Hi Simo,
That works perfectly. Thanks a lot.
--David
From: Simo Sorce s...@redhat.com
To: David Copperfield cao2...@yahoo.com
Cc: freeipa-users@redhat.com freeipa-users@redhat.com
Sent: Friday, December 28, 2012 5:51 AM
Subject: Re: [Freeipa-users
Hi howdy,
Is there a nagios check for replication check among IPA servers and replicas?
If not, is there a way to test the replica status through some files or
underlying LDAP command outputs?
I have one test environment with a IPA server on a Vmware instance, two IPA
replicas created from
Hi howdy,
I've migrated some NIS netgroups from my old openLDAP to IPA 2.2.0, it
imported all the old data without prompting problems. But now the issues are at
the client side:
redhat 5.8 clients can see all host netgroups and user netgroups without
problems.
while redhat 6.3 clients can
Hi all,
What are the user attributes that A manager should be granted with readwrite
permissions to reset passwords for subordinate employees? The typical
implementation case: managers need to take care of password reset requests for
their subordinate employees.
I select 'userpassword'
Hi Rob and all,
Can FreeIPA be compiled and installed on Redhat Enterprise 6.3? Or I have to
upgrade/install some underlying packages first? Thanks.
--David
From: Johan Petersson johan.peters...@sscspace.com
To: Sigbjorn Lie sigbj...@nixtra.com
Cc:
Hi all,
Just wonder whether there is a way to delegate to managers the
authority/permissions to manage his/her subordinate user accounts? Similar to
host/services delegation. Please elaborate if there is a way to reach this or
similar.
Let's say, we create a user group of subordinate
to managers?
On 12/19/2012 05:11 PM, David Copperfield wrote:
Hi all,
Just wonder whether there is a way to delegate to managers the
authority/permissions to manage his/her subordinate user accounts? Similar to
host/services delegation. Please elaborate if there is a way to reach this or
similar
Hi all,
Is the backup and restore procedure for IPA available now? It's rumored
months back that some one was working on it but not sure what is the progress
on it. Please shed a light if you have any ideas.
I'm running the default latest 2.2.0 IPA on Redhat/Centos 6.3.
Thanks.
David
: [Freeipa-users] Backup and Restore procedures for IPA 2.2.0?
On 12/18/2012 01:39 PM, David Copperfield wrote:
Hi all,
Is the backup and restore procedure for IPA available now?
It's rumored months back that some one was working on it but not
sure what is the progress
Hi Rob, Rich and all,
After read through all the mails in the list and the 2.2.0 document, It is
still not clear how to promote a IPA replica to master after the master is dead.
The basic setup is:
IPA 2.2.0 Master A; and IPA 2.2.0 replica B installed from A with '--setup-ca'
option.
For the replication removal steps documented at
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Identity_Management_Guide/removing-replica.html.
The step 3 is inaccurate: 'del' should be 'disconnect' instead, otherwise oops
-- all other 3 matsers/replicas are suddenly
with time issues, the IPA installation works without a glitch.
This is definitely a lesson on IPA installation: date/time control is the
mandatory task.
Thanks.
--David
From: David Copperfield cao2...@yahoo.com
To: David Copperfield cao2...@yahoo.com; Rich
Hi all,
Any one has successfully do a IPA replica promotion when IPA master(Hub)
failed, by following the IPA replica document for 2.1.3 and 2.2.0?
I've tried at my side and see that all the steps involved are very confusing
and may be out-of-dated. my IPA master is installed with Dogtag,
Hi Rich, Rob and all,
I'm trying to test the IPA replica restoration solutions, with a daily IPA
replica backup, following your steps in another email. But I got interrupted
by another problem popped up. The problem is here: (all IPA masters are
replicas are 2.1.3 on redhat 6.2).
The same
replica via IPA master hub? How long it takes, etc.
Thanks.
--David
From: David Copperfield cao2...@yahoo.com
To: Rich Megginson rmegg...@redhat.com; d...@redhat.com d...@redhat.com;
Rob Crittenden rcrit...@redhat.com
Cc: freeipa-users@redhat.com freeipa-users
Hi all,
Is there any Web interfaces for IPA users to reset their expired password over
web? Currently we let test users to ssh/login to a particular Linux server, and
sssd will let the users to authenticate with their old expired password and
then reset to newer password.
the IPA web UI
Hi all,
I've the following messages logged on my IPA master server's
/var/log/dirsvr/slapd-EXAMPLE.COM/errors log file:
[17/May/2012:04:02:42 -0700] _entry_set_tombstone_rdn - Failed to convert DN
cn=CA to RDN
[17/May/2012:04:02:42 -0700] id2entry - str2entry returned NULL for id 128,
Hi all,
I accidentally removed one of my IPA replica host on IPA web UI by mistake, on
the host list I planed to remove ipaclient02.example.com, but accidentally the
mouse moved to ipareplica02.example.com and the latter got removed without a
prompt.
I realized the mistake and tried to
into one?
Thanks.
--David
From: JR Aquino jr.aqu...@citrix.com
To: David Copperfield cao2...@yahoo.com
Cc: FreeIPAUsers freeipa-users@redhat.com
Sent: Wednesday, May 16, 2012 12:57 PM
Subject: Re: [Freeipa-users] What to do next???: IPA replica host entry
=meToipareplica01.example.com (ipareplica01:389): Replication bind
with GSSAPI auth resumed
Thanks.
--David
From: David Copperfield cao2...@yahoo.com
To: JR Aquino jr.aqu...@citrix.com
Cc: freeipa-users@redhat.com freeipa-users@redhat.com
Sent: Wednesday, May 16
with GSSAPI auth resumed
[16/May/2012:16:18:39 -0700] NSMMReplicationPlugin -
agmt=cn=meToipareplica01.example.com (ipareplica01:389): Replication bind
with GSSAPI auth resumed
--David
From: JR Aquino jr.aqu...@citrix.com
To: David Copperfield cao2...@yahoo.com
Cc: JR
Hi all,
The online manual says that the '--usercat' means 'User category the rule
applies to'; '--hostcat' has the similar explanation. But I still don't
understand how that could be used in real life and when/where to use the
options.
Could anyone please shed a light on this? Thanks a
Please feel free to do it. Thanks.
--David
From: Dmitri Pal d...@redhat.com
To: Rich Megginson rmegg...@redhat.com
Cc: David Copperfield cao2...@yahoo.com; Rob Crittenden
rcrit...@redhat.com; E Deon Lackey dlac...@redhat.com;
freeipa-users@redhat.com freeipa
...@redhat.com] on
behalf of David Copperfield [cao2...@yahoo.com]
*Sent:* Thursday, 10 May 2012 11:04 a.m.
*To:* Rob Crittenden; Freeipa-users@redhat.com
*Subject:* [Freeipa-users] How to rebuild IPA master?
Hi all,
I've a IPA master/replica setup in our development environment. Unfortunately
. Thanks a lot.
--David
From: Rich Megginson rmegg...@redhat.com
To: David Copperfield cao2...@yahoo.com
Cc: freeipa-users@redhat.com freeipa-users@redhat.com; Rob Crittenden
rcrit...@redhat.com; Petr Spacek pspa...@redhat.com
Sent: Thursday, May 10
replica, an result that is
different from backup, and different from IPA master.
Please let me know if there are any other options/steps to follow. Thanks.
--David
From: Rich Megginson rmegg...@redhat.com
To: David Copperfield cao2...@yahoo.com
Cc
rmegg...@redhat.com
To: David Copperfield cao2...@yahoo.com
Cc: E Deon Lackey dlac...@redhat.com; Petr Spacek pspa...@redhat.com; Rob
Crittenden rcrit...@redhat.com; freeipa-users@redhat.com
freeipa-users@redhat.com
Sent: Thursday, May 10, 2012 6:37 PM
Subject: Re: [Freeipa-users] backup/restore IPA
a lot.
--David
From: Rob Crittenden rcrit...@redhat.com
To: David Copperfield cao2...@yahoo.com
Cc: Petr Spacek pspa...@redhat.com; freeipa-users@redhat.com
freeipa-users@redhat.com
Sent: Wednesday, May 9, 2012 10:08 AM
Subject: Re: [Freeipa-users] Please
Hi all,
I've a IPA master/replica setup in our development environment. Unfortunately
our IPA master crashed, the replica is working fine. Now I have the IPA master
re-imaged.
What are the steps I have to follow to re-create the IPA master from running
IPA replica? Before crash the IPA
tickets are involved, and where they are stored.
Thanks.
--David
-
From: Simo Sorce s...@redhat.com
To: David Copperfield cao2...@yahoo.com
Cc: freeipa-users@redhat.com freeipa-users@redhat.com
Sent: Tuesday, May 8, 2012 6:08 AM
Subject: Re: [Freeipa-users] IPA
Hi,
I installed a master IPA server with dogtag certificate system installed; then
use ipa-replica-prepare and ipa-replica-install to install two IPA replica
servers. The two replicas are installed and 'ipa-replica-manage' commands shows
that user/group data replication link is established
Hi,
Can I change the default user group for new users to something else? and
disable automatically creation of private groups?
Basically I migrates hundreds of Linux accounts from openldap to IPA, and
those users have a default group 'exampleGroup' with GID 500. And it is
company policy to
Hi folks,
Are there any way to turn off IPA automatic creation of private user group? We
use a common user group like ‘nis-wheel’, and completely disabled private
groups in openldap before migration.
Thanks.
--David
___
Freeipa-users mailing list
I have a IPA replica server with disk problems, and then it is reimaged and
rebuild. But when the IPA replica function is rebuilt, it reports the following
problem:
[root@ipareplica02 ipa]# ipa-replica-install --no-ntp
/var/lib/ipa/replica-info-ipareplica02.example.com.gpg
...
[21/29]:
RuntimeError(Failed to start replication)
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
--Guolin
From: David Copperfield cao2...@yahoo.com
To: freeipa-users@redhat.com freeipa-users@redhat.com
Sent: Monday, May
: master
ipamaster.example.com: master
[root@ipamaster .ssh]#
--David
From: David Copperfield cao2...@yahoo.com
To: freeipa-users@redhat.com freeipa-users@redhat.com; d...@redhat.com
d...@redhat.com; E Deon Lackey dlac...@redhat.com
Sent: Monday, May 7, 2012 8:41 PM
Hi Deon and all,
Hi follks,
I'm completely lost at reading the IPA document on how to promote a IPA
replica into master IPA. When I'm try to follow the steps listed in the
chapter '16.8.1 Promoting a Replica with a Dogtag Certificate System CA' at
the link
Hi folks,
Tried serveral times to do the password migration following documented steps
at
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Migrating_from_a_Directory_Server_to_IPA.html#migr-kerb,
and every time it failed. A solid example will be very
Hi all,
Just wonder if anyone has migrated password hashes from standalone Kerberos V
servers into IPA servers before, assume that they share a same Kerberos Realm
name.
Bother original standalone kerberos server, and IPA servers uses the same
version kerberos V daemons. So if there is a
The existing document states all the steps as listed below.
A user tries to log into a machine with SSSD.
SSSD attempts to perform Kerberos authentication against the
IPA server.
Even though the user exists in the system, the authentication
will fail
Hi folks,
We have quite a bunch of netgroups which are hosted on openldap server
presently, and now it is time to migrate them into freeIPA. The NIS triples are
in the format:
(-, username, - )
or
(hostname001, - , - )
And these openldap netgroups are used for variable purposes, host
Hi Deon, Dmitri, and all,
Hi follks,
I'm completely lost at reading the IPA document on how to promote a IPA
replica into master IPA. When I'm try to follow the steps listed in the
chapter '16.8.1 Promoting a Replica with a Dogtag Certificate System CA' at
the link
Hi folks,
During migration existing Kerberos/LDAP setup clients to IPA, after
'ipa-client-install' command is run and reports successful migration, we found
that the client fails to talk with IPA server.
The symptom is: in the /var/log/messages file at IPA client side, we can see
the
Hi Rich,
Thanks. Those are really helpful.
Though I think I've to learn the underlying 389 Directory Server part and
become an expert as well. :)
--David
From: Rich Megginson rmegg...@redhat.com
To: David Copperfield cao2...@yahoo.com
Cc: freeipa-users
-EXAMPLE-COM $@
./ns-slapd db2ldif -D /etc/dirsrv/slapd-EXAMPLE-COM -a $ldif_file $@
[root@ipaclient09 scripts-EXAMPLE-COM]#
--David
From: David Copperfield cao2...@yahoo.com
To: Rich Megginson rmegg...@redhat.com
Cc: freeipa-users@redhat.com freeipa-users
From: Dmitri Pal d...@redhat.com
Let us teake one a time.
Dogtag is the certificate system.
Web services and many other servers use certificates for SSL/TLS peer-to-peer
confidentiality and authentication.
The certificates needs to be issued so IPA can issue certs for those services
in your
Hi follks,
I'm completely lost at reading the IPA document on how to promote a IPA
replica into master IPA. When I'm try to follow the steps listed in the chapter
'16.8.1 Promoting a Replica with a Dogtag Certificate System CA' at the link
IPA Replica installation fails on IPV4 Linux box, The exception/messages on
screen are:
...
error: [Errno 97] Address family not supported by protocol
...
After looking into the python code, it is found out that the IPA program tried
to test both IPV4 and IPv6 address families, and it
Hi, Stephen,
Thanks for your reply, and it works great, though I still have one question
around the host cert -- what are the typical usage senarios of host cert for
IPA clients?
On 4/26/12 6:01 PM, Stephen Ingram sbing...@gmail.com wrote:
On Thu, Apr 26, 2012 at 3:51 PM, hshhs caca
Hi,
Just have a silly case where I've to download the existing version keytab for
a service principal. It is download only -- not recreate a new version and
download the new version which ipa-getkeytab does. -- ipa-getkeytab command
name seems a little bit misleading because it does both
50 matches
Mail list logo