Hi,
I am trying to web browse to the localhost and it is telling me to obtain a
valid kerberos ticket and configure Firefox...
Where do I export / find this ticket? and how do I install it as a user so I
can connect?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
from ver1 and the doc hasnt
been corrected?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Steven Jones
Sent
Hi,
This is Fedora 13 with the yum repo setup as per your web site...
389-ds-base-1.2.6-1.fc13.x86_64
ipa-server-1.2.2-4.fc13.x86_64
Your ldapsearch command gives me,
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
um..
So the LDAP server is dead?
regards
Steven Jones Technical
-v
This appears to be wrong?
It should be,
ipa-replica-manage add --winsync --binddn
cn=administrator,cn=users,dc=example,dc=com \
--cacert /path/to/certfile.cer adserver.example.com --passsync domain admin
password -v
?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463
Hi,
Ok, it isnt crashing the LDAP server/service its doing a shutdown of it
according to the error log...
So while a sync is happening the LDAP server is offline?
How long should this take?
30secs?
3mins?
30mins?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
=0 tag=101 nentries=1 etime=0
[22/Sep/2010:15:58:16 +1200] conn=8 op=2 SRCH base=cn=config,cn=ldbm
database,cn=plugins,cn=config scope=0 filter=(objectClass=*)
attrs=nsslapd-directory
[22/Sep/2010:15:58:16 +1200] conn=8 op=2 RESULT err=0 tag=101 nentries=1 etime=0
=
regards
Steven
Hi,
Bug 634561 has been fixed...
How do I get this into/onto my setup please?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
___
Freeipa-users mailing list
Freeipa-users@redhat.com
?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
I have come back after the weekend and find that the gui no longer works
While trying to get a new kerberos ticket I get,
kinit: Cannot contact and KDC realm 'VUW.AC.NZ' while getting credentials
So any ideas where I go looking?
regards
Steven Jones Technical Specialist Linux/Vmware
Steven
bcc MW.
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Tuesday, 28 September 2010 4:30 a.m.
To: Steven Jones
Cc: Dmitri Pal; freeipa-users
Subject: Re: [Freeipa-users] Migrating passwd files etc into free-ipa
Steven Jones wrote:
Ok,
So lets avoid
Hi,
Sorry if this sounds pushy but any chance of an ETA please?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Friday, 24 September 2010 8:20
Has anyone tried this?
I get a Damaged repo file
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Is there a series of RPMS I can download?
ie can someone tell which ones I need for the server and which ones I
need for the client and in what order I install? I can get the rpms off
the store, just not via yum as the repo is dead for meeither its a
remote issue, or our firewall is
[root@fed14-64-ipam001 jonesst1]# ipa-replica-prepare
fed14-64-ipam002.ipa.ac.nz
Directory Manager (existing master) password:
Preparing replica for fed14-64-ipam002.ipa.ac.nz from
fed14-64-ipam001.ipa.ac.nz
Creating SSL certificate for the Directory Server
ipa: INFO: sslget
I have just built these 2 fed14 to act as a server and client and run
yum updateso they should be as closely sync'd as possible...
=client===
[root@fed14-64-ipacl01 ~]# ipa-client-install
Discovery was successful!
Realm: IPA.AC.NZ
DNS Domain: ipa.ac.nz
IPA Server:
What scrips need to be runa and in what order to start the primary ipa
server?
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
The point is both the client and the server are up to date in terms of
patches from teh repo.
So your repo is not consistent and needs fixing..
regards
On Mon, 2011-02-28 at 10:43 -0500, Rob Crittenden wrote:
Steven Jones wrote:
I have just built these 2 fed14 to act as a server
... [ OK ]
PKI-IPA... [ OK ]
[root@fed14-64-ipam001 init.d]#
On Mon, 2011-02-28 at 16:39 +1000, David O'Brien wrote:
Steven Jones wrote:
What scrips need to be runa and in what order to start the primary ipa
CT,C,C
ipaCert u,u,u
Server-Cert u,u,u
[root@fed14-64-ipam001 init.d]#
===
regards
On Mon, 2011-02-28 at 10:50 -0500, Rob Crittenden wrote:
Steven Jones wrote:
[root@fed14
8
On the client: rpm -q freeipa-client
freeipa-client-2.0.0.rc1-0.fc14.x86_64
On the server: rpm -q freeipa-server
freeipa-server-2.0.0.rc1-0.fc14.x86_64
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
Not sure if I have to change anything in the repo? but rc2.0 does not
appear...
regards
On Mon, 2011-02-28 at 16:07 -0500, Rob Crittenden wrote:
To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
umchecksum error?
===
[root@fed14-64-ipacl01 yum.repos.d]# yum update
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
freeipa-devel
| 1.3 kB 00:00
freeipa-devel/primary
| 10 kB 00:00
I have tried to download the rpms by hand and the dependencies are all
broken ie pythonwell stuffed by the looks of it...
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
and the Freeipa-devel repo enabled on my IPA
test servers.
Rgds,
Siggi
On Tue, March 1, 2011 01:32, Steven Jones wrote:
I have tried to download the rpms by hand and the dependencies are all
broken ie pythonwell stuffed by the looks of it...
regards
... [ OK ]
[root@fed14-64-ipam001 init.d]#
regards
On Tue, 2011-03-01 at 16:10 -0500, Rob Crittenden wrote:
Steven Jones wrote:
Im getting a pycurl error 6so every few hours the errors change
I don't know if the pycurl errors are equivalent to the curl
Hi,
Yepthat is the issueI put it in, rebooted, worked, took it out
rebooted, didnt work, put it back in rebooted and it worked again.
Wonders of a gui setupnormally I do it by hand and do a FQDNI
assumed because it was short form in the file that is the way it is now,
obviously
I appear to have IPA running, I have run the install client on a fed14
KVM guest and that guest is in the IPA system, however the users in IPA
cannot authenticate via IPA and get onto the client. There appears to
be traffic to port 389, so I assume its almost workingbut I can
find anything in
,
uri host 192.168.100.2
base dc=ipa,dc=ac,dc=nz
Where 192.168.100.2 is the original master.
regards
On Thu, 2011-03-03 at 14:30 -0500, Rob Crittenden wrote:
Steven Jones wrote:
I appear to have IPA running, I have run the install client on a fed14
KVM guest and that guest is in the IPA
8
I have no idea, Im trying to follow the ipa document (version 0.5)so
if it says do something I try and do itif it doesnt say do something
wellit doesnt get done as I cant mind read.
What I want is encrypted connections on all services / communications so
it is secure and safe.
Hi,
Is it possible to have the ipa 0.5 documentation (and future
documentation) as a pdf file? I'd like to download it and print it
off.
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
Thanks very much
I can live with rough.lets me study it on the train
regards
On Fri, 2011-03-04 at 11:24 +1000, David O'Brien wrote:
Steven Jones wrote:
Hi,
Is it possible to have the ipa 0.5 documentation (and future
documentation) as a pdf file? I'd like to download
Hi,
Americans are funny ppl they put the date format as month then
day.the problem is in the real world, its day then month
So I have registered 1 client and 2 ipa masters as of 4th march 2011
NZST, but the IPA server's gui says I registered them a month in the
future, ie 3rd April 2011
8---
This didnt work...intuitive, no I guess not
regards
Sorry but the doc might be incomplete. We are in the middle of reviewing
it actually and adding information to it.
Please go to your system-authconfig dialog and configure LDAP + Kerberos
with the IPA server. It should be
Hi,
Where does this log to?
regards
On Mon, 2011-03-07 at 12:33 -0500, Dmitri Pal wrote:
On 03/06/2011 02:48 PM, Steven Jones wrote:
How do i turn on logging on the client and the server so as to start
troubleshooting this authentication failure?
regards
8-
getent passwd user however only returns one line, not the two I should
expect?
Why do you expect two lines? It should only return one, for that user.
It also returns very fastlike its not even looking remotely.
Is the user in /etc/passwd too?
When I tried to get
8--
So how do I fault find? where do I start?
ie Where do I start to look to determine why a user cannot login to a
client via freeipa?
How can I be more clear? because so far the replies have been not very
productive.
regards
___
On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote:
Steven Jones wrote:
8--
So how do I fault find? where do I start?
ie Where do I start to look to determine why a user cannot login to a
client via freeipa?
How can I be more clear? because so far the replies have been
-0500, Simo Sorce wrote:
On Tue, 8 Mar 2011 19:05:45 -0500 (EST)
Stephen Gallagher sgall...@redhat.com wrote:
On Mar 8, 2011, at 5:45 PM, Steven Jones steven.jo...@vuw.ac.nz
wrote:
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
Hi,
I have just done another F14 client and I have the same issue.
regards
regards
On Tue, 2011-03-08 at 19:28 -0500, Simo Sorce wrote:
On Tue, 8 Mar 2011 19:05:45 -0500 (EST)
Stephen Gallagher sgall...@redhat.com wrote:
On Mar 8, 2011, at 5:45 PM, Steven Jones steven.jo
On Wed, 2011-03-09 at 14:42 -0500, Dmitri Pal wrote:
On 03/09/2011 02:21 PM, Steven Jones wrote:
Hi,
I had/have already done the uninstall...and re-install.
Also I registered a brand new 2nd client...that hasnt worked
either..
How did you create the host record
Hi,
I have gone into the webgui and manually removed the no1 client/host, it
has now joined successfully...
So Yes, the next issue
regards
On Wed, 2011-03-09 at 14:51 -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/09/2011 02:45 PM, Steven Jones
8---
4) Install client again
Everything should work.
If not please send us the logs.
Not sure which logs as Im losing track of so many
suggestions/threadsbut,
On the client the sssd.log is zero length, the sssd_ipa.ac.nz.log is
zero length
I just tried to add a local user and
for a rhel6ws?I could try that as well...also
RHEL5
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 10 March 2011 11:35 a.m.
To: d...@redhat.com
:
- Original Message -
Steven Jones wrote:
Ok,
However I cant LDAP/Ipa authenticate stillon either
client..
So what next?
sssd handles logins, you can try turning up the log level on that
(though I suspect it wasn't the reboot that fixed this but
restarting sssd
third client wont authenticate either
So I guess its a problem around the install script if not selinux
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Friday
like alphamajor functionality
failure, as personally I class being unable to do the very first thing you need
to do as a major failure.
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones
] on
behalf of Dmitri Pal [d...@redhat.com]
Sent: Friday, 11 March 2011 11:58 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to authenticate a client user against IPA
On 03/10/2011 05:37 PM, Steven Jones wrote:
I have run the in-install script and it wont delete the client
Hi.
I see IPA 2.0 is F15.uh.
Is free-ipa 2.0 going to be put into RHEL6.1? ie Im assuming that F14 will
become 6.1? sometime in the next few months?
Or should I assume that since ipa2.0 is in F15 only we wont see anything
vaguely usable til 6.2 sometime near the end of the year?
Hi.
Is free-ipa going to be put into RHEL6.1? ie Im assuming that F14will become
6.1?
Or should I assume that since ipa2 is in F15 we wont see anything til 6.2
sometime near the end of the year?
I want to spend the next few months learning IPA and deploy it to limited
selected users as a
Just tried to make a replica and the install failed with,
[4/11]: configuring certificate server instance
root: CRITICAL failed to configure ca instance Command '/usr/bin/perl
/usr/bin/pkisilent ConfigureCA -cs_hostname fed14-64-ipam002.ipa.ac.nz -cs_port
9445 -client_certdb_dir
2011 2:50 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] AD setup failure
Steven Jones wrote:
Got a bit further...I was missing --passsync
I think you were using the V1 documentation. The Enterprise Identity
Management Guide is what you want off freeipa.org
Subject: Re: [Freeipa-users] replica install failure
On Mon, 2011-03-28 at 23:45 +, Steven Jones wrote:
Just tried to make a replica and the install failed with,
[4/11]: configuring certificate server instance
root: CRITICAL failed to configure ca instance Command '/usr/bin/perl
Hi,
The DNS is in AD so it cant be set to suit IPA
I did as below and even with --force your script ignores these flags, it
insists on doing AD lookups and gets the AD infoand obviously the cert isnt
on the AD box.
8
What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record?
: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure
On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote:
On 2011-03-29, at 10:20, Martin Kosek wrote:
On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:
What is a content of _ldap._tcp.ipa.ac.nz DNS SRV
: Re: [Freeipa-users] client setup failure
On 03/29/2011 03:26 PM, Steven Jones wrote:
Hi,
The DNS is in AD so it cant be set to suit IPA
I did as below and even with --force your script ignores these flags, it
insists on doing AD lookups and gets the AD infoand obviously the cert
Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure
Steven Jones wrote:
What do I put in the python script as a work around?
https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html
regards
I used --force as wellit still ignores it
regards
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:58 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure
tmp]#
So the client isnt appearing in the IPA web gui.so its a total failure to
join...
regards
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:03 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject
So I need 2 certificates?
and I have to manually add the root CA with certutil? to the IPA master as a
separate process?
regards
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:05 a.m.
To: Steven Jones
Cc: freeipa-users
is possible?
regards
From: Rich Megginson [rmegg...@redhat.com]
Sent: Wednesday, 30 March 2011 9:27 a.m.
To: Steven Jones
Cc: Rob Crittenden; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] AD setup failure
On 03/29/2011 02:14 PM, Steven Jones wrote:
So I
/YA5Wa/6wyiyIjTSO5xbQ4AaqQhGgyxWwPxkmAMLelPz+5ihYvJdi2/Z
gUNBujHSAm6yJj5jWd/Y1tfCcF0YJj5cmBFRWaRSExeAdOuQiQ==
-END CERTIFICATE-
From: Rich Megginson [rmegg...@redhat.com]
Sent: Wednesday, 30 March 2011 9:36 a.m.
To: Steven Jones
Cc: Rob Crittenden
Hi,
I get
certutil: function failed: security library: bad database.
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:49 a.m.
To: Steven Jones
Cc: Rich Megginson; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] AD setup
My windows person tells me that this cert is the root one, which apparently has
no permissions to do anything...
regards
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:49 a.m.
To: Steven Jones
Cc: Rich Megginson; freeipa-users
Same failure message
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:57 a.m.
To: Steven Jones
Cc: Rich Megginson; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] AD setup failure
Steven Jones wrote:
Hi,
I get
Hi,
This has IPA 2.0 rcX server and client in it?
regards
Steven
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
ooohhh
Think I can answer that myself!
ipa-server-2.0.0-16.el6.x86_64
:D
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Monday, 4 April 2011 9:29 a.m.
To: d
8-
Just to elaborate on Dmitri's comments. In addition to the IPA client
and server packages that are included in the RHEL6.1 beta channel, there
will be a separate RHEL add-on channel, Enterprise Identity Replication.
That add-on channel will contain ds-replication and the Windows sync
: Friday, 8 April 2011 10:21 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] 6.1 beta
On 04/07/2011 05:32 PM, Steven Jones wrote:
8-
Just to elaborate on Dmitri's comments. In addition to the IPA client
and server packages that are included in the RHEL6.1 beta channel
Hi,
Its no where near a full IdM from what I can see so far but if you want to glue
a straight forward but mixed environment together ie with MS AD and linux and
get one password say across the lot plus some control then it looks good enough.
So if you know what your goals are and want to see
Hi,
Anybody contemplating using Free-ipa should check with Redhat sales in their
region before getting interested. It seems freeipa wont be sold in all regions,
as an example in Asia Pacfic like RDS it may never be soldor at least it
may years away. So without access to the
2011 3:23 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Word of warning on freeipa availability
On 04/21/2011 04:11 AM, Steven Jones wrote:
Hi,
Anybody contemplating using Free-ipa should check with Redhat sales in their
region before getting interested. It seems freeipa
test
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
Where are the ipa-server-2.0 packages held these days ?
from previous list posts they were here, but I cant find them now
ipa-server-2.0.0-16.el6.x86_64
https://rhn.redhat.com/rhn/software/packages/details/Overview.do?pid=619857
Red Hat Enterprise Linux Server Beta (v. 6 for
Hi,
IMHO.
I wouldnt use fedora as a base for a business useits not very stable or
more importantly long lived. Ive done a proof of concept on F14, F14 is fine
for that, unless f15 is out? to take a good look at yes
You should be able to get the macs to authenticate to AD
wrote:
Steven Jones wrote:
Hi,
Digging through docs / googling I cant see any disk partition
suggestions and size thereof requirements...
Suggestions please? sizing for 500 servers, 2000 desktops, 5000+
users...
Especially around having different sections of the IPA master of
different
NB in the test use case at,
https://fedoraproject.org/wiki/QA:Testcase_freeipav2_installation#With_DNS
With DNS
#ipa-server-install -a secret123 -p 123Secret --domain=freeipa.org
--realm=FREEIPA.ORG --setup-dns -U --selfsign
It is coming back with wanting forwarders
I am trying to un-install freeipa with
ipa-server-install --uninstall and its saying not installed, but when I try to
install its saying already installed!
oops.
Is there a way to force the script to check and remove everything?
Or somewhere there is a lock file or something that needs
Hi,
Its quite interesting that there are no real clients for ipa outside of
RH/Fedorathis will probably do more to delay or restrict its adoption than
anything else.
regards
Steven
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com]
.
To: Steven Jones
Cc: nasir nasir; Adam Young; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Steven Jones wrote:
Hi,
Its quite interesting that there are no real clients for ipa outside of
RH/Fedorathis will probably do more to delay
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 11 May 2011 8:52 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] failure to un-install FreeIPA
Steven Jones wrote:
I logged in via ssh instead so I could get an output and the install worked
without
for Linux desktop deployment
On 05/10/2011 04:10 PM, Steven Jones wrote:
Hi,
Its quite interesting that there are no real clients for ipa outside of
RH/Fedorathis will probably do more to delay or restrict its adoption
than anything else.
Not sure what you are talking about. Any kerberos
: [Freeipa-users] FreeIPA for Linux desktop deployment
On 05/10/2011 05:11 PM, Steven Jones wrote:
Hi,
There are OSS packages that can be installed into Solaris.so I dont see
why freeipa cant be portedat least the x86 CPU version anyway.
I think this will be a huge undertaking
Hi,
Fixed I think, forgot to disable networkmanager.so did that uninstalled and
re-installed and its fine...so far...
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz
on DNS related issues when trying to set
things up in a small virtual environment using DNSMasq, so I feel your
pain. Please send a quick write up of your set up if you get everything
working.
On 05/10/2011 11:02 PM, Steven Jones wrote:
Hi,
Fixed I think, forgot to disable networkmanager.so did
client that failed install log as requested.
regards
From: Adam Young [ayo...@redhat.com]
Sent: Wednesday, 11 May 2011 3:33 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] fatal error for ipa with dns.
OK, I'll take a look
8
What I see as one of the selling points of IPA over any *nix client for
Active Directory, is the ability to use the operating system built in
tools.
Indeed.what makes my nether regions churn is installing something from
likewise or Quest which does
Any ideas with this please?
[root@vuwunicoadmint2 ~]# ipa-client-install --mkhomedir --server
vuwunicoipamt01 --domain unix.vuw.ac.nz -p admin
Discovery was successful!
Realm: UNIX.VUW.AC.NZ
DNS Domain: unix.vuw.ac.nz
IPA Server: vuwunicoipamt01
BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz
Continue to
Still having problems with getting a 5.6 cleint to 6.1beta master server...
[root@vuwunicologint2 x86_64]# rpm -q ipa-client
ipa-client-2.0-11
[root@vuwunicologint2 x86_64]#
[root@vuwunicologint2 x86_64]# ipa-client-install --mkhomedir --server
vuwunicoipamt01.unix.vuw.ac.nz --domain
/13/11 15:59:21 ad...@unix.vuw.ac.nz
[root@vuwunicoipamt01 etc]#
===
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Friday, 13 May 2011 3:56 p.m
/2011 06:00 AM, Steven Jones wrote:
[root@vuwunicoipamt01 etc]# ipa-getkeytab -k /tmp/vuwnicologint2.keytab -p
host/vuwunicologint2.unix.vuw.ac.nz -s vuwunicoipamt01.unix.vuw.ac.nz -p admin
The second -p overrides the first.
___
Freeipa-users mailing
Im getting,
SASL bind failed!
8
Steven Jones wrote:
So what should the command be?
# kinit admin
# ipa-getkeytab -k /tmp/vuwnicologint2.keytab -p
host/vuwunicologint2.unix.vuw.ac.nz -s vuwunicoipamt01.unix.vuw.ac.nz
___
Freeipa-users mailing
Qs,
1) We have a single master only for freeipa 2.0? so from what I can read the
replicas are passive? ie do they answer LDAP queries and also DNS queries if
DNS is integrated? but simply dont have a gui? or are they totally inert? Im
thinking of this as we really want 2 active DNS servers
is this how ipa works?
End State 5. A cross-realm trust is established between UNIX-based Kerberos and
Active Directory–based Kerberos in UNIX and Windows infrastructures that remain
separate. Windows and UNIX clients each authenticate to their own Kerberos Key
Distribution Center (KDC) and
2011 10:27 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] freeipa and AD
On 05/19/2011 06:06 PM, Steven Jones wrote:
is this how ipa works?
End State 5. A cross-realm trust is established between UNIX-based Kerberos
and Active Directory–based Kerberos in UNIX and Windows
and Universties shiboleth/federation
On 05/19/2011 07:19 PM, Steven Jones wrote:
Hi
Has anyone been near this?
My limited understanding is the shiboleth rpms can work with FDS, so Im
assuming there is a capability/link?
regards
___
Freeipa
Hi,
I seem to have similar issues, but since 6.1 proper is now out, Im starting
again from scratch, I need to improve disk layouts etc anyway.
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Sigbjorn Lie
Hi,
Why doesnt IPA use std unix UIDs? and how does that translate into Unix
permissions on a client if it does not?
BTW neat install, under 10mins and its up!
:D
regards
Steven
___
Freeipa-users mailing list
Freeipa-users@redhat.com
- client mismatch has no progressed to 6.1
On 05/23/2011 07:25 PM, Steven Jones wrote:
So even though I have the same versions I get the mis-match error., as per
5.6...except these did differ.
Firewall?
:(
regards
___
Freeipa-users mailing list
...@redhat.com]
Sent: Tuesday, 24 May 2011 12:07 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Server - client mismatch has no progressed to 6.1
On 05/23/2011 07:58 PM, Steven Jones wrote:
When its on I poked holes through it, to test I did service iptables stop...
Here's the iptables -L -n
-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Tuesday, 24 May 2011 12:57 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Server - client mismatch has no progressed to 6.1
looking at the install log its not resolving
1 - 100 of 564 matches
Mail list logo
