Re: [Freeipa-users] LDAP authentication into FreeIPA

2011-11-16 Thread Stephen Gallagher
On Tue, 2011-11-15 at 16:51 -0500, Boris Epstein wrote: Just tried to install sssd from the above repo. There's only packages for the old 10.04 lucid

[Freeipa-users] installing freeipa v2 server fails at configuring certificate server instance

2011-11-16 Thread Thomas Sailer
Hi, Installing a v2 freeipa server failed for me at the stage configuring certificate server instance The machine is an updated (and now fully up2date) fedora16 x64 machine. Here's the command line output: Configuring certificate server: Estimated time 3 minutes 30 seconds [1/17]: creating

Re: [Freeipa-users] installing freeipa v2 server fails at configuring certificate server instance

2011-11-16 Thread Alexander Bokovoy
On Wed, 16 Nov 2011, Thomas Sailer wrote: Hi, Installing a v2 freeipa server failed for me at the stage configuring certificate server instance The machine is an updated (and now fully up2date) fedora16 x64 machine. Here's the command line output: Configuring certificate server:

Re: [Freeipa-users] Delete host: Unable to communicate with CMS (Not Found)

2011-11-16 Thread Rob Crittenden
Dan Scott wrote: Hi, I receive the following error when I try to remove a host from IPA: djscott@pc35:~$ ipa host-del pc60 ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Not Found) I'm running a Fedora 16 (freeipa-server-2.1.3-5.fc16.x86_64) server

Re: [Freeipa-users] installing freeipa v2 server fails at configuring certificate server instance

2011-11-16 Thread Thomas Sailer
On 11/16/2011 03:14 PM, Alexander Bokovoy wrote: maybe that's because server..com resolves to IPv6 address? We pass FQDN of the server to pkisilent, and then it tries to set up and start CA. It doesn't: # dig server..com ; DiG 9.8.1-RedHat-9.8.1-2.fc16 server..com ;; global

Re: [Freeipa-users] installing freeipa v2 server fails at configuring certificate server instance

2011-11-16 Thread Alexander Bokovoy
On Wed, 16 Nov 2011, Thomas Sailer wrote: On 11/16/2011 03:14 PM, Alexander Bokovoy wrote: maybe that's because server..com resolves to IPv6 address? We pass FQDN of the server to pkisilent, and then it tries to set up and start CA. It doesn't: # dig server..com and 'getent hosts

Re: [Freeipa-users] Delete host: Unable to communicate with CMS (Not Found)

2011-11-16 Thread Dan Scott
On Wed, Nov 16, 2011 at 09:23, Rob Crittenden rcrit...@redhat.com wrote: Dan Scott wrote: Hi, I receive the following error when I try to remove a host from IPA: djscott@pc35:~$ ipa host-del pc60 ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Not

Re: [Freeipa-users] authenticating Macs to FreeIPA on Fedora 16

2011-11-16 Thread Rob Crittenden
Boris Epstein wrote: Hello all, OK, I've got this Mac OS X 10.7.2 machine and it just refuses to do NIS so I need to authenticate it via LDAP. Any guidance on how to do that will be greatly appreciated. This is a little out of date but is a starting point

[Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Thomas Sailer
After upgrading FreeIPA from FC14/FreeIPAv1 to FC16/FreeIPAv2, secure NFSv4 mounts do not work anymore. V2 is basically a reinstalled FreeIPA server with user data migrated from v1, and host keys etc. recreated. I get the following when trying to mount: # mount -t nfs4 -o

Re: [Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Simo Sorce
On Wed, 2011-11-16 at 20:07 +0100, Thomas Sailer wrote: After upgrading FreeIPA from FC14/FreeIPAv1 to FC16/FreeIPAv2, secure NFSv4 mounts do not work anymore. V2 is basically a reinstalled FreeIPA server with user data migrated from v1, and host keys etc. recreated. Are you using DES keys

Re: [Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Thomas Sailer
On 11/16/2011 08:40 PM, Simo Sorce wrote: Are you using DES keys ? In that case you probably need to allow weak crypto on both server and client. Note that if all your server/clients are FC16 and you have no old ones FC14 or RHEL 6 then you do not need to force the creation of the nfs/

Re: [Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Thomas Sailer
On 11/16/2011 08:27 PM, Rob Crittenden wrote: Looks like https://bugzilla.redhat.com/show_bug.cgi?id=652273 Yes. For some reasons I always seem to end up with NFS problems... The fix I used at that time IMO is no longer applicable... mozldap isn't even installed anymore Tom

Re: [Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Simo Sorce
On Wed, 2011-11-16 at 20:44 +0100, Thomas Sailer wrote: On 11/16/2011 08:40 PM, Simo Sorce wrote: Are you using DES keys ? In that case you probably need to allow weak crypto on both server and client. Note that if all your server/clients are FC16 and you have no old ones FC14 or RHEL 6

Re: [Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Thomas Sailer
On 11/16/2011 08:48 PM, Simo Sorce wrote: If you did this on both server and client, then it looks like it is a nfsd bug, and not a freeipa one. So I filed a bug report against nfs-utils: https://bugzilla.redhat.com/show_bug.cgi?id=754552 I hope Steve Dickson has some ideas... Thanks, Tom

Re: [Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Thomas Sailer
On 11/16/2011 08:59 PM, Thomas Sailer wrote: On 11/16/2011 08:48 PM, Simo Sorce wrote: If you did this on both server and client, then it looks like it is a nfsd bug, and not a freeipa one. So I filed a bug report against nfs-utils: https://bugzilla.redhat.com/show_bug.cgi?id=754552 Or maybe

Re: [Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Simo Sorce
On Wed, 2011-11-16 at 23:37 +0100, Thomas Sailer wrote: On 11/16/2011 08:59 PM, Thomas Sailer wrote: On 11/16/2011 08:48 PM, Simo Sorce wrote: If you did this on both server and client, then it looks like it is a nfsd bug, and not a freeipa one. So I filed a bug report against nfs-utils:

Re: [Freeipa-users] secure NFSv4 failure after IPA server upgrade

2011-11-16 Thread Thomas Sailer
On 11/17/11 00:14, Simo Sorce wrote: Is it possibly a bug in the conversion to systemd ? I think the init script for rpcgssd used to load some modules earlier. It's even stranger than that. I upgraded the machine with preupgrade. Preupgrade and anaconda have a history of not updating the