Hello,
I have a broken IPA environnment with very few users and groups and
I've setup a fresh new installation.
I already recreate users and groups and now need to keep old users
passwords. Is there a way to copy/paste users password between these
two differents IPA ?
Thank you for your help
Ale
505693334c,cn=sudorules,cn=sudo,dc=xxx,dc=xxx
2016-02-22 15:34 GMT+01:00 Alexandre Ellert :
> Hello,
>
> I've just deployed a new IPA server 4.2 / Centos 7.2 and I create my
> first sudo rule via web UI but it was duplicate (I don't know why...)
> Now I have two rules wi
Hello,
I've just deployed a new IPA server 4.2 / Centos 7.2 and I create my
first sudo rule via web UI but it was duplicate (I don't know why...)
Now I have two rules with the same name and I can't delete them :
# ipa sudorule-find --all
2 Sudo Rules matched
-
My FreeIPA PKI is totally broken since upgrade from 3.0 (RHEL 6.6) to 4.1
(RHEL 7.1)
This thread started on July and still no resolution... Can someone please
advice ?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http:
13:36 GMT+02:00 Alexandre Ellert :
>
> > Le 4 sept. 2015 à 16:37, Martin Babinsky a écrit :
> >
> > On 08/28/2015 05:46 PM, Alexandre Ellert wrote:
> >>
> >>> Le 28 août 2015 à 17:41, Alexander Bokovoy a
> écrit :
> >>>
> >>>
> Le 4 sept. 2015 à 16:37, Martin Babinsky a écrit :
>
> On 08/28/2015 05:46 PM, Alexandre Ellert wrote:
>>
>>> Le 28 août 2015 à 17:41, Alexander Bokovoy a écrit :
>>>
>>> On Fri, 28 Aug 2015, Alexandre Ellert wrote:
>>>>
>
> Le 28 août 2015 à 17:41, Alexander Bokovoy a écrit :
>
> On Fri, 28 Aug 2015, Alexandre Ellert wrote:
>>
>>> Le 28 août 2015 à 17:09, Alexander Bokovoy a écrit :
>>>
>>> On Wed, 26 Aug 2015, Alexandre Ellert wrote:
>>>>
>
> Le 28 août 2015 à 17:09, Alexander Bokovoy a écrit :
>
> On Wed, 26 Aug 2015, Alexandre Ellert wrote:
>>
>>> Le 28 juil. 2015 à 05:59, Alexander Bokovoy a écrit :
>>>> If the problem is too hard to solve, maybe I should try to deploy another
>>&g
> Le 28 juil. 2015 à 05:59, Alexander Bokovoy a écrit :
>> If the problem is too hard to solve, maybe I should try to deploy another
>> replica ?
> You may try that. Sorry for not responding, I have some other tasks that
> occupy my time right now.
>
Can you please tell me the procedure to dec
2015-07-23 8:41 GMT+02:00 Alexander Bokovoy :
> On Thu, 23 Jul 2015, Ludwig Krispenz wrote:
>
>> - Directory server starts just fine but serves only port 389
>>> - krb5kdc starts just fine and works fine with LDAP server
>>> - Dogtag tries to use LDAP server via port 636 and fails
>>>
>>> We need
> Le 22 juil. 2015 à 18:40, Alexander Bokovoy a écrit :
>
> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>
>>> Le 22 juil. 2015 à 18:08, Alexander Bokovoy a écrit :
>>>
>>> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>>>> # fgrep
> Le 22 juil. 2015 à 17:43, Alexander Bokovoy a écrit :
>
> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>
>>> Le 22 juil. 2015 à 17:09, Alexander Bokovoy a écrit :
>>>
>>> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>>>
>
> Le 22 juil. 2015 à 17:09, Alexander Bokovoy a écrit :
>
> On Wed, 22 Jul 2015, Alexandre Ellert wrote:
>>
>>> Le 20 juil. 2015 à 17:17, Alexander Bokovoy a écrit :
>>>
>>> On Mon, 20 Jul 2015, Alexandre Ellert wrote:
>>>>
>>
> Le 20 juil. 2015 à 17:17, Alexander Bokovoy a écrit :
>
> On Mon, 20 Jul 2015, Alexandre Ellert wrote:
>>
>>> Can you please show output from
>>> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema
>>
>> # fgrep -r 'dc' /etc/dir
> Le 20 juil. 2015 à 17:58, Petr Vobornik a écrit :
>
> On 07/20/2015 05:17 PM, Alexander Bokovoy wrote:
>> On Mon, 20 Jul 2015, Alexandre Ellert wrote:
>>>
>>>> Can you please show output from
>>>> fgrep -r 'dc' /etc/dirsrv/slapd-
> Can you please show output from
> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema
# fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: (
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema
>
> Is there anything related to the connection error in dirsrv logs?
>
> /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> /var/log/dirsrv/slapd-EXAMPLE-COM/access
> --
> Petr Vobornik
Yes, there are errors in /var/log/dirsrv/slapd-EXAMPLE-COM/errors when I try to
start with ipactl -f start:
==> e
> Le 16 juil. 2015 à 09:29, Lukas Slebodnik a écrit :
>
> I had a similar issue on fedora 21 or fedora 22.
> The workarounds from freeipa ticket #4666 did not help for me either.
> I found out that there was some problem with upgrading dogtag configuration.
>
> You can try up ru upgrade manuall
> Le 30 juin 2015 à 10:16, Alexandre Ellert a écrit :
>
>
>> Could you please provide the content of logfile:
>> `/var/log/pki/pki-tomcat/ca/debug', around the time the error
>> occurs?
>>
>> Thanks,
>> Fraser
>
> When the pki-tomcatd s
2015-06-29 19:37 GMT+02:00 Alexandre Ellert :
> Hello,
>
> I have a problem on a replica server running Centos 7.1 and ipa
> 4.1.0-18.el7.centos.3.x86_64 (last version)
> Ipa server doesn’t restart correctly (using systemctl restart ipa or reboot
> the whole server) :
> Could you please provide the content of logfile:
> `/var/log/pki/pki-tomcat/ca/debug', around the time the error
> occurs?
>
> Thanks,
> Fraser
When the pki-tomcatd service is trying to start, I see this message in
/var/log/pki/pki-tomcat/ca/debug
[30/Jun/2015:10:02:13][localhost-startStop-1
Hello,
I have a problem on a replica server running Centos 7.1 and ipa
4.1.0-18.el7.centos.3.x86_64 (last version)
Ipa server doesn’t restart correctly (using systemctl restart ipa or reboot the
whole server) :
# ipactl status
Directory Service: STOPPED
Directory Service must be running in order
> You have to adapt the example to your environment:
> LDAP search base should be "cn=dns, dc=ivscloud, dc=local"
>
>> $ ldapsearch -Y GSSAPI -b 'cn=dns,dc=example,dc=com'
>> '(objectClass=idnsConfigObject)'
> [...]
>> # search result
>> search: 4
>> result: 32 No such object
My mistake, her
> We need more information about your configuration. Please add details
> mentioned at
>
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting#Aboutyouroperatingsystemdistribution
>
> and
>
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BugReporting#Abouttheplugin
What distribution/ve
Hi,
This night, named crashed on my IPA server (Centos 6.5) :
Dec 29 02:27:02 ipa-master named[1537]: received control channel command
'reload'
Dec 29 02:27:03 ipa-master named[1537]: ldap_helper.c:640:
REQUIRE(pthread_kill(ldap_inst->watcher, 10) == 0) failed, back trace
Dec 29 02:27:03 ipa-ma
Hi,
I've successfully setup a testing environment with an IPA server (RHEL 6.4) and
a cross realm trust with my Active Directory (Win2008 R2).
Authentication works both with AD passwords and Kerberos GSS-API.
Now, I'm trying to find the way to manage ssh key which belong to AD users. It
seems t
Thank you so much Rob !
It works juste fine :)
Alexandre
Le 13 août 2013 à 14:42, Rob Crittenden a écrit :
> Alexandre Ellert wrote:
>> Hi,
>>
>> I'm trying to get working a sudo rule for a group of user, basically if want
>> to allow all the develope
Hi,
I'm trying to get working a sudo rule for a group of user, basically if want to
allow all the developers (dev-users) to become root on developers servers
(dev-servers).
When this rule is applied to a single host or all hosts or severals named host,
it works fine : dev-users can sudo without
Sorry, mistake from me.
I remove all patch from RHEL and just keep
0053-Cookie-Expires-date-should-be-locale-insensitive.patch.
Everything seems fine now.
I'm going to test.
Thanks for you help
Le 19 juil. 2013 à 17:53, Alexandre Ellert a écrit :
> It's based on 3.
Transport instance has no attribute '_conn'
Failed to upload host SSH public keys.
-> Key are correctly uploaded on the new VM.
Le 19 juil. 2013 à 16:30, Alexandre Ellert a écrit :
>
> Le 19 juil. 2013 à 16:24, Martin Kosek a écrit :
>
>> On 07/19/2013 03:28 PM, A
fter_ keys were uploaded to the server.
>
> Anyway, what version of IPA software is the Debian package based on? I cannot
> find line "self._conn.close()" in ipalib/rpc.py in any of our active branches.
>
> Martin
>
> On 07/19/2013 05:03 PM, Alexandre Ellert wrote:
Le 19 juil. 2013 à 16:24, Martin Kosek a écrit :
> On 07/19/2013 03:28 PM, Alexandre Ellert wrote:
>>
>> Le 19 juil. 2013 à 10:20, Martin Kosek a écrit :
>>
>>> On 07/19/2013 02:59 AM, Alexandre Ellert wrote:
>>>> Hi,
>>>>
>>&g
Le 19 juil. 2013 à 10:20, Martin Kosek a écrit :
> On 07/19/2013 02:59 AM, Alexandre Ellert wrote:
>> Hi,
>>
>> I have these 3 errors/warnings message when I join a Debian client to a RHEL
>> 6.4 server (ipa-server-3.0.0-26.el6_4.4.x86_64):
>>
>> =&g
server u'https://inf-ipa.numeezy.fr/ipa/xml'
host_mod: KerbTransport instance has no attribute '_conn'
Failed to upload host SSH public keys.
Please let me know if more information is needed and thanks in advance for your
help.
Regards,
Alexandre
Le 18 juil. 2013 à 19:49, Arthu
t-get source freeipa.
Feel free to contact me if you have any issue using this package.
PS : I've based my work on package done by Timo Aaltonen for Ubuntu. Thanks to
him for his excellent work !
Alexandre
Le 15 juil. 2013 à 08:37, Petr Spacek a écrit :
> On 12.7.2013 19:57, Alexandre
exander Bokovoy a écrit :
> On Fri, 12 Jul 2013, Alexandre Ellert wrote:
>> Hi,
>>
>> I'm currently trying to get a functional .deb package working on Debian
>> Wheezy.
>> I have tried to recompile a package from Ubuntu Precise
>> (https://launchp
Hi,
I'm currently trying to get a functional .deb package working on Debian Wheezy.
I have tried to recompile a package from Ubuntu Precise
(https://launchpad.net/~freeipa/+archive/ppa) without success.
First error was about compiling ipa-join :
ipa-join.c: In function ‘callRPC’:
ipa-join.c:174:
37 matches
Mail list logo