been running a Freeipa 3 (currently 3.0.0-42)
environment. We've had 2 masters since the start. Several replicas
have had problems that required me to remove them. I’ve removed them
all (except the very last one) by running
Watson, Dan wrote:
Hi all,
Can anyone tell me how to script calls from the ipa server? I would like
to be able to do something like ipa group-show unix_admin in a script,
but I dont know how to pass Kerberos credentials that dont expire.
I think you want to use credentials in a
Johnny Tan wrote:
On Fri, Mar 13, 2015 at 2:15 PM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
Rob would definitely know more but IPA mostly provides certs for the
infra it serves and has a limited use of the certs by itself.
So here is where I know it is used:
2015-03-12 15:07 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
Hi Guys,
Is Rob able to look at this ? I hope he has some sparetime as I'm
kinda stuck with this issue.
Wildcard certs are not supported.
You can request a SAN with certmonger using -D FQDN. That will work
Matt . wrote:
Hi Guys,
Is Rob able to look at this ? I hope he has some sparetime as I'm
kinda stuck with this issue.
Wildcard certs are not supported.
You can request a SAN with certmonger using -D FQDN. That will work
with IPA 4.x for sure, maybe 3.3.5.
rob
Thanks!
2015-03-08
doesn't have (or
trust) the CA that issued the LDAP server cert.
rob
-Original Message-
From: freeipa-users-boun...@redhat.com
mailto:freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com
mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rob Crittenden
sipazzo wrote:
*
*
This issue has now gotten much worse and we are unable to enroll
clients. We are getting an error saying the server does not have a cert:
Do you want download the CA cert from
http://ipa1.example.com/ipa/config/ca.crt ?
(this is INSECURE) [no]: yes
Cannot
Ben .T.George wrote:
HI
thanks for the rply.
even i tried native auto_master file with directory checking script. if
i feed the user manually to the script, the directory is creating and
while login request comes, it didn't.
i don't think no one did full solaris integration util now
Dmitri Pal wrote:
On 03/10/2015 10:22 AM, Rob Crittenden wrote:
K SHK wrote:
hi,
My hortonworks hadoop cluster is keberized with FreeIPA and works
splendid :)
I want to clarify if SSL authentication with out a login/password will
work against FreeIPA...
ie. client connects to apache
Jakub Hrozek wrote:
On Sun, Mar 08, 2015 at 08:54:22AM +0300, Ben .T.George wrote:
Hi list
i have working IPA server were AD users can login to IPA server
how can i configure solaris 10 as IPA 4.1.2 client.?
i saw many tutorials in IPA domain and got confused . Which one i need to
follow
Dan Mossor wrote:
On Thu, Mar 5, 2015 at 4:34 PM, Dan Mossor danofs...@gmail.com
mailto:danofs...@gmail.com wrote:
As an additional test, I created a new user on my workstation and
switched to it. the first thing I did was kinit as admin, then started
Firefox, went through the
Thanks,
Shaik
On 28 February 2015 at 16:49, Hadoop Solutions munna.had...@gmail.com
mailto:munna.had...@gmail.com wrote:
Hi Rob,
In this node we have disabled SELinux. Is it cusing this error???
Thanks,
Shaik
On 28 February 2015 at 14:18, Rob Crittenden rcrit
Umarzuki Mochlis wrote:
After rebooting freeipa server, I cannot log in to its web interface
and when I try to start it, it failed
More info:
[root@ipa ~]# systemctl start ipa.service
Job for ipa.service failed. See 'systemctl status ipa.service' and
'journalctl -n' for details.
Hadoop Solutions wrote:
Hi,
i am trying to install IPA on RHEL 6, but i am getting following errors
while installing the IPA.
Configuring certificate server (pki-cad): Estimated time 3 minutes 30
seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server
Hadoop Solutions wrote:
Hi,
I am new to IPA and we are planning to deploy IPA one of our hadoop
cluster nodes.
But, i have question on IPA:
1. we are using corp DNS on all nodes, but still is it required to
install IPA DNS server ?
2. Domain name will it conflicts with if any
and fails.
# pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force
rob
Thanks,
Shaik
On 28 February 2015 at 11:29, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Hadoop Solutions wrote:
Hi,
i am trying to install IPA on RHEL 6
Günther J. Niederwimmer wrote:
Am Freitag, 27. Februar 2015, 12:25:24 schrieb Alexander Bokovoy:
On Fri, 27 Feb 2015, Günther J. Niederwimmer wrote:
Hello,
Have i to configure any other things, for a working /home/
I can make a getent passwd , this is working on the client but I
Dmitri Pal wrote:
On 02/25/2015 05:39 PM, Hugh wrote:
On 2/25/2015 3:11 PM, Dmitri Pal wrote:
I think you can start with adding ntUser object class into the list of
the object classes in the IPA configuration in UI. That would apply it
to the new entries automatically.
How is that done? I'd
Nathan Peters wrote:
Yes, we are trying to figure out why IPA users are not being handled
properly however
given that :
1. the method you suggested to troubleshoot my Solaris 10 system, adding
pam_permit.so to the stack, will never work because Solaris does not
include pam_permit.so.
so
Rob Verduijn wrote:
Now that sounds like an interesting project :-)
besides the following links any other places where I can read up about it ?
https://fedorahosted.org/ipsilon/
http://www.freeipa.org/page/Web_App_Authentication
http://en.wikipedia.org/wiki/Identity_provider
West, Jani wrote:
Hi,
Validity, status and serials seems to be fine. One interesting pick:
While the installation is not too old it might be installed initially
with FreeIpa 2.x That's why i have to use ldap port 7389 instead of 398.
# getcert list |grep expires
expires: 2016-11-21
West, Jani wrote:
Thank you for the tip,
Just created new /root/cacerts.p12. Should I import it to the CA somehow
or just restart the ipa server?
Will reset the new replicate vm to clean CentOS 7 installation without
any leftovers from ipa-replica-install.
Re-run ipa-replica-prepare
PM, Rob Crittenden wrote:
West, Jani wrote:
Thank you for the tip,
Just created new /root/cacerts.p12. Should I import it to the CA somehow
or just restart the ipa server?
Will reset the new replicate vm to clean CentOS 7 installation without
any leftovers from ipa-replica-install.
Re-run
.
rob
On 02/25/2015 12:00 AM, Rob Crittenden wrote:
Jani West wrote:
Re-created replication file and run ipa-replica-install o fresh CentOS 7
server.
It is still giving the same error:
-
2015-02-24T21:40:54Z DEBUG Process finished, return code=1
2015-02-24T21:40
Martin Kosek wrote:
On 02/20/2015 06:56 AM, Les Stott wrote:
Hi all,
The following is blocking the ability for me to install a CA replica.
Environment:
RHEL 6.6
IPA 3.0.0-42
PKI 9.0.3-38
On the master the following is happening:
ipa-getcert list
Number of certificates and
Thomas Raehalme wrote:
Hi!
I have a replica which is offline, and I'd like to remove it (to be
later replaced).
When trying to remove the replica with ipa-replica-manage according to
the instructions on the wiki, I get an error about inaccessible LDAP server:
# ipa-replica-manage del
Thomas Raehalme wrote:
Hi!
As I wrote earlier we are having some serious problems with IPA right
now. dirsrv seems to hang every 15 minutes or so, but that's another post.
It seems that slapd/dirsrv is now only listening on port 389 for LDAP
and socket for LDAPI requests. Any idea what
Thomas Raehalme wrote:
Hi Chris!
On Tue, Feb 17, 2015 at 6:35 PM, Chris Mohler cmoh...@oberlin.edu
mailto:cmoh...@oberlin.edu wrote:
As I wrote earlier we are having some serious problems with IPA
right now. dirsrv seems to hang every 15 minutes or so, but that's
another
.
rob
regards
Steven
From: Rob Crittenden rcrit...@redhat.com
Sent: Tuesday, 17 February 2015 10:40 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into
a RHEL6.6 cluster
From: Rob Crittenden rcrit...@redhat.com
Sent: Tuesday, 17 February 2015 10:59 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into
a RHEL6.6 cluster so I can upgrade.
Steven Jones wrote:
Hi,
I have
From: Rob Crittenden rcrit...@redhat.com
Sent: Tuesday, 17 February 2015 12:08 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into
a RHEL6.6 cluster so I can upgrade.
Steven Jones wrote:
?
[root@xx
Steven Jones wrote:
While attempting to initialise the new server I am getting,
[root@xx mailto:root@vuwunicoipam001 replica-files]# ipa-replica-install
--setup-dns --forwarder=10.100.32.31 --no-reverse replica-info-xxx.gpg
--skip-conncheck --debug
=8
Dmitri Pal wrote:
On 02/16/2015 08:19 AM, mohammad sereshki wrote:
dear
I use the admin user, at the same time I added another server with
this permission.
Then the problem is probably with this client.
Is everything fine with its host name and DNS lookups?
I don't think this has
Roderick Johnstone wrote:
On 10/02/15 07:44, Dmitri Pal wrote:
On 02/09/2015 05:35 PM, Roderick Johnstone wrote:
Hi
I seem to have locked myself out of my ipa admin account (on RHEL
6.6). This is an evaluation instance so not too big a deal, but a good
learning experience. I suspect its
Prady Dash wrote:
Hi,
I am trying to integrate AD with FreeIPA. I was following the below
document.
https://www.freeipa.org/images/2/2b/Installation_and_Deployment_Guide.pdf
While configuring am facing the below error.
/[root@appserver2 ~]# ipa-replica-manage
David Dejaeghere wrote:
Hi,
I recently deployed FreeIPA but I stumbled upon a problem with migrating
my groups. The groups in our old system are mixed case. Such as MyGroup.
The application that syncs these groups is case sensitive. The problem
is that when i create these groups using the
Rich Megginson wrote:
On 02/09/2015 12:13 PM, Chris Mohler wrote:
On 02/09/2015 11:19 AM, Rich Megginson wrote:
On 02/09/2015 08:26 AM, Chris Mohler wrote:
On 02/09/2015 09:48 AM, Rich Megginson wrote:
On 02/08/2015 08:23 PM, Chris Mohler wrote:
Thanks for the reply and the link Rich!
Matt Wells wrote:
I've seen many links and conversations about migrating from 3.X to 4.X;
some with migrate-ds but nothing that said I did it and it worked.
Perhaps my Google-Fu is failing me.
So I thought I'd ask here, has anyone fully migrated? Systems, SSL
certs, sudo and everything?
need to the ipamasters hostgroup up-to-date, and considering
that this list probably stabilizes over time, shouldn't be a ton of effort.
rob
-Original Message-
From: Baird, Josh [mailto:jba...@follett.com]
Sent: 05 February 2015 17:08
To: Innes, Duncan; Rob Crittenden; freeipa-users
alireza baghery wrote:
hi
i integrated ipa (centos 6.5) with AD windows server 2008 and anything
do work
i install replica server as follow:
#(ipaserve ipa): replica- prepare ipareplica. example. com - -
ip- address 192. 168. 1. 2
scp /var/lib/ipa/replica- info-
Matt . wrote:
HI,
I'm already doing so without any luck. If you remember something,
would be nice to know!
So it should be possible to do still ?
If the DN of the entry adding the password is in passSyncManagersDNs in
the entry dn: cn=ipa_pwd_extop,cn=plugins,cn=config then the password
model has consequences.
rob
2015-02-05 17:13 GMT+01:00 Matt . yamakasi@gmail.com:
Yes, when receiving your email I found that indeed. My ldapEditor
doesn't allow me to add that value, so this need to be done using the
commandline ?
2015-02-05 15:03 GMT+01:00 Rob Crittenden rcrit
Auerbach, Steven wrote:
A user contacted me today for a password reset. I made the reset on the
ipa-primary. The user opened a terminal session on an SSH Client to a
server in the realm and logged in. They received the required immediate
password change requirement and did so. They can log
Baird, Josh wrote:
Hi,
I'm looking for an easy way to validate that all replication agreements are
functioning correctly between all of my IPA masters and replicas. I am aware
that I can run 'ipa-replica-manage list -v' from each IPA master, but I was
looking for something more
Christopher Young wrote:
Some of this might be rudimentary, so I apologize if this is answered
somewhere, though I've tried to search and have not had much luck...
Basically, I would like to be able to issue user certificates (Subject:
email=sblblabla@blabla.local) in order to use client
Roderick Johnstone wrote:
On 29/01/15 21:43, Roderick Johnstone wrote:
On 29/01/2015 17:32, Jakub Hrozek wrote:
On Wed, Jan 28, 2015 at 01:57:28PM +, Roderick Johnstone wrote:
On 28/01/15 10:57, Jakub Hrozek wrote:
On Tue, Jan 27, 2015 at 10:03:37PM +, Roderick Johnstone wrote:
Hi
Les Stott wrote:
Has anyone got any ideas on this?
I am stuck with not being able to deploy a CA Replica and this is halting
rollout of the project.
Help please...
Regards,
What is the version of IPA on the master you are connecting to?
Can you confirm on the existing master that
Mark Esman wrote:
Hello all,
I'm having a little trouble with the automember function using
enrolledby attribute. I have tried a number of different regex's
to define the username and automagically enroll the host into the
specified host group:
.*ipainstaller.* no quotes around regex
Quayle, Bill wrote:
We are making progress.
...
The traceback of where the NetworkError is raised should be added to
/var/log/httpd/error_log.
So we have successfully migrated the users and groups. I can't seem to find
any pointers on migrating netgroups and automount maps. Is this done
Dmitri Pal wrote:
On 01/16/2015 02:21 PM, Quayle, Bill wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Friday, January 16, 2015 12:51 PM
To: Quayle, Bill; Ludwig Krispenz
Cc: 'freeipa-users@redhat.com'
Subject: Re: [Freeipa-users] migrate-ds aborts
Rui Gomes wrote:
Hello Guys,
I been seeing planting of email about promoting replicas to masters but does
articles do not seem to apply to ipa 4.1/centos 7 combo.
I had a ipa 3.0 master on centos 6.4 that died recently(I can still access
the file system), and I would like to promote
sipazzo wrote:
Good morning, I created a service password policy that prevents password
expiration and gave it a priority of 0. I then created a service user group
and applied the policy to the group. I added my admin user to this group so
their password would not expire. However, it
Myles Merrell wrote:
I'm trying to add a 'backup' user AND a 'backup' group.
At one point in the past a backup group did exist.
I have a backup group. I then try to create a new user and get the
following error:
IPA Error 4024
Unable to create private group. A group 'backup' already
Sina Owolabi wrote:
Hi List,
I've seen this happen on two occasions, now, in two different
environments, one with RHEL6.6 and RHEL 6.3.
I have issues with a replica sever, I delete the replication
agreement, remove the server from ipa dns, run ipa-server-install
--uninstall -U.
Reboot
Craig White wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Martin Kosek
Sent: Thursday, January 08, 2015 5:30 AM
To: Pavel Březina; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] sudo !requiretty
John Desantis wrote:
Hello all,
I didn't reply to the list, so I'll forward in my response.
The only remaining hiccup is now the replica's certmonger service
keeps dying while failing to re-issue the ipaCert in
/etc/httpd/alias. Log snippets are below:
Jan 7 12:17:02 python:
Andrew Chin wrote:
Hello,
I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed
certificate to one signed by a commercial CA that browsers will recognize.
The documentation at
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP says
The certificate
with my command?
You haven't configured enough. Follow Alexander's instructions here:
https://www.redhat.com/archives/freeipa-users/2014-November/msg00246.html
You'll also need to restart the krb5kdc service.
rob
Regards,
Ben
On Tue, Jan 6, 2015 at 11:35 PM, Rob Crittenden rcrit
Dmitri Pal wrote:
On 01/05/2015 10:37 PM, Ben .T.George wrote:
HI
IRC is like totally dead. i have waited one whole day to anyone
responding. not even to my replay. i didn't see any messages at all.
As I said AB is on PTO till tomorrow. Please ping him when he is back.
You're on #freeipa
Stephen Ingram wrote:
On Fri, Jan 2, 2015 at 10:02 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Stephen Ingram wrote:
On Mon, Dec 15, 2014 at 6:40 PM, Stephen Ingram sbing...@gmail.com
mailto:sbing...@gmail.com
mailto:sbing...@gmail.com
Ben .T.George wrote:
HI
i was trying to ass solaris 10 client from command line. Host add comand
went successfully and service add for /host is giving error.
please check below output and help me to solve this
[root@kwtpocpbis01 ~]# ipa host-add --force --ip-address=172.16.107.107
Ben .T.George wrote:
HI
sorry that was a misunderstand happened from his side, actually i was
strugglling to set it up for solaris \
We simply lack the expertise to help much further beyond the
documentation you've already seen.
Another IPA user contributed a significant amount of
Janelle wrote:
Hi everyone, Happy New Year.
Was following this thread and wondering about those of us with a couple
of 2000-3000 servers to run ipa-client-install on? Any suggestions? Was
looking around for even the basics of puppet or chef configs, but
nothing exists.
Any suggestions?
Stephen Ingram wrote:
On Mon, Dec 15, 2014 at 6:40 PM, Stephen Ingram sbing...@gmail.com
mailto:sbing...@gmail.com wrote:
I have one client using a certificate issued by a third party
provider such that any secure (TLS) LDAP queries are refused since
the certificates were not
but ldaplist will:
# ldaplist netgroup
rob
Thanks!
Dan
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: January 02, 2015 10:15 AM
To: Watson, Dan; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Integration with Solaris 10
Watson, Dan wrote:
Hi
the next person.
Glad you got it working, and that'll teach me to catch up on all e-mail
before responding :-)
rob
Thanks for all the help!
Dan
-Original Message-
From: Watson, Dan
Sent: January 02, 2015 11:41 AM
To: 'Rob Crittenden'; freeipa-users@redhat.com
Subject: RE
Watson, Dan wrote:
Hi All,
I've lurked in the list history and cannot find anyone saying they have
gotten login restrictions working with Solaris 10 u8. Has anyone on here
successfully configured login restrictions on Solaris 10 u8 through u11? I'm
looking for specific instructions from
Andrew Holway wrote:
This would perhaps be a very interesting addition to the HBAC stuff.
We're considering deploying freeipa on EC2 and LDAP backed firewalld
would be a very powerful tool for a geographically distributed system.
There is an existing open ticket for this request,
Outback Dingo wrote:
So Ive installed a new IPA today on Fedora 21 the gui is throwing
internal server errors
uname -a
Linux ipa.optimcloud.com http://ipa.optimcloud.com
3.17.7-300.fc21.x86_64 #1 SMP Wed Dec 17 03:08:44 UTC 2014 x86_64 x86_64
x86_64 GNU/Linux
cat /etc/redhat-release
Genadi Postrilko wrote:
I'm not sure i understand what you mean.
IPA uses its own schema for sudo so the script will not work. I haven't
looked at it so don't know what amount of effort would be needed to make
it work.
You can create the sudo commands and rules but in order to associate
user
Rich Megginson wrote:
On 12/10/2014 12:46 AM, Thomas Lau wrote:
Hi All,
So I am using FreeIPA 3.3.3, when I change password on one IPA host,
the other clusters will in sync with the change or I need to do it one
by one manually?
You have to do every server manually. Changes to the
your certificate
On the directory server i ran ipa-getcert list and the certs seem ok.
On Fri, Dec 5, 2014 at 5:10 PM, Rob Crittenden rcrit...@redhat.com wrote:
Megan . wrote:
Sorry for being unclear. It still fails. Same error.
Hmm, strange. Try being explicit about sql:
# certutil -L -d
701 - 800 of 1926 matches
Mail list logo