On Wed, 04 Jan 2012, Alexander Bokovoy wrote:
> On Wed, 04 Jan 2012, Rich Megginson wrote:
> > >Your system may be partly configured.
> > >Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > >[root@fileserver4 ~]#
> > >
> > >I'm running 389-ds-base-1.2.10-0.5.a5.fc16.x86_64, if that helps
On Thu, 05 Jan 2012, Alexander Bokovoy wrote:
> On Wed, 04 Jan 2012, Alexander Bokovoy wrote:
> > On Wed, 04 Jan 2012, Rich Megginson wrote:
> > > >Your system may be partly configured.
> > > >Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > > >[root@fileserver4 ~]#
> > > >
> > > >I'm
nasir nasir wrote:
Thanks for the reply Rob.
Please find below the output of your guidelines.
# ipa-getkeytab -s xxx.xxx.com -p host/xx.xx.com -k
/etc/krb5.keytab
(the command was successful; it din't show any errors in the krb5kdc.log
or audit.log)
# kinit -kt /etc/krb5.keytab
Thanks for the input Rob,
Please find below the /var/log/httpd/error_log
[Thu Jan 05 19:50:46 2012] [error] Certificate not verified: 'Server-Cert'[Thu
Jan 05 19:50:46 2012] [error] SSL Library Error: -8181 Certificate has
expired[Thu Jan 05 19:50:46 2012] [error] Certificate not verified:
'Serv
nasir nasir wrote:
Thanks for the input Rob,
Please find below the /var/log/httpd/error_log
[Thu Jan 05 19:50:46 2012] [error] Certificate not verified: 'Server-Cert'
[Thu Jan 05 19:50:46 2012] [error] SSL Library Error: -8181 Certificate
has expired
[Thu Jan 05 19:50:46 2012] [error] Certifica
On Wed, Jan 4, 2012 at 13:48, Rob Crittenden wrote:
> Dan Scott wrote:
>>
>> Hi,
>>
>> Recently I've had some crash/hang problems with my FreeIPA 2
>> installation which appear solved using the updates-testing version of
>> freeipa-server (2.1.4-2.fc16.x86_64) which I'm currently running on
>> bot
On Thu, Jan 05, 2012 at 10:38:11AM -0500, Rob Crittenden wrote:
> My first thought was that there was a CA trust issue. I believe that
> certmonger uses the NSS database where the certificate is stored so
> since it is also doing this against Apache (which in theory trust is
> ok for it to start at
On 01/05/2012 12:03 PM, Dan Scott wrote:
> On Wed, Jan 4, 2012 at 13:48, Rob Crittenden wrote:
>> Dan Scott wrote:
>>> Hi,
>>>
>>> Recently I've had some crash/hang problems with my FreeIPA 2
>>> installation which appear solved using the updates-testing version of
>>> freeipa-server (2.1.4-2.fc16
Dan Scott wrote:
On Wed, Jan 4, 2012 at 13:48, Rob Crittenden wrote:
Dan Scott wrote:
Hi,
Recently I've had some crash/hang problems with my FreeIPA 2
installation which appear solved using the updates-testing version of
freeipa-server (2.1.4-2.fc16.x86_64) which I'm currently running on
bot
I am trying to solve an issue that seems like it should be obvious but
is not, to me at least.
I am trying to allow a user to log into a single host, via GDM. I have
configured a HBAC rule that allows access to the host from the host
(actually to the group with the host in it from the same group).
On Thu, 2012-01-05 at 11:35 -0900, Erinn Looney-Triggs wrote:
> I am trying to solve an issue that seems like it should be obvious but
> is not, to me at least.
>
> I am trying to allow a user to log into a single host, via GDM. I have
> configured a HBAC rule that allows access to the host from t
On 01/05/2012 11:37 AM, Stephen Gallagher wrote:
> On Thu, 2012-01-05 at 11:35 -0900, Erinn Looney-Triggs wrote:
>> I am trying to solve an issue that seems like it should be obvious but
>> is not, to me at least.
>>
>> I am trying to allow a user to log into a single host, via GDM. I have
>> confi
On Thu, 2012-01-05 at 11:48 -0900, Erinn Looney-Triggs wrote:
> Yes that look about right, not able to confirm 100%, but that is
> probably the issue.
We're looking into it. However, I should point out that using srchost is
a very unreliable means of restricting access. There are numerous
problem
Hello
We have a mixed environment of AIX, and linux servers
All our user accounts are still set locally - no NIS, and we do not have
unique uid/gid toward our hosts!!!
I am evaluating the possibility of using Redhat Identity management in our
environment
I have to figure out what AIX will be able
Hi Rob,
Added the directive "NSSEnforceValidCerts off" in /etc/httpd/conf.d/nss.conf
and restarted httpd. Please find the /var/log/httpd/error_log
[Fri Jan 06 01:06:29 2012] [error] Exception KeyError: KeyError(-1215723696,)
in ignored[Fri Jan
06 01:06:29 2012] [error] Exception KeyError: KeyEr
nasir nasir wrote:
Hi Rob,
Added the directive "NSSEnforceValidCerts off" in
/etc/httpd/conf.d/nss.conf and restarted httpd. Please find the
/var/log/httpd/error_log
[Fri Jan 06 01:06:29 2012] [error] Exception KeyError:
KeyError(-1215723696,) in ignored
[Fri Jan 06 01:06:29 2012] [error] Exce
On 01/05/2012 04:20 PM, Sylvain Angers wrote:
> Hello
>
> We have a mixed environment of AIX, and linux servers
> All our user accounts are still set locally - no NIS, and we do not
> have unique uid/gid toward our hosts!!!
> I am evaluating the possibility of using Redhat Identity management in
>
On 01/05/2012 11:54 AM, Stephen Gallagher wrote:
> On Thu, 2012-01-05 at 11:48 -0900, Erinn Looney-Triggs wrote:
>> Yes that look about right, not able to confirm 100%, but that is
>> probably the issue.
>
>
> We're looking into it. However, I should point out that using srchost is
> a very unrel
Rob,
# ipa user-show adminipa: ERROR: cert validation failed for
"CN=openipa.hugayet.com,O=HUGAYET.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's
Certificate has expired.)ipa: ERROR: cert validation failed for
"CN=openipa.hugayet.com,O=HUGAYET.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's
Certific
On 01/05/2012 05:07 PM, Erinn Looney-Triggs wrote:
> On 01/05/2012 11:54 AM, Stephen Gallagher wrote:
>> On Thu, 2012-01-05 at 11:48 -0900, Erinn Looney-Triggs wrote:
>>> Yes that look about right, not able to confirm 100%, but that is
>>> probably the issue.
>>
>> We're looking into it. However, I
On Jan 5, 2012, at 5:48 PM, Erinn Looney-Triggs
wrote:
> On 01/05/2012 11:54 AM, Stephen Gallagher wrote:
>> On Thu, 2012-01-05 at 11:48 -0900, Erinn Looney-Triggs wrote:
>>> Yes that look about right, not able to confirm 100%, but that is
>>> probably the issue.
>>
>>
>> We're looking into
Hi again,
by moving away from local account, to freeipa do we affect any of these
numbers?:
-group name length limits
-group membership limits
or they remain the same / as the under limit of the local os?
On linux, I believe there will still be a limitation of 16 id per group,
right?
If anyone
On 01/05/2012 06:27 PM, Sylvain Angers wrote:
> Hi again,
>
> by moving away from local account, to freeipa do we affect any of
> these numbers?:
>
> -group name length limits
> -group membership limits
>
> or they remain the same / as the under limit of the local os?
> On linux, I believe there
On Thu, 2012-01-05 at 16:20 -0500, Sylvain Angers wrote:
> Hello
>
>
> We have a mixed environment of AIX, and linux servers
> All our user accounts are still set locally - no NIS, and we do not
> have unique uid/gid toward our hosts!!!
> I am evaluating the possibility of using Redhat Identity
On Thu, 2012-01-05 at 18:27 -0500, Sylvain Angers wrote:
> Hi again,
>
>
> by moving away from local account, to freeipa do we affect any of
> these numbers?:
>
>
> -group name length limits
> -group membership limits
>
>
> or they remain the same / as the under limit of the local os?
> On
On Jan 5, 2012, at 3:14 PM, "Stephen Gallagher" wrote:
>
>
> On Jan 5, 2012, at 5:48 PM, Erinn Looney-Triggs
> wrote:
>
>> On 01/05/2012 11:54 AM, Stephen Gallagher wrote:
>>> On Thu, 2012-01-05 at 11:48 -0900, Erinn Looney-Triggs wrote:
Yes that look about right, not able to confirm 10
26 matches
Mail list logo