[Freeipa-users] tough one on DNS

Hi all. We have IdM set up in a test environment as a subdomain of our Windows domain (so, linux.example.com) with integrated DNS on the IdM server and forwarders going to the AD servers on example.com. We have on the Windows DNS server the IdM server set up as a conditional forwarder for lin

[Freeipa-users] AD user log in

I have a test environment set up where we have a trust between the IdM domain and the AD domain. When we go to log into an IdM client with an AD user, we have to use the format of: ADDOMAIN\\usern...@idm.client.example.com Is there a way to prepend the domain part so that we won't have to type

Re: [Freeipa-users] still failing to get a RHEL 5 client to join, LDAP bind issue?

On Fri, 2013-07-26 at 18:14 +, Armstrong, Kenneth Lawrence wrote: On Fri, 2013-07-26 at 14:59 +, Armstrong, Kenneth Lawrence wrote: On Fri, 2013-07-26 at 10:47 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > On Fri, 2013-07-26 at 10:20 -0400, Rob Crittenden wr

Re: [Freeipa-users] still failing to get a RHEL 5 client to join, LDAP bind issue?

On Fri, 2013-07-26 at 14:59 +, Armstrong, Kenneth Lawrence wrote: On Fri, 2013-07-26 at 10:47 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > On Fri, 2013-07-26 at 10:20 -0400, Rob Crittenden wrote: >> Armstrong, Kenneth Lawrence wrote: >> > On Fri, 2

Re: [Freeipa-users] still failing to get a RHEL 5 client to join, LDAP bind issue?

On Fri, 2013-07-26 at 10:47 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > On Fri, 2013-07-26 at 10:20 -0400, Rob Crittenden wrote: >> Armstrong, Kenneth Lawrence wrote: >> > On Fri, 2013-07-26 at 06:21 -0400, Eduardo Minguez wrote: >> > Ok, if I

Re: [Freeipa-users] still failing to get a RHEL 5 client to join, LDAP bind issue?

On Fri, 2013-07-26 at 10:20 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > On Fri, 2013-07-26 at 06:21 -0400, Eduardo Minguez wrote: > Ok, if I have time, I'll try with a RHEL 5.8 client today. > > > As for debug output, this is what I get: > > [root

Re: [Freeipa-users] still failing to get a RHEL 5 client to join, LDAP bind issue?

2013 03:51 PM, Armstrong, Kenneth Lawrence wrote: I am still having issues trying to get a RHEL 5.9 client to join a RHEL 6.4 IdM domain. All packages on both systems updated. First problem is this: ipa-client-install --server lnxrealmtest01.liberty.edu --domain lnxrealmtest.liberty.edu --

[Freeipa-users] still failing to get a RHEL 5 client to join, LDAP bind issue?

I am still having issues trying to get a RHEL 5.9 client to join a RHEL 6.4 IdM domain. All packages on both systems updated. First problem is this: ipa-client-install --server lnxrealmtest01.liberty.edu --domain lnxrealmtest.liberty.edu --enable-dns-updates Which fails with: root: E

Re: [Freeipa-users] external CA install problem

On Thu, 2013-07-25 at 19:14 +0200, Martin Kosek wrote: On 07/25/2013 06:53 PM, Armstrong, Kenneth Lawrence wrote: > On Thu, 2013-07-25 at 11:51 -0400, Rob Crittenden wrote: >> Armstrong, Kenneth Lawrence wrote: >> > On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote: >>

Re: [Freeipa-users] external CA install problem

On Thu, 2013-07-25 at 11:51 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote: >> On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote: >> > On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote: >>

Re: [Freeipa-users] external CA install problem

On Thu, 2013-07-25 at 14:34 +, Armstrong, Kenneth Lawrence wrote: On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote: On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote: > On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote: > On 07/19/2013 01:11 PM, Armstrong, Kenneth La

Re: [Freeipa-users] external CA install problem

On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote: On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote: I'm trying to install an IPA server using an external CA. I ran the ipa-server-install --external-ca command, and got my cert signed by our on-site CA. So then I go back to in

Re: [Freeipa-users] rhel 5 client in a rhel 6 domain?

On Tue, 2013-07-23 at 17:13 +, Armstrong, Kenneth Lawrence wrote: On Tue, 2013-07-23 at 13:23 +, Armstrong, Kenneth Lawrence wrote: On Mon, 2013-07-22 at 17:49 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > On Mon, 2013-07-22 at 17:51 +0000, Armstrong, Kenneth Lawre

Re: [Freeipa-users] rhel 5 client in a rhel 6 domain?

On Tue, 2013-07-23 at 13:23 +, Armstrong, Kenneth Lawrence wrote: On Mon, 2013-07-22 at 17:49 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > On Mon, 2013-07-22 at 17:51 +0000, Armstrong, Kenneth Lawrence wrote: >> On Mon, 2013-07-22 at 13:41 -0400, Rob Critten

Re: [Freeipa-users] rhel 5 client in a rhel 6 domain?

On Mon, 2013-07-22 at 17:49 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > On Mon, 2013-07-22 at 17:51 +0000, Armstrong, Kenneth Lawrence wrote: >> On Mon, 2013-07-22 at 13:41 -0400, Rob Crittenden wrote: >>> Armstrong, Kenneth Lawrence wrote: >>> &

Re: [Freeipa-users] rhel 5 client in a rhel 6 domain?

On Mon, 2013-07-22 at 17:51 +, Armstrong, Kenneth Lawrence wrote: On Mon, 2013-07-22 at 13:41 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > Hi all, > > I have a RHEL 6 IdM test domain set up. In production, we have RHEL 5 > and RHEL 4 clients as well, so I

Re: [Freeipa-users] rhel 5 client in a rhel 6 domain?

On Mon, 2013-07-22 at 13:41 -0400, Rob Crittenden wrote: Armstrong, Kenneth Lawrence wrote: > Hi all, > > I have a RHEL 6 IdM test domain set up. In production, we have RHEL 5 > and RHEL 4 clients as well, so I was going to test that out. > > However, I can not get a RHEL 5.9

[Freeipa-users] rhel 5 client in a rhel 6 domain?

Hi all, I have a RHEL 6 IdM test domain set up. In production, we have RHEL 5 and RHEL 4 clients as well, so I was going to test that out. However, I can not get a RHEL 5.9 client to join the domain. [root@r5-idmclient ~]# ipa-client-install --server lnxrealmtest01.l

[Freeipa-users] external CA install problem

I'm trying to install an IPA server using an external CA. I ran the ipa-server-install --external-ca command, and got my cert signed by our on-site CA. So then I go back to install using my certs: ipa-server-install --external_cert_file=/root/ipa.cer --external_ca_file=/root/CACert.cer I get

Re: [Freeipa-users] one last SSH question

Thanks! I changed that last line in my ssh_config, reloaded sshd, and was able to log in! -Kenny On Wed, 2013-07-17 at 16:46 +0200, Jan Cholasta wrote: On 17.7.2013 16:22, Armstrong, Kenneth Lawrence wrote: > Ok, hopefully my last SSH key question. > > I've been following th

[Freeipa-users] one last SSH question

Ok, hopefully my last SSH key question. I've been following the instructions here: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/host-keys.html#installing-host-keys and here: https://access.redhat.com/site/documentation/en-US/Red_Hat

Re: [Freeipa-users] new issue with ssh key in the interface

IPA server and Web browser still contains some old files in a cache? Please try reloading the UI with forced cache override, usual shortcut: Ctrl + F5 or Ctrl + Shift + R Petr On 07/17/2013 03:04 PM, Armstrong, Kenneth Lawrence wrote: > Thanks Petr, > > I am 100% positive that I pr

Re: [Freeipa-users] new issue with ssh key in the interface

t that has keys set via command line, get the message that the keys could not be validated. Thanks. -Kenny On Wed, 2013-07-17 at 10:33 +0200, Petr Vobornik wrote: On 07/16/2013 07:24 PM, Armstrong, Kenneth Lawrence wrote: > Hello all, > > i have a new problem with the SSH Key bit in th

[Freeipa-users] new issue with ssh key in the interface

Hello all, i have a new problem with the SSH Key bit in the web interface. I created a new ssh key for a user, and pasted it into the web interface for the user. Afterward, it said that the key was not set. So I attempted again from the commandline, and it looks like it took it. However, wh

Re: [Freeipa-users] [freeipa-users] errors when trying to add public SSH key to user

On Mon, 2013-07-15 at 18:25 +0100, James Hogarth wrote: ipa-server-2.2.0-17.el6_3.1.x86_64 Think I see the problem here From the 3.0 release notes: * SSH public key format has been changed to OpenSSH-style public keys. http://www.freeipa.org/page/IPAv3_300_ga You really o

Re: [Freeipa-users] [freeipa-users] errors when trying to add public SSH key to user

ipa-server-2.2.0-17.el6_3.1.x86_64 -Kenny On Mon, 2013-07-15 at 17:41 +0200, Tomas Babej wrote: On Monday 15 of July 2013 15:36:46 Armstrong, Kenneth Lawrence wrote: > I do not believe that it is damaged. I have tried this out three times now > (deleting the key files between each a

Re: [Freeipa-users] [freeipa-users] errors when trying to add public SSH key to user

I do not believe that it is damaged. I have tried this out three times now (deleting the key files between each attempt). -Kenny On Mon, 2013-07-15 at 17:30 +0200, Tomas Babej wrote: On Monday 15 of July 2013 15:13:49 Armstrong, Kenneth Lawrence wrote: > Good thought. I just tried it and

Re: [Freeipa-users] [freeipa-users] errors when trying to add public SSH key to user

ziora wrote: On Mon, Jul 15, 2013 at 02:40:19PM +, Armstrong, Kenneth Lawrence wrote: > I'm trying to add an SSH public key to a user, and I keep getting IPA Error > 3009 or IPA Error 3008 when I try to update the page. I have copied over the > exact contents of the .ssh/id_rs

[Freeipa-users] [freeipa-users] errors when trying to add public SSH key to user

I'm trying to add an SSH public key to a user, and I keep getting IPA Error 3009 or IPA Error 3008 when I try to update the page. I have copied over the exact contents of the .ssh/id_rsa.pub file. Even if I take the username portion out at the end of the file, I still get the same error messag