[Freeipa-users] Re: Make custom attribute fail in UI and SAVE Button

2017-11-13 Thread barrykfl--- via FreeIPA-users
20:20 GMT+08:00 Alexander Bokovoy <aboko...@redhat.com>: > On to, 09 marras 2017, barrykfl--- via FreeIPA-users wrote: > >> Hi: >> >> May be I missed write something on JSON.. >> >> But I can use in command shell successfully. ipa user-mod apigee >>

[Freeipa-users] any reference for HA solution and backup /restore

2017-11-22 Thread barrykfl--- via FreeIPA-users
Hi all: setup two servers replicas want make HA and backup / restore ..any where have reference especially backup / restore is necessary. Regards Barry ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an

[Freeipa-users] cluster and LDAP service

2017-11-26 Thread barrykfl--- via FreeIPA-users
HI: I already config cluster of 2 servers using corosys and peacemaker. But the Virtual ip is the resource only. Is it possible to make ldap 389/639 as a detection of fail then switch? Regards Barry ___ FreeIPA-users mailing list --

[Freeipa-users] Promote ipa-client-install to a replica successful but system become unstable

2017-11-27 Thread barrykfl--- via FreeIPA-users
Dear all: two servers replica but the latter one become unstable. I success promote a client to replcia master . but after reboot the response is slow and the certomanger start fail and remote login ssh very slow delay half minuets boot log found certmanger fail to start and login service

[Freeipa-users] Re: Promote ipa-client-install to a replica successful but system become unstable

2017-11-28 Thread barrykfl--- via FreeIPA-users
for Plymouth Boot Screen to Quit... Starting Terminate Plymouth Boot Screen... 2017-11-28 16:20 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>: > On 11/28/2017 08:25 AM, barrykfl--- via FreeIPA-users wrote: > >> Dear all: >> >> two servers replica but

[Freeipa-users] ipa-client-install --uninstall commands

2017-11-30 Thread barrykfl--- via FreeIPA-users
Dear all: Simple question ..Is this command enough to disjoin from an existing IPA master.? Want to test some servers.. joined a master is .ipa-client-install --uninstall can remove all config from my master server ??? Regards Barry ___

[Freeipa-users] anyone trial freeipa load balancing will it make the mess?

2017-11-13 Thread barrykfl--- via FreeIPA-users
Hi all: Any one try ha proxy/nginx/ etc LB . I tried use ldirector before. it seem when A<>B syn if u still load balancing it with different weight. May cause not update of one side server ...so finally I only apply HA. Any one have better LB solution have reference ? (or it ;s not

[Freeipa-users] Re: Make custom attribute fail in UI and SAVE Button

2017-11-15 Thread barrykfl--- via FreeIPA-users
ins.user import user >> from ipalib.parameters import Str >> from ipalib.text import _ >> from ipalib import _ >> user.takes_params += ( >>Str('comdate?', >>cli_name='comdate', >>label=_('Commencement Date'), >>), >

[Freeipa-users] Re: Make custom attribute fail in UI and SAVE Button

2017-11-15 Thread barrykfl--- via FreeIPA-users
anywhere can explain the following RFC of ldap ? I have confuse how come and must use this ...can I random gen some number .. 2.25.28639311321113238241701611583088740684.14.2.1 < it used custom person class so if relate to it I should use .2 .3 .4 .5 etc ???

[Freeipa-users] Make custom attribute fail in UI and SAVE Button

2017-11-07 Thread barrykfl--- via FreeIPA-users
Dear all: I follow the guide of freeipa 3.0 abt web plugin web ui. At command base I successfully made a custom attribute called Employee " Commencement Date" . I can add using script / command. BUT in web UI , it Display "Commencent date" Label only and cannot display edit field and allow

[Freeipa-users] Re: Make custom attribute fail in UI and SAVE Button

2017-11-09 Thread barrykfl--- via FreeIPA-users
browser (F12) and you will see an error. >>> >>> >>> >>> 2017-11-09 15:50 GMT+08:00 Pavel Vomacka <pvoma...@redhat.com>: >>> >>>> >>>> >>>> On 11/09/2017 08:36 AM, barry...@gmail.com wrote: >>>> >&g

[Freeipa-users] Re: Make custom attribute fail in UI and SAVE Button

2017-11-09 Thread barrykfl--- via FreeIPA-users
: >>> >>> Same Like this Lable no field no edit no save but fine in command base >>> ...any different freeipa4.0 vs 3.0 procedure? >>> >>> Do you have IPA 4.x ? Or which version? >>> >>> Try to add following line into the specifi

[Freeipa-users] Re: Make custom attribute fail in UI and SAVE Button

2017-11-09 Thread barrykfl--- via FreeIPA-users
.any different freeipa4.0 vs 3.0 procedure? >> >> Do you have IPA 4.x ? Or which version? >> >> Try to add following line into the specification of your new field: >> >> flags: ['w_if_no_aci'] >> >> >> [image: 內置圖片 2] >> >> 2017-11-09 14:44 GMT+08:00 P

[Freeipa-users] Re: Make custom attribute fail in UI and SAVE Button

2017-11-08 Thread barrykfl--- via FreeIPA-users
Same Like this Lable no field no edit no save but fine in command base ...any different freeipa4.0 vs 3.0 procedure? [image: 內置圖片 2] 2017-11-09 14:44 GMT+08:00 Pavel Vomacka <pvoma...@redhat.com>: > > On 11/08/2017 07:29 AM, barrykfl--- via FreeIPA-users wrote: > > Hi, &

[Freeipa-users] Re: Make custom attribute fail in UI and SAVE Button

2017-11-09 Thread barrykfl--- via FreeIPA-users
flags: ['w_if_no_aci'] > > > [image: 內置圖片 2] > > 2017-11-09 14:44 GMT+08:00 Pavel Vomacka <pvoma...@redhat.com>: > >> >> On 11/08/2017 07:29 AM, barrykfl--- via FreeIPA-users wrote: >> >> Hi, >> >> Dear all: >> >> I follow th

[Freeipa-users] follow the freeipa 3.0 procedure add attributes but fail;

2017-10-31 Thread barrykfl--- via FreeIPA-users
hi all: https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf I added the attribute successfully but the plugin of JS fail to display a field and cannot save Any idea now I m using freeipa 4.5 ...seem not same as the pdf using. Barry

[Freeipa-users] Re: migration command cannot enable user

2018-05-21 Thread barrykfl--- via FreeIPA-users
all usernames migrated but cannot login even I used https://your.domain/ipa/migration/ to verified successfully ...It still say password incorrect. then I want to delete all burtit said no entry when I press del. 2018-05-22 1:36 GMT+08:00 Rob Crittenden <rcrit...@redhat.com>: > barryk

[Freeipa-users] Re: migration command cannot enable user

2018-05-22 Thread barrykfl--- via FreeIPA-users
ntry when I press del. > > Not enough information to help you here. The command-line is easier to > debug in this regard. > > rob > > > > > 2018-05-22 1:36 GMT+08:00 Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>>: > > > >

[Freeipa-users] migration command cannot enable user

2018-05-20 Thread barrykfl--- via FreeIPA-users
Dear all: I used this migration command migrate users but the user does not work. IPA is unable to generate Kerberos keys unless provided with clear text passwords. All migrated users need to login at https://your.domain/ipa/migration/ before they can use their Kerberos accounts. even now i

[Freeipa-users] concept at migration of http://server.com/ipa/migration

2018-05-30 Thread barrykfl--- via FreeIPA-users
Hi all: After I migrated to new Servers .using migrateds command..I used server.com:389 connect and embedded in 3 rd opensource. I found user can login successfully ...but the http://server.com/ipa/ui cannot ... user have to use http://server.com/ipa/migration then can success login the UI.

[Freeipa-users] Are freeipa kerberos account and freeipa user ldap account two differenct things?

2018-05-30 Thread barrykfl--- via FreeIPA-users
I used the following command trsnafere acc/group from 3.0 -4.0 successfuly ipa migrate-ds --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts

[Freeipa-users] Re: concept at migration of http://server.com/ipa/migration

2018-05-31 Thread barrykfl--- via FreeIPA-users
wrote: > > > > Hi there, > > > > UI uses Kerberos... > > > > Regards, > > > > --- > > > > EZajko > > @root.ba > > > > On Thu, May 31, 2018, 05:48 barrykfl--- via FreeIPA-users < > freeipa-users@lists.fedorahosted.org>

[Freeipa-users] Re: concept at migration of http://server.com/ipa/migration

2018-05-31 Thread barrykfl--- via FreeIPA-users
ing_from_a_directory_server_to_ipa > >> > >> > >> > >> > 340282366920938463463374607431768211456 > >> On Thu, May 31, 2018 at 6:47 AM Ernedin Zajko wrote: > >> > > >> > Hi there, > >> > > >> > UI uses Kerberos..

[Freeipa-users] Re: Error after migration all user from ldap

2018-05-29 Thread barrykfl--- via FreeIPA-users
e ID ..same >> situation occur. del fail. >> >> 2018-05-29 21:33 GMT+08:00 Florence Blanc-Renaud : >> >>> On 05/29/2018 12:26 PM, barrykfl--- via FreeIPA-users wrote: >>> >>>> >>>> Hi : >>>> >>>> >>>>

[Freeipa-users] Error after migration all user from ldap

2018-05-29 Thread barrykfl--- via FreeIPA-users
Hi : I migrated use commands form ipa 3 to ipa 4 ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --with-compat ldap://abc.cde.com:389 Fine I saw everything work entries there ...but I want del account it said user not found.. (Modify info is ok)

[Freeipa-users] Re: Error after migration all user from ldap

2018-05-29 Thread barrykfl--- via FreeIPA-users
4.0 's admin and migrated 3.0 one which follow old same ID ..same > situation occur. del fail. > > 2018-05-29 21:33 GMT+08:00 Florence Blanc-Renaud : > >> On 05/29/2018 12:26 PM, barrykfl--- via FreeIPA-users wrote: >> >>> >>> Hi : >>> >>> >

[Freeipa-users] corosycnc conflict with certmonger always`

2018-01-10 Thread barrykfl--- via FreeIPA-users
Already set a cluster of 2 nodes can work fine but evey reboot corosync seem conflict with certmonger service and login service and cause ssh shell login slow. and idea.? other funct of freeipa / HA actually is working fine. It seem will fail login service and zabbix agent also for the

[Freeipa-users] Corosync or user multi environment seem conflict with ipa

2018-01-15 Thread barrykfl--- via FreeIPA-users
Hi: I have the corosyc peacemaker cluster working fine on basic function. BUt tried to reboot one node the HA work ...but after reboot . It "sometimes" make certmonger.service fail? 10 times may 6 times fail but reboot several times it work again. I discovered that the most case happen

[Freeipa-users] any one have issue at centos7 ?

2018-01-25 Thread barrykfl--- via FreeIPA-users
Hi : when reboot the server the certomenger.service always fail It is not cluster just a signle server. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] centos7 with ipa always start fail

2018-01-25 Thread barrykfl--- via FreeIPA-users
hi: Any one has such exp ,certomonger always fail after reboot. Dbus service / other service seem working fine. Any systemctl cannot run Also it is not cluster any hints. systemctl daemon-reload Error getting authority: Error initializing authority: Error calling StartServiceByName for

[Freeipa-users] Cluster fail with certmenger fail

2018-01-09 Thread barrykfl--- via FreeIPA-users
Hi All: I did on centos 7 with replication of servers no problem but after install cluster I try reboot , it cause cermonger service faul and login serveice fail , when I ssh to this A serverit take half minutes or FTP always time out. After that I have to stop cluster in B server and try stop

[Freeipa-users] running log show late

2018-02-01 Thread barrykfl--- via FreeIPA-users
Hi: Any one find that the log of systemctl | grep running show late in putty? dirsrv@ABC-COM.service loaded active running 389 Directory Server ABC.COM. systemctl | grep running < after reboot type this not show 389 sever need wait half - 1 min and retype then show . Regards Barry

[Freeipa-users] certmonger .service fail to start

2018-01-29 Thread barrykfl--- via FreeIPA-users
Auto reboot fail , I just try manual bootup cermonger.service still fail sudo systemctl -f start certmonger.service Jan 30 11:03:01 dbus[537]: [system] Activating systemd to h Jan 30 11:03:01 dbus-daemon[537]: dbus[537]: [system] Activ Jan 30 11:03:13 systemd-logind[2922]: Failed to enable

[Freeipa-users] Re: IPA 4.5 with radius server

2018-02-07 Thread barrykfl--- via FreeIPA-users
bind password, > base_dn) to suit your needs, usually in /etc/raddb/mods-enabled/ldap. > > > HTH > > Cheers, > Giulio > > On 6 Feb 2018, at 10:16, barrykfl--- via FreeIPA-users < >> freeipa-users@lists.fedorahosted.org <mailto:freeipa-us...@lists.fe >>

[Freeipa-users] some confusion of reading this doc abt radius

2018-02-08 Thread barrykfl--- via FreeIPA-users
Hi: all I m reading this : http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html It need create a service ac under radius/host.ipa.example.net...@ipa.example.net.au,\ cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' - BUt which file ldif I

[Freeipa-users] Install radius but fail to start in centos7

2018-02-11 Thread barrykfl--- via FreeIPA-users
yum install freeradius freeradius-utils freeradius-ldap freeradius-krb5 succesfuuly. But cannot start with following error and idea? : Unregistered Authentication Agent for unix-process:12922:607417 (system bus name :1.53, object path /org/freedesktop/PolicyKit1/Au ref doc:

[Freeipa-users] IPA 4.5 with radius server

2018-02-06 Thread barrykfl--- via FreeIPA-users
Hi : Anyone has exp to use freeipa 4.0 above as radius server ? e.g want wifi use radius everyone carry ldap password. How to implement ? need special plugin ? seem it need new attribute can generate harsh password and syn with LDAP together ? Thx and Regards Barry

[Freeipa-users] PKI Tomcat Server conflict with PWM

2018-02-22 Thread barrykfl--- via FreeIPA-users
Hi all: I used to centos 6 freeipa and install PWM together with CA service there is no problem. BUt now we change to centos 7 seem PKI Tomcat Server by default will launch 8443 and 8080 port . Now I installed PWM (password manager) but pki tomcat 8080 port conflict with pwm 's 8080 port , I

[Freeipa-users] Errors comes out after reinitaize the replication

2018-08-08 Thread barrykfl--- via FreeIPA-users
ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=abc,dc=com does not exist Any idea ..thx ...no big impact but keep logging error. Regards Barry ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe

[Freeipa-users] error keep continue comes out after shutdown for a week

2018-08-07 Thread barrykfl--- via FreeIPA-users
Hi All; One of server of cluster shutdown for a week now return normal . But the comes as below: I already reintialize it worked success but the error keep log in the log file it already make the log size big. The remote replica has a different database generation ID than the local database.

[Freeipa-users] Stop samba sevice and winbind

2018-08-13 Thread barrykfl--- via FreeIPA-users
Hi all : Any idea how to skip boot of smb.server and win bind ...or uninstall them without affect ..thx Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING ntpd Service: RUNNING pki-tomcatd Service: RUNNING smb

[Freeipa-users] timestamp of ipa backup and test on backup restore

2018-03-07 Thread barrykfl--- via FreeIPA-users
hi : any timestamp expiry of the ipa backup copy ? My steps are: On orginal server , I backup a copy then I shut it down. Then I reinstall an new one with same host name and I can really restore from the backup. (test finish) after that I shutown the new server , and want to get back the

[Freeipa-users] Re: Backup idea of disaster

2018-02-28 Thread barrykfl--- via FreeIPA-users
月1日 上午7:02 於 "Rob Crittenden" <rcrit...@redhat.com> 寫道: > barrykfl--- via FreeIPA-users wrote: > > Hi all: > > > > any one has better solution of freeipa backup ? assume all ldap db crash > > ,all ca fail, no backup of cert ...etc but need cleanly install

[Freeipa-users] Re: Backup idea of disaster

2018-03-01 Thread barrykfl--- via FreeIPA-users
:19 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>: > On 03/01/2018 12:10 AM, barrykfl--- via FreeIPA-users wrote: > >> any ref. full backup.of 4.5? >> I only can found v3 . will it recover all cert ca related ? I tried such >> recover in v3 it seem it bro

[Freeipa-users] any freeipa master slave configuration

2018-03-15 Thread barrykfl--- via FreeIPA-users
Hi: I m seeking a replication of master - slave mode of free ipa ? Is there such mode ? as I saw actually 2 nodes configuration acutally called master - master . Regards ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To

[Freeipa-users] Re: any freeipa master slave configuration

2018-03-15 Thread barrykfl--- via FreeIPA-users
So if short time after server 1 recovery it will syn back correct data right ? 2018-03-15 18:38 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>: > On 03/15/2018 11:23 AM, barrykfl--- via FreeIPA-users wrote: > >> Hi: >> >> I want to make cluster of 3 nodes ...does

[Freeipa-users] Re: any freeipa master slave configuration

2018-03-15 Thread barrykfl--- via FreeIPA-users
Hi: I want to make cluster of 3 nodes ...does this graph shown servers need 2 virtual ips if not made single point of failure ? 2018-03-15 18:12 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>: > On 03/15/2018 11:04 AM, barrykfl--- via FreeIPA-users wrote: > >> Hi:

[Freeipa-users] MAKE REPLCATION SERVER 1 WAY

2018-03-06 Thread barrykfl--- via FreeIPA-users
Hi all: is it possible make the replication server 1 way ? I got radius/ldap config server in far remote site .. so no need mutual replication. remote site just make a slave one way is ok. Regards ___ FreeIPA-users mailing list --

[Freeipa-users] Re: Backup idea of disaster

2018-03-03 Thread barrykfl--- via FreeIPA-users
Tried those command before ,,,seem the web page and LDAP separate or I missed some parts. it can turn on the ldap but the web page not allow to login ...mostly it related to ? 2018-03-02 17:24 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>: > On 01/03/2018 10:37, barrykfl--- via Free

[Freeipa-users] Backup idea of disaster

2018-02-27 Thread barrykfl--- via FreeIPA-users
Hi all: any one has better solution of freeipa backup ? assume all ldap db crash ,all ca fail, no backup of cert ...etc but need cleanly install one with same hostname. and we have /usr/sbin/ipa-backup ldif backup . Can I use an old image but restore back ldif such backup? or any better