s port 636 for
LDAPS requests
[29/Apr/2015:09:40:10 -0400] - Listening on /var/run/slapd-MR-RIC.socket
for LDAPI requests
[29/Apr/2015:09:40:10 -0400] - The change of nsslapd-maxdescriptors will
not take effect until the server is restarted
-
- access log
[29/Apr/2015:09:40:11 -0400] conn
mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap
service was available at all at installation stage.
Thanks,
Qing
On Wed, Apr 29, 2015 at 10:29 AM, Qing Chang wrote:
> CentOS7.1 with IPA server 4.1.
>
> "ipa-replica-install --setup-ca --setup-dns ...&qu
thod)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 372, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 673, in __spawn_instance
raise RuntimeError('Configuration of CA failed')
Run
On 17/01/2013 2:40 PM, Rob Crittenden wrote:
Qing Chang wrote:
On 17/01/2013 1:42 PM, Rob Crittenden wrote:
Qing Chang wrote:
I assigned an IPA user account the "HostEnrol" role and run
"ipa-client-install",
when it got to this "User authorized to enroll compute
On 17/01/2013 1:42 PM, Rob Crittenden wrote:
Qing Chang wrote:
I assigned an IPA user account the "HostEnrol" role and run
"ipa-client-install",
when it got to this "User authorized to enroll computers:", I used that
account,
then got following:
Joining realm fail
I assigned an IPA user account the "HostEnrol" role and run
"ipa-client-install",
when it got to this "User authorized to enroll computers:", I used that account,
then got following:
Joining realm failed: No permission to join this host to the IPA domain.
Installation failed. Rolling back changes
I hope google did not skip me when searching for an answer.
I'd like to disable inactive accounts migrated from OpneLDAP, so far
I can only do it per web UI. Because I have hundreds of accounts to
disable, I really appreciate if someone can provide a command line
for me.
I actually tried to figu
my dovecot IMAP server would randomly lose memory of users, as an example:
Samba/NFS server knows this user:
[root@smb2 shassan]# getent passwd bqiang
bqiang:*:47105:471:Beiping Qiang:/home2/bqiang:/bin/tcsh
But dovecot server does not:
[root@dovecot2 ~]# getent passwd bqiang
Only when I apply
On 19/11/2012 3:33 AM, Natxo Asenjo wrote:
hi, Qing
On Sat, Nov 17, 2012 at 8:20 PM, Qing Chang wrote:
2, Dovecot + IPA: it is not an IPA issue but sss cache timeout issue, I read
it's 90 min?
When a user changes his/her password, the cache usually is not updated,
hence
pr
On 16/11/2012 12:11 PM, Dmitri Pal wrote:
On 11/16/2012 10:59 AM, Qing Chang wrote:
just migrated all my user from OpenLDAP and MIT Kerberos to IPA.
Out of more than 400 users, there are around 10 that have problem
accessing Samba or Dovecot IMAP or ssh.
They never have problem login to ipa
just migrated all my user from OpenLDAP and MIT Kerberos to IPA.
Out of more than 400 users, there are around 10 that have problem
accessing Samba or Dovecot IMAP or ssh.
They never have problem login to ipa/ipa/ui/login.html.
For Dovecot IMAP following error is generated:
=
Nov 16 10:15:03
On 16/11/2012 3:25 AM, Martin Kosek wrote:
On 11/16/2012 12:48 AM, Qing Chang wrote:
On 15/11/2012 6:10 PM, John Dennis wrote:
On 11/15/2012 04:21 PM, Qing Chang wrote:
Adding group produces error message "Type or value exists" and fails.
As shown below, I tried a few different
On 15/11/2012 6:10 PM, John Dennis wrote:
On 11/15/2012 04:21 PM, Qing Chang wrote:
Adding group produces error message "Type or value exists" and fails.
As shown below, I tried a few different group name to ensure that there
is no duplicates:
[root@ipa1 ~]# ipa -d group-add examp
Adding group produces error message "Type or value exists" and fails.
As shown below, I tried a few different group name to ensure that there
is no duplicates:
[root@ipa1 ~]# ipa -d group-add example --desc="Test"
ipa: DEBUG: Caught fault 4203 from server http://ipa1/ipa/xml: Type or value
e
In a thread on Freeipa-devel titled "freeIPA as a samba backend"there is a
statement as below:
=
IPA will keep all of your passwords in sync - userPassword, sambaNTPassword, sambaLMPassword, and
your kerberos passwords.
389 cannot do this - the functionality that does this is provided by an
users to change or reset expired password in
the UI?
Thanks,
Qing Chang
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
My sincere apologies: I forgot to start slapd on my openldap server...
Qing
On 13/08/2012 10:39 AM, Rob Crittenden wrote:
Qing Chang wrote:
Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new
ESXi host,
after preparing migration mode as well as adding necessary
objectclasses
On 13/08/2012 10:39 AM, Rob Crittenden wrote:
Qing Chang wrote:
Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new
ESXi host,
after preparing migration mode as well as adding necessary
objectclasses, tried
to run following:
ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn
Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new
ESXi host,
after preparing migration mode as well as adding necessary
objectclasses, tried
to run following:
ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn=Manager
--group-container=ou=group --schema=RFC2307 --with-compat
On 23/07/2012 3:33 PM, Rob Crittenden wrote:
Qing Chang wrote:
On 20/07/2012 5:14 PM, Rob Crittenden wrote:
Qing Chang wrote:
Greetings,
Migration from OpedLDAP to IPA creates a pair of subtrees for both users
and groups:
compat and accounts, use groups as an example:
dn: cn=acdp,cn
On 20/07/2012 5:14 PM, Rob Crittenden wrote:
Qing Chang wrote:
Greetings,
Migration from OpedLDAP to IPA creates a pair of subtrees for both users
and groups:
compat and accounts, use groups as an example:
dn: cn=acdp,cn=groups,cn=compat,dc=sri,dc=utoronto,dc=ca
dn: cn=acdp,cn=groups,cn
Greetings,
Migration from OpedLDAP to IPA creates a pair of subtrees for both users and
groups:
compat and accounts, use groups as an example:
dn: cn=acdp,cn=groups,cn=compat,dc=sri,dc=utoronto,dc=ca
dn: cn=acdp,cn=groups,cn=accounts,dc=sri,dc=utoronto,dc=ca
IPA web GUI does not show "memberUi
On 11/07/2012 5:46 PM, Dmitri Pal wrote:
On 07/11/2012 04:01 PM, Qing Chang wrote:
On 11/07/2012 3:23 PM, Simo Sorce wrote:
On Wed, 2012-07-11 at 15:21 -0400, Qing Chang wrote:
Because the integration of Kerberos in IPA, Kerberos tools can be used
only in limited
situations, when creating
On 11/07/2012 5:46 PM, Dmitri Pal wrote:
On 07/11/2012 04:01 PM, Qing Chang wrote:
On 11/07/2012 3:23 PM, Simo Sorce wrote:
On Wed, 2012-07-11 at 15:21 -0400, Qing Chang wrote:
Because the integration of Kerberos in IPA, Kerberos tools can be used
only in limited
situations, when creating
On 11/07/2012 3:23 PM, Simo Sorce wrote:
On Wed, 2012-07-11 at 15:21 -0400, Qing Chang wrote:
Because the integration of Kerberos in IPA, Kerberos tools can be used
only in limited
situations, when creating afs/DOMAIN@REALM with kadmin, I got this
error:
add_principal: Kerberos database
On 11/07/2012 3:10 PM, Dan Scott wrote:
Hi,
On Wed, Jul 11, 2012 at 3:04 PM, Qing Chang wrote:
I agree with you that OpenAFS should implement better enctype. I'll raise it
on their list. In the mean time, this is a block, do you have an estimate
how
long it takes to have the addition
d the flexibility in IPA to create an arbitrary service principal, which
can be
done with a standalone Kerberos KDC?
I'll try to open a ticket for v4.
Many thanks,
Qing
On 11/07/2012 2:24 PM, Simo Sorce wrote:
On Wed, 2012-07-11 at 10:19 -0400, Qing Chang wrote:
I think I do have it configur
-crc:afs3,
but not with des-cbc-crc:v4, which is what OpenAFS uses.
Qing
On 11/07/2012 8:28 AM, Simo Sorce wrote:
On Tue, 2012-07-10 at 15:53 -0400, Qing Chang wrote:
please forgive me if this is a question that has been answered somewhere
already.
I am almost finished setting up my first OpenAFS
es-cbc-crc:normal and
des-cbc-crc:afs3 works, but OpenAFS
does not like them.
Thanks,
Qing
--
--
Qing Chang
Senior Systems Administrator
M6-624 Research Computing
Sunnybrook Health Sciences Centre
2075 Bayview Ave.
Toronto, Ontario, M4N 3M5
(416) 480-610
29 matches
Mail list logo