Re: [Freeipa-users] FreeIPA server in Docker container improved

On 04/08/2015 08:42 AM, Jan Pazdziora wrote: Hello world! The ability to run FreeIPA server in a container was recently improved by adding support for storing the server configuration and data in a volume, making it easier to backup the server, upgrade it to newer versions, as well as adding th

Re: [Freeipa-users] Services and Keytabs for load-balanced hostnames

On 09/29/2014 04:25 PM, Alexander Bokovoy wrote: On Mon, 29 Sep 2014, Mark Heslin wrote: Folks, I'm looking for the best approach to take for configuring IdM clients to access web services (HTTP) with keytabs when a front-end load-balanced hostname is in place. I have a distri

[Freeipa-users] Services and Keytabs for load-balanced hostnames

Folks, I'm looking for the best approach to take for configuring IdM clients to access web services (HTTP) with keytabs when a front-end load-balanced hostname is in place. I have a distributed OpenShift Enterprise configuration with three broker hosts (broker1, broker2, broker3) with all th

Re: [Freeipa-users] Fedora Core IPTables or FirewallID?

wall-cmd --permanent --zone=public --add-service=ldaps firewall-cmd --permanent --zone=public --add-service=ntp firewall-cmd --reload On Tue, Aug 26, 2014 at 9:22 AM, Mark Heslin <mailto:mhes...@redhat.com>> wrote: Hi Chris, Take a look at the attached snippet - it will walk

Re: [Freeipa-users] Enabling ntp if not done during ipa-server-install

On 08/15/2014 03:51 PM, Simo Sorce wrote: On Fri, 2014-08-15 at 20:46 +0200, Petr Viktorin wrote: On 08/15/2014 08:11 PM, Lucas Yamanishi wrote: On 08/15/2014 10:33 AM, Redmond, Stacy wrote: I installed my ipa server with –no-ntp but find that I want to enable it on my server, and all my repl

Re: [Freeipa-users] AD Trusts: Should tcp/389/636 be excluded or not?

On 08/04/2014 04:37 PM, Alexander Bokovoy wrote: On Mon, 04 Aug 2014, Mark Heslin wrote: Folks, Does anyone know the current disposition of $subject? The FreeIPA documentation: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Firewall_configuration would seem to indicate this is

[Freeipa-users] AD Trusts: Should tcp/389/636 be excluded or not?

Folks, Does anyone know the current disposition of $subject? The FreeIPA documentation: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Firewall_configuration would seem to indicate this is no longer necessary. Is this "official" or should we block just the Win/AD server from these p

Re: [Freeipa-users] EXTERNAL: Re: IPA Replica Issues

doesn't need it as admin has broader permissions. If you have no ticket, and is failing on the Directory Manager password when prompted, then Directory Manager must have a different password. -m *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Be

Re: [Freeipa-users] IPA Replica Issues

On 07/28/2014 02:12 PM, Mark Heslin wrote: On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote: Hello, I'm currently running into some issues with my replica server. I noticed it wasn't getting any updates from the master server so I tried to do a force-sync but it states tha

Re: [Freeipa-users] IPA Replica Issues

On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote: Hello, I'm currently running into some issues with my replica server. I noticed it wasn't getting any updates from the master server so I tried to do a force-sync but it states that it is an "invalid password" which I know it is not the ca

Re: [Freeipa-users] SSSD startup failures on ipa clients

Not sure why 'yum check' didn't report anything - I'll run it by release engineering and see if they have anything to share. Thank you! -m On 07/28/2014 09:19 AM, Jakub Hrozek wrote: On Mon, Jul 28, 2014 at 09:02:17AM -0400, Mark Heslin wrote: Hi Jakub, (Top posti

Re: [Freeipa-users] SSSD startup failures on ipa clients

08:28:01AM -0400, Mark Heslin wrote: On 07/28/2014 07:33 AM, Jakub Hrozek wrote: On Mon, Jul 28, 2014 at 07:28:22AM -0400, Mark Heslin wrote: Hi Jakub, I've added the output of 'sssd -i -d4' below: On 07/28/2014 03:39 AM, Jakub Hrozek wrote: On Sun, Jul 27, 2014 at 10:42:34PM -04

Re: [Freeipa-users] SSSD startup failures on ipa clients

On 07/28/2014 07:33 AM, Jakub Hrozek wrote: On Mon, Jul 28, 2014 at 07:28:22AM -0400, Mark Heslin wrote: Hi Jakub, I've added the output of 'sssd -i -d4' below: On 07/28/2014 03:39 AM, Jakub Hrozek wrote: On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: Folks,

Re: [Freeipa-users] SSSD startup failures on ipa clients

Hi Jakub, I've added the output of 'sssd -i -d4' below: On 07/28/2014 03:39 AM, Jakub Hrozek wrote: On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: Folks, I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all r

[Freeipa-users] SSSD startup failures on ipa clients

Folks, I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA admin (tools) client all running RHEL 7.0. All OpenShift hosts, client and IPA client are members of IPA doma

Re: [Freeipa-users] id: cannot find name for group ID

false alarm. -m On 25/07/14 13:22, Mark Heslin wrote: Happy Friday, I'm getting this message on login to an IPA client and not sure why: $ ssh -Y -l *ose-dev1* rhc1.interop.example.com ose-d...@rhc1.interop.example.com's password: Last login: Thu Jul 24 19:46:46

[Freeipa-users] id: cannot find name for group ID

Happy Friday, I'm getting this message on login to an IPA client and not sure why: $ ssh -Y -l *ose-dev1* rhc1.interop.example.com ose-d...@rhc1.interop.example.com's password: Last login: Thu Jul 24 19:46:46 2014 from rhc1.interop.example.com Kickstarted on 2013-12-11 *id: cannot find n

Re: [Freeipa-users] Correct *usage* for round-robin DNS srv records

s better and this will be used more and more in the future:-) Thank you all! -m On 07/23/2014 10:11 AM, Alexander Bokovoy wrote: On Wed, 23 Jul 2014, Mark Heslin wrote: Martin, Petr, Thanks for helping me sort through the syntax. I have the entries added properly: # ipa dnsrecord-sho

[Freeipa-users] Correct *usage* for round-robin DNS srv records

alternate across the first broker (foo1) and second broker (foo2). -m On 07/22/2014 08:06 AM, Mark Heslin wrote: On 07/22/2014 08:00 AM, Mark Heslin wrote: Martin, Petr, I didn't see that missing dot "." - good catch. As always the devil is in the details :-) Two follow up qu

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

On 07/22/2014 08:00 AM, Mark Heslin wrote: Martin, Petr, I didn't see that missing dot "." - good catch. As always the devil is in the details :-) Two follow up questions: 1. I've set the priority and weighting equally here but I will add a third host so would i

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

oses so I'm sure adding it to the services file makes sense. Thank you both! -m On 07/22/2014 03:16 AM, Petr Spacek wrote: On 22.7.2014 00:13, Mark Heslin wrote: Hi All, I had some off-list exchanges with Petr Spacek on this but am still trying to work out the correct syntax. I have

[Freeipa-users] Correct syntax for round-robin DNS srv records

Hi All, I had some off-list exchanges with Petr Spacek on this but am still trying to work out the correct syntax. I have 2 hosts: - foo1.example.com - foo2.example.com and would like to create a round-robin DNS srv record for both called foo.example.com I already have DNS entries fo