Re: [Freeipa-users] IPv6

2012-04-27 Thread Petr Spacek
On 04/26/2012 11:42 PM, Simo Sorce wrote: On Thu, 2012-04-26 at 21:18 +, Steven Jones wrote: Hi, FYI, I shutdown IPv6 as we dont do IPv6 and found that IPA wouldnt workslight oops there... Hi Steve, can you be more explicit on how you 'shutdown' IPv6 ? And can you please tell

Re: [Freeipa-users] IPv6

2012-04-27 Thread John Dennis
On 04/27/2012 04:45 AM, Petr Spacek wrote: On 04/26/2012 11:42 PM, Simo Sorce wrote: On Thu, 2012-04-26 at 21:18 +, Steven Jones wrote: Hi, FYI, I shutdown IPv6 as we dont do IPv6 and found that IPA wouldnt workslight oops there... Hi Steve, can you be more explicit on how you

Re: [Freeipa-users] IPA, kerberos ticket issue for web admin.

2012-04-27 Thread Nathan Lager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/23/2012 11:58 AM, Rob Crittenden wrote: Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/20/2012 02:26 PM, Rob Crittenden wrote: Have you configured the browser for Kerberos?

Re: [Freeipa-users] What are the main purposes of Dogtag certificate system inside IPA

2012-04-27 Thread Dmitri Pal
On 04/26/2012 04:51 PM, hshhs caca wrote: Hi folks, When evaluating migration from existing seperate LDAP/Kerberos solution to integrated IPA, I got confused on the purposes of Dogtag Certificate system inside IPA. What are the main purposes of it? or what value it brings in to IPA? I

Re: [Freeipa-users] IPA Bug??: IPA replica installation problem on IPV4-only nodes

2012-04-27 Thread Dmitri Pal
On 04/26/2012 07:10 PM, David Copperfield wrote: IPA Replica installation fails on IPV4 Linux box, The exception/messages on screen are: ... error: [Errno 97] Address family not supported by protocol ... After looking into the python code, it is found out that the IPA program tried to

Re: [Freeipa-users] Problem: How to download the keytab from IPA without resetting/regenerating a new one??

2012-04-27 Thread Dmitri Pal
On 04/26/2012 10:58 PM, David Copperfield wrote: Hi, Just have a silly case where I've to download the existing version keytab for a service principal. It is download only -- not recreate a new version and download the new version which ipa-getkeytab does. -- ipa-getkeytab command name

Re: [Freeipa-users] What are the main purposes of Dogtag certificate system inside IPA

2012-04-27 Thread David Copperfield
From: Dmitri Pal d...@redhat.com Let us teake one a time. Dogtag is the certificate system. Web services and many other servers use certificates for SSL/TLS peer-to-peer confidentiality and authentication. The certificates needs to be issued so IPA can issue certs for those services in your

Re: [Freeipa-users] What are the main purposes of Dogtag certificate system inside IPA

2012-04-27 Thread Dmitri Pal
On 04/27/2012 03:05 PM, David Copperfield wrote: From: Dmitri Pal d...@redhat.com Let us teake one a time. Dogtag is the certificate system. Web services and many other servers use certificates for SSL/TLS peer-to-peer confidentiality and authentication. The certificates needs to be

Re: [Freeipa-users] Problem: How to download the keytab from IPA without resetting/regenerating a new one??

2012-04-27 Thread Stephen Gallagher
On Thu, 2012-04-26 at 19:58 -0700, David Copperfield wrote: Hi, Just have a silly case where I've to download the existing version keytab for a service principal. It is download only -- not recreate a new version and download the new version which ipa-getkeytab does. -- ipa-getkeytab

Re: [Freeipa-users] Problem: How to download the keytab from IPA without resetting/regenerating a new one??

2012-04-27 Thread Nalin Dahyabhai
On Fri, Apr 27, 2012 at 02:52:20PM -0400, Dmitri Pal wrote: I thought that there was a flag for ipa-getkeytab to fetch existing key but my knowledge in this area is rusty. Same with the cert. May be someone else would chime in. There's a way for certificates, at least. If you still

[Freeipa-users] Confused/lost at promoting a replica into a master

2012-04-27 Thread David Copperfield
Hi follks,  I'm completely lost at reading the IPA document on how to promote a IPA replica into master IPA. When I'm try to follow the steps listed in the chapter '16.8.1 Promoting a Replica with a Dogtag Certificate System CA' at the link