I'm trying to setup a FreeIPA replica on 4.5.2 and the
ipa-replica-install script dies with:
[27/40]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 14 seconds elapsed
[ldap://fll2aipa01stg.ipa-stg.chewy.net:389]
On 07/28/2017 03:25 PM, email--- via FreeIPA-users wrote:
I have no idea what that means, cn=servers has child objects that do
exist on both servers. Is there a way to force replicate from another
node and overwrite all local conflicts.
the conflicts arise by replication as I tried to
I have no idea what that means, cn=servers has child objects that do exist on
both servers. Is there a way to force replicate from another node and overwrite
all local conflicts.
From: "freeipa-users"
To: "freeipa-users"
I Cannot enrol and do the ipa-client-install on Ubuntu 14.04 to IPA
Server (4.4). My IPA Server is having third party certificates for
HTTP/LDAP. I have installed it using the suggestions in
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
Other version of Ubuntu like 16.04
Unable to remove any of these bad
ipa-replica-manage list-ruv
Directory Manager password:
unable to decode: {replica 7} 585aae3e001a0007 585aae3e001a0007
unable to decode: {replica 8} 586520c8000f0008 586520c8000f0008
unable to decode: {replica 11} 58862e450004000b
We want to let AD admins install new linux FreeIPA clients using their AD
credentials. It looks like if fails using kinit in the script. If you run
kinit 'AD\ad_admin' you get the same error.
Is it feasible to do what we want? Does it make sense? We already have a
system for managing the
On 07/27/2017 07:49 PM, email--- via FreeIPA-users wrote:
This is a new one, any ideas on how to get this to sync?
ldapsearch -x -D "cn=directory manager" -W -b
"dc=ipa,dc=example,dc=com" "nsds5ReplConflict=*" \* nsds5ReplConflict
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
Steve,
We have the same problem with the web interface, from what I can tell you must
either sync accounts, delegate account passwords with RADIUS (which works for
the web interface but not kerberos) and/or use service accounts.
Our systems use kickstart and auto-join ipa on deployment with a
On 07/27/2017 08:29 PM, Mark Haney via FreeIPA-users wrote:
Heh. That's the EXACT SAME error I kept getting whether I ran the
install-ca from an existing replica, or when adding a CA while
installing a new replica. Glad I'm not the only one seeing such weird
errors.
On Thu, Jul 27, 2017 at
John Trump via FreeIPA-users wrote:
> I am using FreeIPA 4.4 and have implemented a password policy where
> password history is set to 24. If a password admin or the user "admin"
> resets a users password, the user is forced to change their password
> upon logging in. At this point, the user is
Looks like a UI glitch (it's correct in LDAP) but when configuring users to use
RADIUS auth, these settings to not show as enabed/selected on other ipa
servers.
Steps to repeat:
1) add user
2) disable all password options, select only RADIUS
3) configure proxy username and server.
4) check
## Get all bad RUV
ipa-replica-manage list-ruv
## Enter ldapmodify
ldapmodify -D "cn=directory manager" -W -a
## Enter each of the following 1 line at a time.
dn: cn=clean CLEAR_RUV_ID, cn=cleanallruv, cn=tasks, cn=config
objectclass: extensibleObject
replica-base-dn: dc=example,dc=com
All I see are responses like yours, how about a link or add it to the
documentation since it's such a problem?!
- Original Message -
From: "Petr Vobornik"
To: "freeipa-users"
Cc: "Jake"
Sent: Friday,
I have noticed that when I enable FreeIPA all my CentOS 7.x boxes work via
SSH just fine, however none of my CentOS 6 boxes work. I read that 2FA
didn't come until CentOS 7.1. So my question is does 2FA via SSH not work
at all if you have a RHEL 6 / CentOS 6 server? Just curious.
Thanks much.
On (28/07/17 15:39), Devin Acosta via FreeIPA-users wrote:
>I have noticed that when I enable FreeIPA all my CentOS 7.x boxes work via
>SSH just fine, however none of my CentOS 6 boxes work. I read that 2FA
>didn't come until CentOS 7.1. So my question is does 2FA via SSH not work
>at all if you
Anton Semjonov writes:
>>> It's much simpler to use a keytab for your service and let Kerberos
>>> acquire a TGT automatically. You can either place the keytab in a
>>> special location, set the env var KRB5_CLIENT_KTNAME or use GSSProxy to
>>> handle the keytab for you. With
16 matches
Mail list logo