[Freeipa-users] minimal sssd config

] [ssh] I mean it works but would I get any problems with it? Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] ldap.conf

] [ssh] I mean it works but would I get any problems with it? Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] ldap.conf

Hi are the files /etc/ldap.conf and /etc/openldap/ldap.conf for ipa client and/or server systeme necessary? What is the function of them? Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http

[Freeipa-users] Antwort: Re: sudo options/sss_cache

oh thx! it would be really nice to have it... Greetz Christoph Kaminski Pavel Březina <pbrez...@redhat.com> schrieb am 29.09.2015 13:48:14: > > Hi, I filed a ticket: > https://fedorahosted.org/freeipa/ticket/5332 -- Manage your subscription for the Freeipa-users mail

[Freeipa-users] sudo options/sss_cache

Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Antwort: Re: Faulty LDAP record

04.09.2015 17:08 > Betreff: Re: [Freeipa-users] Faulty LDAP record > Gesendet von: freeipa-users-boun...@redhat.com > > On 09/04/2015 04:49 PM, Christoph Kaminski wrote: > Hi All, > > how can I delete a faulty user in IPA 4.1? The record in LDAP look like this: > nsunique

[Freeipa-users] Antwort: Re: Antwort: Re: Faulty LDAP record

Youenn PIOLET <piole...@gmail.com> schrieb am 07.09.2015 14:13:35: > Von: Youenn PIOLET <piole...@gmail.com> > An: Christoph Kaminski <christoph.kamin...@biotronik.com> > Kopie: Ludwig Krispenz <lkris...@redhat.com>, freeipa-users@redhat.com > Datum: 07.09.2015

[Freeipa-users] Faulty LDAP record

, the following error appears: Error while deleting entry LDAP: error code 32 - No Such Object Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Problem with replication?

t.datacenter-homemonitoring.int): [04/Sep/2015:16:21:41 +0200] slapi_ldap_bind - Error: could not bind id [cn=Replication Manager masterAgreement1-ipa-1.mgmt.datacenter-homemonitoring.int-pki-tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0

[Freeipa-users] AUTO: Christoph Kaminski is out of the office (Rückkehr am 03.08.2015)

Ich kehre zurück am 03.08.2015. Hinweis: Dies ist eine automatische Antwort auf Ihre Nachricht Re: [Freeipa-users] Another Migration from 3.0 (CentOS 6.6) to 4.1 (CentOS 7.1) gesendet am 29.07.2015 17:25:15. Diese ist die einzige Benachrichtigung, die Sie empfangen werden, während diese

Re: [Freeipa-users] samba vs ipa without kerberos

I know this howto already, thats the reason why I've written without schema extensions Greetz Christoph Kaminski Am 03.07.2015 um 13:30 schrieb Christopher Lamb christopher.l...@ch.ibm.com: Hi Christoph have you seen this earlier thread? https://www.redhat.com/archives/freeipa-users/2015

[Freeipa-users] samba vs ipa without kerberos

4.1.12 here) Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Antwort: Re: thousands DSRetroclPlugin mesages

freeipa-users-boun...@redhat.com schrieb am 29.04.2015 17:51:46: Am 29.04.2015 um 15:43 schrieb Ludwig Krispenz: On 04/29/2015 03:17 PM, Martin (Lists) wrote: Am 27.04.2015 um 09:45 schrieb Ludwig Krispenz: On 04/26/2015 10:49 AM, Martin (Lists) wrote: Hallo after a reboot I get

Re: [Freeipa-users] WG: Re: Haunted servers?

and eventually clean them On 06/19/2015 01:48 PM, Christoph Kaminski wrote: Ludwig Krispenz lkris...@redhat.com schrieb am 19.06.2015 13:23:43: the first search is for the replication agreements and they keep info about the consumer ruv, used in replication session. you cannot modify

Re: [Freeipa-users] Antwort: clean-run doesn't work

Unfortunately I don't have access there. In fact we have a bigger issue here, but I don't know, if it's related. The whole story is the following: I migrated (ipa migrate-ds) about 150 users between two ldap databases. Old one was v3.0 (centos 6.6), the new one is v4.1 (centos 7.1).

[Freeipa-users] Antwort: Re: Antwort: clean-run doesn't work

In my particular case I'm interested, whether it can crash servers. Does it for you? I don't see it in that thread. tamas yes... we has had a really often a crash on virtual machines installations. On bare metal we had 2-3x a crash. That was the reason for us to destroy all IPA VM's.

[Freeipa-users] Antwort: Re: Antwort: Re: Antwort: Re: WG: Re: Haunted servers?

Ludwig Krispenz lkris...@redhat.com schrieb am 19.06.2015 13:23:43: the first search is for the replication agreements and they keep info about the consumer ruv, used in replication session. you cannot modify these, but they are maintained in the dse.ldif, you could edit the dse.ldif

[Freeipa-users] Antwort: Re: WG: Re: Haunted servers?

freeipa-users-boun...@redhat.com schrieb am 19.06.2015 11:34:21: Von: Ludwig Krispenz lkris...@redhat.com An: freeipa-users@redhat.com Datum: 19.06.2015 11:35 Betreff: Re: [Freeipa-users] WG: Re: Haunted servers? Gesendet von: freeipa-users-boun...@redhat.com Hi Christoph, bad news.

[Freeipa-users] Antwort: clean-run doesn't work

freeipa-users-boun...@redhat.com schrieb am 19.06.2015 11:02:48: Von: Tamas Papp tom...@martos.bme.hu An: freeipa-users@redhat.com Datum: 19.06.2015 11:04 Betreff: [Freeipa-users] clean-run doesn't work Gesendet von: freeipa-users-boun...@redhat.com hi All, $ ipa-replica-manage

[Freeipa-users] WG: Re: Haunted servers?

deleted them. MfG Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Antwort: Re: Haunted servers?

and 4. Maybe they are not necessary, but we have done it. If something fails look at defect LDAP entries in whole ldap, we have had some entries with 'nsunique-$HASH' after the 'normal' name. We have deleted them. MfG Christoph Kaminski -- Manage your subscription for the Freeipa-users

[Freeipa-users] dirsrv keytab revoked

? MfG Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Antwort: Re: dirsrv keytab revoked

? That may be even faster for the making that particular replica up and running again, if you do not want to dig too much in this issue. yep done it on other replica and it works, thx! MfG Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com

[Freeipa-users] Antwort: Re: Haunted servers?

=a0aA00DjxzgIAB its seems to be a very big problem of 389ds/IPA and no solution at this time (sad for software what (supposedly) has an enterprise level) MfG Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http

[Freeipa-users] Antwort: FreeIPA groups not shown on client

with: (stop sssd) rm -rf /var/lib/sss/db/* (start sssd) we has had the same problems often here and only really kill the cache has fixed it (sss_cache -A hasnt help) Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo

[Freeipa-users] Count of IPA Servers for SSSD

Hi All what a count of IPA servers does make sense for sssd configuration? We have 5 IPA servers and each Host can reach them. Can I put them all to sssd configuration (redundancy) or does it dont make sense (timeouts to big etc)? MfG Christoph Kaminski -- Manage your subscription

[Freeipa-users] Antwort: Re: Known issues with IPA on VM?

Andrew Holway andrew.hol...@gmail.com schrieb am 08.05.2015 14:18:35: Von: Andrew Holway andrew.hol...@gmail.com An: Christoph Kaminski christoph.kamin...@biotronik.com Kopie: Freeipa-users freeipa-users@redhat.com Datum: 08.05.2015 14:18 Betreff: Re: [Freeipa-users] Known issues with IPA

[Freeipa-users] Known issues with IPA on VM?

. Is there something already known about such problems? (The VM's have ever 4 CPU's and 2GB RAM, we have circa 120 Users/Groups) Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more

[Freeipa-users] Split Horizon DNS config

' thats the reason why I use a the same host but the ip from internal acl her: zone in-addr.arpa { type forward; forward only; forwarders { 172.16.8.210; }; }; is there something what can make problems? MfG Christoph Kaminski -- Manage your

[Freeipa-users] Replica status 'last update ended'

/icinga) checks for IPA and I need a authoritative statement/information about the replica status. It is the right place? Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more

[Freeipa-users] DNS questions

inside the blackbox can reach only 2) or only the 2 reachable? TiA for the answers! Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Upgrade fail 3.3.3 (rhel7) to 4.1 (rhel7.1)

it? Greetz Christoph Kaminski -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Antwort: Re: Upgrade fail 3.3.3 (rhel7) to 4.1 (rhel7.1)

$ schemaUpdateAttributeReject) X-ORIGIN 'Netscape Directory Server' ) Greetz Christoph Kaminski Von:Martin Basti mba...@redhat.com An: Christoph Kaminski christoph.kamin...@biotronik.com, freeipa-users@redhat.com Datum: 02.04.2015 17:25 Betreff:Re: [Freeipa-users] Upgrade fail 3.3.3 (rhel7) to 4.1

[Freeipa-users] Multiple Domains and SSH

command)' can't be established why? it is possible to make it working for the other domains to? MfG Christoph Kaminski www.biotronik.com BIOTRONIK - excellence for life Established with the development of the first German pacemaker in 1963, BIOTRONIK has upheld the highest quality standards

[Freeipa-users] Antwort: Re: Re: client without certmonger/dbus

: -An: Christoph Kaminski christoph.kamin...@biotronik.comVon: Stephen Ingram sbing...@gmail.comDatum: 18.04.2012 07:33Kopie: freeipa-users@redhat.comBetreff: Re: Re: [Freeipa-users] client without certmonger/dbusOn Tue, Apr 17, 2012 at 10:28 PM, Christoph Kaminskichristoph.kamin...@biotronik.com wrote

[Freeipa-users] Antwort: Re: Re: Re: client without certmonger/dbus

later) But I want to install the client, not ipa server. - MfG Christoph Kaminski Von: Stephen Ingram sbing...@gmail.com An: Christoph Kaminski christoph.kamin...@biotronik.com Kopie: freeipa-users@redhat.com Datum: 18.04.2012 08:34 Betreff: Re: Re: Re: [Freeipa-users] client without certmonger

[Freeipa-users] Antwort: Re: client without certmonger/dbus

done it without success :( [root@xaphon ~]# dbus-daemon --system --nofork Failed to start message bus: Failed to drop capabilities: Operation not permittedMfGChristoph Kaminski-Stephen Ingram sbing...@gmail.com schrieb: -An: Christoph Kaminski christoph.kamin...@biotronik.comVon: Stephen

[Freeipa-users] multiple domains/realms?

HiI have multiple domains her but I want to use one user/group etc. database. How can I do it? Options:1. Different realm for each domain, but how to share the user/group etc infos betwen different ipa servers?2. One realm for al domains. Possible? (it is possible to change the realm after

[Freeipa-users] Problem with DNS

Hi AllI have a problem with cnames in ipa dns settings. If I set a cname, it doesnt work. I have configured a cname 'icinga' to A record 'azazel'.If I do 'host azazel' then I get:azazel.chao5.int has address 192.168.50.20 Host azazel.chao5.int not found: 3(NXDOMAIN) Host azazel.chao5.int not

[Freeipa-users] Antwort: Re: Problem with DNS

symptoms look like you may not be doing that or that you may bepointing at other DNS servers too that do not have the information youare looking for.Simo.On Wed, 2012-04-11 at 20:21 +0200, Christoph Kaminski wrote: Hi All I have a problem with cnames in ipa dns settings. If I set a cname, it doesnt

[Freeipa-users] Antwort: Re: Problem with DNS

fixed/changed.MfGChristoph Kaminski-freeipa-users-boun...@redhat.com schrieb: -<pspa...@redhat.com>Hello,On 04/11/2012 08:21 PM, Christoph Kaminski wrote: Hi All I have a problem with cnames in ipa dns settings. If I set a cname, it doesnt work. I have configured a cname 'icinga' to A