Re: [Freeipa-users] AD setup failure

So I need 2 certificates? and I have to manually add the root CA with certutil? to the IPA master as a separate process? regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:05 a.m. To: Steven Jones Cc: freeipa-users

Re: [Freeipa-users] client setup failure

What patch? and how do I apply it? From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:16 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote

Re: [Freeipa-users] AD setup failure

+73bwrgyOzwwAGyQVYBIqQxTc2Ya6GD2xDeTUNZ sdNMKhYDnJGXmJIjFQRBP513m/2yMg02NQZk/4Bq6KBbEoU= -END CERTIFICATE- From: Rich Megginson [rmegg...@redhat.com] Sent: Wednesday, 30 March 2011 9:04 a.m. To: Steven Jones Cc: Rob Crittenden; freeipa-users@redhat.com Subject: Re

Re: [Freeipa-users] AD setup failure

ot cert is possible? regards From: Rich Megginson [rmegg...@redhat.com] Sent: Wednesday, 30 March 2011 9:27 a.m. To: Steven Jones Cc: Rob Crittenden; freeipa-users@redhat.com Subject: Re: [Freeipa-users] AD setup failure On 03/29/2011 02:14 PM, Steven Jones w

Re: [Freeipa-users] AD setup failure

bzlNqJOyCKC mecOF5fF/YA5Wa/6wyiyIjTSO5xbQ4AaqQhGgyxWwPxkmAMLelPz+5ihYvJdi2/Z gUNBujHSAm6yJj5jWd/Y1tfCcF0YJj5cmBFRWaRSExeAdOuQiQ== -END CERTIFICATE- From: Rich Megginson [rmegg...@redhat.com] Sent: Wednesday, 30 March 2011 9:36 a.m. To: Steven Jone

Re: [Freeipa-users] AD setup failure

Hi, I get "certutil: function failed: security library: bad database." From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:49 a.m. To: Steven Jones Cc: Rich Megginson; freeipa-users@redhat.com Subject: Re: [Freeipa-users

Re: [Freeipa-users] AD setup failure

My windows person tells me that this cert is the root one, which apparently has no permissions to do anything... regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:49 a.m. To: Steven Jones Cc: Rich Megginson; freeipa-users

Re: [Freeipa-users] AD setup failure

uh, this is a AD 2003 domain, so this stuff only works with 2008 AD? regards From: Rich Megginson [rmegg...@redhat.com] Sent: Wednesday, 30 March 2011 9:36 a.m. To: Steven Jones Cc: Rob Crittenden; freeipa-users@redhat.com Subject: Re: [Freeipa-users] AD

Re: [Freeipa-users] client setup failure

From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:24 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > What patch? > > and how d

Re: [Freeipa-users] AD setup failure

Same failure message From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 9:57 a.m. To: Steven Jones Cc: Rich Megginson; freeipa-users@redhat.com Subject: Re: [Freeipa-users] AD setup failure Steven Jones wrote: > Hi, > &

Re: [Freeipa-users] client setup failure

den [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 10:06 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > > > From: Rob Crittenden [rcrit...@redhat

Re: [Freeipa-users] client setup failure

stupidity IMHO. F15 itself is alpha codecrazy regards Steven From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 30 March 2011 10:23 a.m. To: Steven Jones Cc: d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] client setup

Re: [Freeipa-users] IPA Client join

Hi, Just a note...on compatibilityyes I know IPA isnt fit yet but... If your POC environment is Vmware based F14 isnt supported for vmtools and you cant install vmware tools either it barfs at kernel detection, not good. So, if I want to do freeIPA I have to run F14 on RHEL6.0 as KVMs

[Freeipa-users] 6.1 beta

Hi, This has IPA 2.0 rcX server and client in it? regards Steven ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] 6.1 beta

ooohhh Think I can answer that myself! ipa-server-2.0.0-16.el6.x86_64 :D regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Monday, 4 April 2011 9:29 a.m. To: d

Re: [Freeipa-users] 6.1 beta

8><- > Just to elaborate on Dmitri's comments. In addition to the IPA client > and server packages that are included in the RHEL6.1 beta channel, there > will be a separate RHEL add-on channel, Enterprise Identity Replication. > That add-on channel will contain ds-replication and the Windows

Re: [Freeipa-users] 6.1 beta

Pal [d...@redhat.com] Sent: Friday, 8 April 2011 10:21 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] 6.1 beta On 04/07/2011 05:32 PM, Steven Jones wrote: > 8><- > > >> Just to elaborate on Dmitri's comments. In addition to the IPA client >> and s

Re: [Freeipa-users] Installing on CentOS 5.X?

Hi, Its no where near a full IdM from what I can see so far but if you want to glue a straight forward but mixed environment together ie with MS AD and linux and get one password say across the lot plus some control then it looks good enough. So if you know what your goals are and want to see i

[Freeipa-users] Word of warning on freeipa availability

Hi, Anybody contemplating using Free-ipa should check with Redhat sales in their region before getting interested. It seems freeipa wont be sold in all regions, as an example in Asia Pacfic like RDS it may never be soldor at least it may years away. So without access to the replication/AD

Re: [Freeipa-users] Word of warning on freeipa availability

Friday, 22 April 2011 3:23 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Word of warning on freeipa availability On 04/21/2011 04:11 AM, Steven Jones wrote: > Hi, > > > > Anybody contemplating using Free-ipa should check with Redhat sales in their > region before

[Freeipa-users] test

test ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Questions from Steven Jones

sons. regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Simo Sorce [s...@redhat.com] Sent: Wednesday, 4 May 2011 1:18 a.m. To: d...@redhat.com Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Questions from Steven Jones On Tue, 2011-05-03

[Freeipa-users] Disk layout - requirements

Hi, Digging through docs / googling I cant see any disk partition suggestions and size thereof requirements... Suggestions please? sizing for 500 servers, 2000 desktops, 5000+ users... Especially around having different sections of the IPA master of different raid groups if that's needed...

[Freeipa-users] RHEL6.1 beta

Hi, Where are the ipa-server-2.0 packages held these days ? from previous list posts they were here, but I cant find them now ipa-server-2.0.0-16.el6.x86_64 Red Hat Enterprise Linux Server Beta (v. 6 for

Re: [Freeipa-users] FreeIPA questions

Hi, IMHO. I wouldnt use fedora as a base for a business useits not very stable or more importantly long lived. Ive done a proof of concept on F14, F14 is fine for that, unless f15 is out? to take a good look at yes You should be able to get the macs to authenticate to AD directly...

Re: [Freeipa-users] Disk layout - requirements

05/06/2011 04:12 PM, Rob Crittenden wrote: >>> Steven Jones wrote: >>>> >>>> Hi, >>>> >>>> Digging through docs / googling I cant see any disk partition >>>> suggestions and size thereof requirements... >>>> >>>&g

[Freeipa-users] test use cases

NB in the test use case at, https://fedoraproject.org/wiki/QA:Testcase_freeipav2_installation#With_DNS With DNS #ipa-server-install -a secret123 -p 123Secret --domain=freeipa.org --realm=FREEIPA.ORG --setup-dns -U --selfsign It is coming back with wanting forwarders

[Freeipa-users] failure to un-install FreeIPA

I am trying to un-install freeipa with ipa-server-install --uninstall and its saying not installed, but when I try to install its saying already installed! oops. Is there a way to force the script to check and remove everything? Or somewhere there is a lock file or something that needs removin

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

Hi, Its quite interesting that there are no real clients for ipa outside of RH/Fedorathis will probably do more to delay or restrict its adoption than anything else. regards Steven From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com]

Re: [Freeipa-users] failure to un-install FreeIPA

I logged in via ssh instead so I could get an output and the install worked without a hitch... :/ weird... regards Steven From: Martin Kosek [mko...@redhat.com] Sent: Tuesday, 10 May 2011 8:32 p.m. To: Steven Jones Cc: freeipa-users@redhat.com

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

4 a.m. To: Steven Jones Cc: nasir nasir; Adam Young; freeipa-users@redhat.com Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment Steven Jones wrote: > Hi, > > Its quite interesting that there are no real clients for ipa outside of > RH/Fedorathis will probably do

Re: [Freeipa-users] failure to un-install FreeIPA

D regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 11 May 2011 8:52 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] failure to un-install FreeIPA Steven Jones wrote: > I logged in via ssh instead so I could get an output and the i

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

reeIPA for Linux desktop deployment On 05/10/2011 04:10 PM, Steven Jones wrote: > Hi, > > Its quite interesting that there are no real clients for ipa outside of > RH/Fedorathis will probably do more to delay or restrict its adoption > than anything else. > Not sure wha

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

: [Freeipa-users] FreeIPA for Linux desktop deployment On 05/10/2011 05:11 PM, Steven Jones wrote: > Hi, > > There are OSS packages that can be installed into Solaris.so I dont see > why freeipa cant be portedat least the x86 CPU version anyway. I think this will be a huge und

[Freeipa-users] fatal error for ipa with dns.

I have installed ipa but Im getting this error, named wont run as wont kinit admin. = May 11 14:11:40 vuwunicoipamt01 named[3132]: starting BIND 9.7.3-RedHat-9.7.3-1.el6 -u named May 11 14:11:40 vuwunicoipamt01 named[3132]: built with '--build=x86_64-redhat-linux-gnu' '--host=x8

Re: [Freeipa-users] fatal error for ipa with dns.

Hi, There also appears to be no unix.vuw.ac.nz zone, which i was expecting.so I make this by hand? regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Wednesday

Re: [Freeipa-users] fatal error for ipa with dns.

Hi, Fixed I think, forgot to disable networkmanager.so did that uninstalled and re-installed and its fine...so far... regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz

Re: [Freeipa-users] fatal error for ipa with dns.

ew on DNS related issues when trying to set things up in a small virtual environment using DNSMasq, so I feel your pain. Please send a quick write up of your set up if you get everything working. On 05/10/2011 11:02 PM, Steven Jones wrote: > Hi, > > Fixed I think, forgot to disable network

Re: [Freeipa-users] fatal error for ipa with dns.

Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] fatal error for ipa with dns. OK, I'll take a look. BTW, what is your DNS set up outside of the IPA Server: does your IPA server have A FQDN in a different server? On 05/10/2011 11:28 PM, Steven Jones wrote: > all

Re: [Freeipa-users] fatal error for ipa with dns.

client that failed install log as requested. regards From: Adam Young [ayo...@redhat.com] Sent: Wednesday, 11 May 2011 3:33 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] fatal error for ipa with dns. OK, I'll take a

Re: [Freeipa-users] fatal error for ipa with dns.

http error log as requested From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Wednesday, 11 May 2011 3:55 p.m. To: Adam Young Cc: freeipa-users@redhat.com Subject: Re

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

8>< What I see as one of the selling points of IPA over any "*nix client for Active Directory", is the ability to use the operating system built in tools. Indeed.what makes my nether regions churn is installing something from likewise or Quest which does nas

Re: [Freeipa-users] fatal error for ipa rhel 5.6 client

Any ideas with this please? [root@vuwunicoadmint2 ~]# ipa-client-install --mkhomedir --server vuwunicoipamt01 --domain unix.vuw.ac.nz -p admin Discovery was successful! Realm: UNIX.VUW.AC.NZ DNS Domain: unix.vuw.ac.nz IPA Server: vuwunicoipamt01 BaseDN: dc=unix,dc=vuw,dc=ac,dc=nz Continue to co

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

Hi, Kind of a wild shot, but what mode is selinux in? I find if its enforcing all sorts of things pop up not working on occasion regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of nasir nasir [kollath...@yahoo.co

[Freeipa-users] RHEL client to IPA

Still having problems with getting a 5.6 cleint to 6.1beta master server... [root@vuwunicologint2 x86_64]# rpm -q ipa-client ipa-client-2.0-11 [root@vuwunicologint2 x86_64]# [root@vuwunicologint2 x86_64]# ipa-client-install --mkhomedir --server vuwunicoipamt01.unix.vuw.ac.nz --domain unix.vuw.

Re: [Freeipa-users] RHEL client to IPA

/13/11 15:59:21 ad...@unix.vuw.ac.nz [root@vuwunicoipamt01 etc]# === From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Friday, 13 May 2011 3:56 p.m. To

Re: [Freeipa-users] RHEL client to IPA

/2011 06:00 AM, Steven Jones wrote: > [root@vuwunicoipamt01 etc]# ipa-getkeytab -k /tmp/vuwnicologint2.keytab -p > host/vuwunicologint2.unix.vuw.ac.nz -s vuwunicoipamt01.unix.vuw.ac.nz -p admin The second -p overrides the first. ___ Freeipa

[Freeipa-users] How to reset the admin password

? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] RHEL client to IPA

Im getting, "SASL bind failed!" 8><---- Steven Jones wrote: > So what should the command be? # kinit admin # ipa-getkeytab -k /tmp/vuwnicologint2.keytab -p host/vuwunicologint2.unix.vuw.ac.nz -s vuwunicoipamt01.unix.vuw.ac.nz __

Re: [Freeipa-users] RHEL client to IPA

011 3:31 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] RHEL client to IPA Is ns-ldap / kdc running on vuwunicoipamt01.unix.vuw.ac.nz? service dirsrv status service krb5kdc status And are you running the command on vuwunicoipamt01.unix.vuw.ac.nz? On May 17, 2011,

Re: [Freeipa-users] RHEL client to IPA

Which is why I asked rob how to reset it which I didso its not that?..at least it makes no obvious sense that it is? regards From: Simo Sorce [s...@redhat.com] Sent: Thursday, 19 May 2011 3:06 a.m. To: Steven Jones Cc: freeipa-users@redhat.com

Re: [Freeipa-users] RHEL client to IPA

]$ From: Rich Megginson [rmegg...@redhat.com] Sent: Thursday, 19 May 2011 1:22 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] RHEL client to IPA On 05/17/2011 09:36 PM, Steven Jones wrote: > the dirsrv isnt running... >

[Freeipa-users] IPA server as a DNS server and design things

Qs, 1) We have a single master only for freeipa 2.0? so from what I can read the replicas are passive? ie do they answer LDAP queries and also DNS queries if DNS is integrated? but simply dont have a gui? or are they totally inert? Im thinking of this as we really want 2 active DNS servers

[Freeipa-users] freeipa and AD

is this how ipa works? End State 5. A cross-realm trust is established between UNIX-based Kerberos and Active Directory–based Kerberos in UNIX and Windows infrastructures that remain separate. Windows and UNIX clients each authenticate to their own Kerberos Key Distribution Center (KDC) and (if

Re: [Freeipa-users] freeipa and AD

2011 10:27 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] freeipa and AD On 05/19/2011 06:06 PM, Steven Jones wrote: > is this how ipa works? > > End State 5. A cross-realm trust is established between UNIX-based Kerberos > and Active Directory–based Kerberos in UNIX

[Freeipa-users] freeipa and Universties shiboleth/federation

Hi Has anyone been near this? My limited understanding is the shiboleth rpms can work with FDS, so Im assuming there is a capability/link? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freei

Re: [Freeipa-users] freeipa and Universties shiboleth/federation

and Universties shiboleth/federation On 05/19/2011 07:19 PM, Steven Jones wrote: > Hi > > Has anyone been near this? > > My limited understanding is the shiboleth rpms can work with FDS, so Im > assuming there is a capability

Re: [Freeipa-users] IPA Startup issues

Hi, I seem to have similar issues, but since 6.1 proper is now out, Im starting again from scratch, I need to improve disk layouts etc anyway. regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Sigbjorn Lie [

[Freeipa-users] Why not unix UIDs (numbers and range)

Hi, Why doesnt IPA use std unix UIDs? and how does that translate into Unix permissions on a client if it does not? BTW neat install, under 10mins and its up! :D regards Steven ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.red

Re: [Freeipa-users] IPA Startup issues

Rgds, Siggi On 05/22/2011 10:18 PM, Steven Jones wrote: > Hi, > > I seem to have similar issues, but since 6.1 proper is now out, Im starting > again from scratch, I need to improve disk layouts etc anyway. > > regards > > > ___

[Freeipa-users] Debian 7.0.8 and REHL IPA

Hi, Anyone have experience with running the sssd client (I assume its available) on Debian 7.0.8 against a RH IPA setup? Is it painless long term or best avoided? regards Steven -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeip

[Freeipa-users] IPA and geographically distributed masters

Hi, Would IPA have issues if one master is one one side of the Pacific (New Zealand) and another in the USA? regards Steven J -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the pr

[Freeipa-users] ssh key issues with IPA enabled servers

Hi, I am trying to setup ssh keys into an IPA enabled server. This refuses to work asking for a password each time. If I drop the server out of IPA the ssh keys then work. I can ssh from a non-IPA RHEL7 server to an IPA enabled server but non-IPA user fine, but when I try to go to a IPA user

[Freeipa-users] Integrating samba 4 to AD for authentication with an IPA enabled client.

Hi, Is this possible?I am trying to find some docs to do this but they point at sssd and/or kerberos. But looking at RHEL7.1 / samba 4 it looks to me that with an IPA enabled client sssd, kerberos and ldap files/configuration are committed to IPA's use so cannot be altered? regards Stev

[Freeipa-users] Ugrading IPA to dogtag? CA?

It seems I built IPA with self signed certs so I need to upgrade? is this possible? and if so how on existing servers? regards Steven -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more in

[Freeipa-users] Replacing the "master"

I have a 3 node IPA cluster, I have replaced the 2 "slaves" however when I try and remove the last one the master? it says, "[root@vuwunicoipam001 thing]# ipa-replica-manage del vuwunicoipam002. Directory Manager password: Deleting a master is irreversible. To reconnect to the remote ma

Re: [Freeipa-users] Replacing the "master"

Martin Kosek wrote: > On 09/04/2015 12:00 AM, Rob Crittenden wrote: >> Steven Jones wrote: >>> I have a 3 node IPA cluster, I have replaced the 2 "slaves" however when I >>> try and remove the last one the master? it says, >>> >>>

Re: [Freeipa-users] Ugrading IPA to dogtag? CA?

RHEL6.7 and IPA 3.0 "self-signed" not understanding such terminology terribly well, I am not sure at all. What command will tell me what I have? regards Steven From: Rob Crittenden Sent: Saturday, 5 September 2015 1:26 a.m. To: Steve

Re: [Freeipa-users] Ugrading IPA to dogtag? CA?

Crittenden Sent: Wednesday, 9 September 2015 3:20 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Ugrading IPA to dogtag? CA? Steven Jones wrote: > RHEL6.7 and IPA 3.0 > > "self-signed" not understanding such terminology terribly well, I am not >

Re: [Freeipa-users] Replacing the "master"

as below, regards Steven 8>< But overall, there is a decent HOWTO on the migration on these pages: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html 8>< fraid not, tried it. ==

[Freeipa-users] attempting to restore IPA

So to restore IPA I tried, ipa-restore --data ipa-full-2015-09-10-10-28-11 and now I cannot loginopsie. The admin user password doesnt work and neither do my own accounts. NB I assume the flag --data restores the user data/HBAC rules etc? regards Steven -- Manage your subscription

Re: [Freeipa-users] Failed to start pki-tomcatd Service

Hi, I am in a similar boat, well RHEL6.7 to RHEL7.1. I joined a RHEL7.1 / IPA4.1 to the 6.7 / IPA3.0 --self-cert domain, got rid of all the 6.7's so I was ca-less. Did a full backup on the RHEL7.1 / IPA 4.1. Blew away the ipa server, installed fresh, pki-tomcat runs, did a restore and pki-t

[Freeipa-users] Limited "self" registration to IPA and an IPA group

Hi, I have a request to do limited automatic/self provisioning of users provisioning to specifc server. The idea is a lecturer would setup students into IPA and select a specific user group from a limited drop down menu. Is this possible to do such provisioning a very tied down / limited ac

[Freeipa-users] 3 way IPA setup

Hi, I have a 3 way IPA 4.2 setup running on Centos7.2 So ipa2 and ipa3 are replicas from ipa1. Is a replication agreement setup between 2 and 3 automatically by default? (I suspect not) how do I see this is or is not the case? This is what I have so far, == [root@glusterp2 ~]# ip

Re: [Freeipa-users] Locked out admin

Login a directory manager? regards Steven Jones Technical Specialist - Linux RHCE Victoria University ITS, Level 8 Rankin Brown Building, Wellington, NZ 6012 0064 4 463 6272 From: freeipa-users-boun...@redhat.com on behalf of Mario Gonzalez Sent

[Freeipa-users] RHEL7 rc 64bit

Hi, Would it be expected that a RHEL7rc machine would be connectible to IPA on RHEL6.5? Just tried and it doesnt seem to be. regards Steven Jones Technical Specialist - Linux RHCE Victoria University ITS, Level 8 Rankin Brown Building, Wellington, NZ 6012 0064 4 463 6272

Re: [Freeipa-users] RHEL7 rc 64bit

Hi, Problem between keyboard and chair. When joining to the domain I missed a "-" infront of mkhomedir so doesnt create home directories and hence the gui bombs. regards Steven Jones Technical Specialist - Linux RHCE Victoria University ITS, Level 8 Rankin Brown Building, Well

[Freeipa-users] Biasing which master clients talk to first

Hi, We have a master at our DR site which is "further way" than our 2 local masters, is there a way (in DNS say) that we could "encourage" clients to use the closer IPA masters? eg host -t SRV _ldap._tcp.ods.vuw.ac.nz _ldap._tcp.ods.vuw.ac.nz has SRV record 0 100 389 serveripa3 _ldap._tcp.ods

Re: [Freeipa-users] Integrating with Smart Cards

Hi, We want to use 2FA tokens and cant because of a Kerberos issue. I assume if this hasnt been upgraded yet that you cant get the passthrough? I'll we interested to know if that is now not the case or at least an idea when it will be GA. regards Steven Jones Technical Specialist -

[Freeipa-users] RHEL7 IPA servers

Hi, Any thoughts / issues on upgrading RHEL6.5 IPA servers to RHEL7 when it comes out? ie from the process of doing it, mixing issues ie 1 RHEL7 master with 2 x 6.5 masters? new capabilities making it a must have? that wont be on 6.5? regards Steven Jones Technical Specialist - Linux RHCE

[Freeipa-users] winsync failure

== [vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [-1 Total update abortedLDAP error: Can't contact LDAP server] Failed to start replication == Any ideas why please? it looked like it transferred about 1900 odd records then bombed out. regards Steven

Re: [Freeipa-users] winsync failure

Hi, Thanks that confirms my thought as well. In a cloned test environment the sync took 25mins, in 2 hours I got 2000 out of 8000 records, so something was very slow. So the only change/variable is the network. regards Steven Jones Technical Specialist - Linux RHCE Victoria University ITS

[Freeipa-users] IPA compatibility to win2k12r2

Hi, We are currently on win2k3r2 and are upgrading to win2k12R2, is IPA compatible with win2k12r2? Anything to watch out for? regards Steven ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-use

Re: [Freeipa-users] IPA compatibility to win2k12r2

Hi, Both, but especially the former. RHEL6.5 documentation seems to only talk about win2k8. regards Steven Jones Technical Specialist - Linux RHCE Victoria University ITS, Level 8 Rankin Brown Building, Wellington, NZ 6012 0064 4 463 6272 From

Re: [Freeipa-users] IPA compatibility to win2k12r2

Hi While Im sure it works, bitter experience has taught me that I am not going to deploy anything in Production that doesnt have full vendor support, especially IPA. So until win2k12r2 is supported, I wont touch it. regards Steven Jones Technical Specialist - Linux RHCE Victoria University

[Freeipa-users] Setting up IPA to log remotely

Is there a way to get IPA to send its logs remotely? regards Steven ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Setting up IPA to log remotely

teven From: Rob Crittenden Sent: Tuesday, 3 June 2014 9:27 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Setting up IPA to log remotely Steven Jones wrote: > Is there a way to get IPA to send its logs remotely? We intend to do something like this with aud

[Freeipa-users] State of play with 2FA and Kerberos please?

Hi, I posted a while back (1 year?) on making IPA work with 2FA. If I recall correctly there is or was a problem with Kerberos passing through? the 2FA and FreeIPA was waiting on a Kerberos update/fix? Has this been done for IPA on REDHAT6.5? or is it still sometime in the future? if so appr

Re: [Freeipa-users] State of play with 2FA and Kerberos please?

Hi, Apparently RHEL7 has limited 2FA? Is there any documentation on what it can do at present in RHEL7 please? regards Steven Jones Technical Specialist - Linux RHCE Victoria University ITS, Level 8 Rankin Brown Building, Wellington, NZ 6012 0064 4 463 6272

Re: [Freeipa-users] State of play with 2FA and Kerberos please?

Hi, Thanks, presumably 6~12months away, maybe even 2+ years aka RHEL8 :( regards Steven Jones Technical Specialist - Linux RHCE Victoria University ITS, Level 8 Rankin Brown Building, Wellington, NZ 6012 0064 4 463 6272 From: freeipa-users-boun

Re: [Freeipa-users] DNS Design for FreeIPA4

Hi, KISS keep it simple and stupid. What we do is, AD domain is domain.com and does all its own DNS and Kerberos, all windows machines point at it etc IPA domain is ipa.domain.com and all IPA's and indeed all Linux servers point at IPA for everything incl NTP. IPA servers use the AD server

[Freeipa-users] IPA with OTP

Hi, Any docs for RHEL7.1 for his? regards Steven -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA with OTP

: Re: [Freeipa-users] IPA with OTP On 01/20/2015 05:07 PM, Steven Jones wrote: Hi, Any docs for RHEL7.1 for his? regards Steven Docs will be based on this: http://www.freeipa.org/page/V3/OTP -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your

Re: [Freeipa-users] RFEs

Hi, "> As an user, i'm part of the FOO.EXAMPLE.COM FreeIPA domain and i want to connect to some hosts in BAR.EXAMPLE.COM FreeIPA. This is on the radar though I couldn't find an open ticket on it. It isn't something for the very near-term though AFAIK." I will open a ticket via support as it is

[Freeipa-users] 2012r2 AD and RHEL 7.1 IPA compatibility

Where is this at? ie is the above a supported configuration? So will passync and winsync work OK? Will trusts? Will they work together? So ideally I'd like to use winsync and passsync to provision users from AD to IPA. Then in specific low security situations use trusts to grant access.

Re: [Freeipa-users] sssd compatibility with older RHEL 6 minor releases.

Hi, Not knowing your specific circumstance but my experience over the last decade plus would be keep the RHEL, Debian/Ubuntu and Solaris servers up to date all the time, or at least 1~2 months behind max. eg we clone off RHEL channels into testing channels and patch then clone production fro

Re: [Freeipa-users] Minimum Disk Size

I would suggest, 1 x 3ghz CPU, 2gb of ram and around 80gb disk space. To give you an idea of a small IPA server to see what is used, Though note the recommendation is for root and /usr to now be one partition and /boot should probably be a bit bigger, say 400mb. === -bash-4.1$ df -h Files

[Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

While attempting to initialise the new server I am getting, [root@xx replica-files]# ipa-replica-install --setup-dns --forwarder=10.100.32.31 --no-reverse replica-info-xxx.gpg --skip-conncheck --debug =8>< packages/ipaserver/install/plugins/update_uniquene

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

Hi, I have no idea how. regards Steven From: Rob Crittenden Sent: Tuesday, 17 February 2015 10:40 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

result search: 4 result: 32 No such object # numResponses: 1 regards Steven From: Rob Crittenden Sent: Tuesday, 17 February 2015 10:59 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second

<    1   2   3   4   5   6   7   8   >