o:data...@gmail.com>>, Andrey
Ptashnik mailto:aptash...@cccis.com>>
Cc: "freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>"
mailto:freeipa-users@redhat.com>>
Subject: Re: [Freeipa-users] Upgrade from IPA 4.2
On 04/04/2017 02:23 AM, Lachlan Musicman wrote:
O
Hello,
We have Centos 7.2 and IPA 4.2 version.
I remember that in previous versions in order to upgrade to the latest one I
had to run IPA upgrade scripts that would separately upgrade LDAP database. Is
that the same procedure if I need to upgrade from version 4.2?
Regards,
Andrey
--
Manage
Team,
Is it possible to setup read only replica for use in DMZ for example?
Regards,
Andrey
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi IPA team,
Can I use the same FreeIPA server to be a domain controller for more than one
domain?
Regards,
Andrey Ptashnik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the
On 9/7/16, 1:48 PM, "Rob Crittenden" wrote:
>Andrey Ptashnik wrote:
>> Hello FreeIPA team,
>>
>> Our FreeIPA server cluster is at version 4.2.0 and expecting Ubuntu 16
>> machines with FreeIPA client software 4.3.1 soon to join our IPA domain.
>> Are
Hello FreeIPA team,
Our FreeIPA server cluster is at version 4.2.0 and expecting Ubuntu 16 machines
with FreeIPA client software 4.3.1 soon to join our IPA domain. Are there any
compatibility issues that we may encounter?
Regards,
Andrey
--
Manage your subscription for the Freeipa-users mail
Hello FreeIPA team,
Our FreeIPA server cluster is at version 4.2.0 and expecting Ubuntu 16 machines
with FreeIPA client software 4.3.1 soon to join our IPA domain. Are there any
compatibility issues that we may encounter?
Regards,
Andrey
--
Manage your subscription for the Freeipa-users mailin
Hello IPA team,
Is there a way to implement IPA to IPA trust between different domains?
We are thinking of using more than one domain, however we will need users to
cross login from one domain to another.
Regards,
Andrey
--
Manage your subscription for the Freeipa-users mailing list:
https://w
ean up records completely. Additionally if I can
expect the same behavior on client versions lower than CentOS/RHEL 7.1 + IPA 4.1
Regards,
Andrey Ptashnik
On 12/14/15, 4:21 AM, "Alexander Bokovoy" wrote:
>On Fri, 11 Dec 2015, Andrey Ptashnik wrote:
>>Hello Team,
>&
perfect
example).
Regards,
Andrey Ptashnik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
perfect
example).
Regards,
Andrey Ptashnik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Martin,
For my education, how did you identify that from my output?
Regards,
Andrey Ptashnik
From: Martin Basti mailto:mba...@redhat.com>>
Date: Monday, December 7, 2015 at 1:24 PM
To: Andrey Ptashnik mailto:aptash...@cccis.com>>,
"freeipa-users@redhat.com<mailto:free
dNSTTL: 1200
objectClass: idnsRecord
objectClass: top
Number of entries returned 1
[root@ipa-idm]#
Regards,
Andrey Ptashnik
From: Martin Basti mailto:mba...@redhat.com>>
Date: Monday, December 7, 2015 at 12:45 PM
To: Andrey Pt
ecord not found” error message.
Are there any ways to forcefully delete such stalled records or find out the
root cause of this error message?
Regards,
Andrey Ptashnik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http:
Thank you, Rob and Martin!
I was under impression that that v.5 was not supported at all, because "yum
search ipa” did not return any search results in main or EPEL repository.
Andrey Ptashnik
On 11/16/15, 3:24 AM, "Martin Kosek" wrote:
>On 11/16/2015 02:34 AM, Ro
Hello IPA team,
I’m wondering if there is any compatibility that can be established with legacy
RHEL CentOS 5.5 machines. Is there any easy way to setup minimal feature set
like central authentication and maybe something else?
Regards,
Andrey Ptashnik
--
Manage your subscription for the
. We wanted to rebuild the
Master node.
What are the correct steps to move master functions to the replica, retire the
old master and rebuild it?
Regards,
Andrey Ptashnik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go
I usually try not to. On the other side I see that many important fixes are
coming with major/minor releases, and trying to figure out my course of actions
until fixes and/or release become available.
Regards,
Andrey Ptashnik
On 10/12/15, 7:46 PM, "freeipa-users-boun...@redhat.c
Alex,
Thank you for your answer! I think I’m now clear with the roadmap.
Regards,
Andrey Ptashnik
On 10/12/15, 3:30 PM, "Alex Williams"
wrote:
>On 12/10/15 21:19, Alexander Bokovoy wrote:
>> On Mon, 12 Oct 2015, Andrey Ptashnik wrote:
>>> I see, so you
I see, so your best advice is to wait for official release of 7.2 and upgrade
all at once even if I need just a few simple fixes like “search for non-admin
users” and etc…?
Are there any approximate timeline for 7.2 release?
Regards,
Andrey Ptashnik
On 10/12/15, 2:10 PM, "Alex
I we have a production environment, is it a safe move to upgrade to 7.2 Beta?
And then still question remains what are correct steps to go from 4.1.0 to
4.2.0?
Regards,
Andrey Ptashnik
On 10/12/15, 1:44 PM, "Rob Crittenden" wrote:
>Andrey Ptashnik wrote:
>> Also I d
I see that RHEL 7.2 relase date is still “TBA”. Are there any plans to make
newer versions of IPA sever sooner than RHEL 7.2?
Regards,
Andrey Ptashnik
On 10/12/15, 1:26 PM, "Alexander Bokovoy" wrote:
>On Mon, 12 Oct 2015, Andrey Ptashnik wrote:
>>Also I don’t see
Also I don’t see IPA server 4.2.1 in RHEL repository, is it already available?
[root@sever]# yum list ipa-server
ipa-server.x86_64 4.1.0-18.el7_1.4 @rhui-REGION-rhel-server-releases
[root@server]#
Regards,
Andrey Ptashnik
From:
mailto:freeipa-users-boun...@redhat.com>> on
beh
-upgradeconfig
But I have a feeling that there might be some prerequisites that is a common
knowledge that was not mentioned and I’m not aware of… Are there any steps that
needs to be completed before I execute above commands?
Regards,
Andrey Ptashnik
--
Manage your subscription for the Freeipa-users
-addr.arpa. --allow-sync-ptr=TRUE
--dynamic-update=TRUE
Ultimately I think bringing all nodes to SSSD 1.12.4 version solved the problem.
Thank you, IPA team, for your support!
Regards,
Andrey Ptashnik
On 9/17/15, 10:32 AM, "Rob Crittenden" wrote:
>Andrey Ptashnik wrote:
>>
Any ideas on that?
Regards,
Andrey Ptashnik | Network Architect
CCC Information Services Inc.
222 Merchandise Mart Plaza, Suite 900 Chicago, IL 60654
Office: +1-312-229-2533 | Cell : +1-773-315-0200 | aptash...@cccis.com
On 9/16/15, 11:30 AM, "freeipa-users-boun...@redhat.com on beha
XX.COM as NIS domain
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.
Regards,
Andrey Ptashnik
On 9/16/15, 8:43 AM, "Alexander Bokovoy" wrote:
>On Wed, 16 Sep 2015, Andrey Ptashnik wr
some functionality is missing from
client package 3 vs 4, like automatic update of both forward and reverse DNS
records.
Is it possible to install IPA client v. 4 on Red Hat 5 and 6 without much
breaking dependencies in OS?
Regards,
Andrey Ptashnik | Network Architect
CCC Information Services Inc
entry `NOPASSWD:'
Last login: Tue May 12 15:00:31 CDT 2015 on pts/1
Last failed login: Wed May 13 10:46:52 CDT 2015 on pts/0
There were 7 failed login attempts since the last successful login.
[oracle@webserver ~]$
Regards,
Andrey Ptashnik
From: , Joshua mailto:joshua.go...@osumc.edu&g
Hello Team,
We have RHEL 7.1 and IPA server 4.1.0 in our environment as well as stack of
Oracle software that require existence of local passwordless users like
weblogic and oracle.
Users log in to servers via domain accounts at IPA server.
I’m trying to configure Sudo policy in IPA server that
Hi Martin,
Thank you for a catch! I just noticed that I was missing the dot you mentioned!
Regards,
Andrey
From: Martin Basti mailto:mba...@redhat.com>>
Date: Thursday, May 7, 2015 at 2:37 AM
To: Andrey Ptashnik mailto:aptash...@cccis.com>>,
"freeipa-users@redhat.com<
Hello Team,
We are hosting a few servers at Amazon and using their Elastic Load Balancing
service that gives us a link to a load balancer in the following format:
webserver-1234567890.us-east-1.elb.amazonaws.com
I was looking for a ways to implement a shorter alias using CNAME like:
webserver.
I did notice the same behavior.
This is my setup:
[root@ipa-idm]# yum list installed ipa-*
Installed Packages
ipa-admintools.x86_64
4.1.0-18.el7_1.3
It looks like Vault is the functionality I was looking for.
Thank you Rob and Dmitri for your responses.
Regards,
Andrey
On 4/8/15, 5:59 PM, "Rob Crittenden" wrote:
>Andrey Ptashnik wrote:
>> Hello Team,
>>
>> I know that FreeIPA server supports man
Hello Team,
I know that FreeIPA server supports management of public keys for each user and
it is a very convenient feature.
Are there any possible way to manage private keys as well including features
like re-issuing the key pair if it gets compromised?
Regards,
Andrey
--
Manage your subscri
Hello,
I’m wondering if establishing two way trust or one way trust in upcoming 4.2
release somehow is going to affect FreeIPA feature set, like ability to add
windows groups to external groups or anything else I may not think of right now?
Our Windows security team is expressing concerns about
36 matches
Mail list logo