Re: [Freeipa-users] No Dogtag certificate system installed on slave IPA servers installed

On Mon, 2012-05-07 at 15:26 -0700, David Copperfield wrote: > Hi, > > > I installed a master IPA server with dogtag certificate system > installed; then use ipa-replica-prepare and ipa-replica-install to > install two IPA replica servers. The two replicas are installed and > 'ipa-replica-manage'

Re: [Freeipa-users] Trying to trace why a user cannot login to a client

On Tue, May 01, 2012 at 10:12:48PM +, Steven Jones wrote: > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 The logs only say "[ipa_hbac_evaluate_rules] (3): Access granted by HBAC rule [desktop-admins-test]". Th

Re: [Freeipa-users] Can I change new users' default group from 'ipausers' to some thing else?

On Mon, 2012-05-07 at 18:01 -0700, David Copperfield wrote: > Hi, > > > Can I change the default user group for new users to something else? > and disable automatically creation of private groups? Yes, and yes, although I wouldn't recommend so if you have more than a couple hundred users as tha

Re: [Freeipa-users] IPA replica server rebuilding failed with 'Invalid credentials' error.

On Mon, 2012-05-07 at 20:38 -0700, David Copperfield wrote: > I have a IPA replica server with disk problems, and then it is > reimaged and rebuild. But when the IPA replica function is rebuilt, it > reports the following problem: > > > [root@ipareplica02 ipa]# ipa-replica-install > --no-ntp /var

Re: [Freeipa-users] krbPasswordExpiration field not updating?

On Tue, 2012-05-08 at 09:55 +0400, free...@noboost.org wrote: > Hi, > > Spec: > Red Hat Enterprise Linux Server release 6.2 (Santiago) > ipa-admintools-2.1.3-9.el6.x86_64 > ipa-client-2.1.3-9.el6.x86_64 > ipa-pki-ca-theme-9.0.3-7.el6.noarch > ipa-pki-common-theme-9.0.3-7.el6.noarch > ip

Re: [Freeipa-users] *SOLVED* Re: ipa-replica-prepare Certificate issuance failed

On Sat, 2012-05-05 at 21:47 -0400, Chris Evich wrote: > On 05/05/2012 09:08 PM, Chris Evich wrote: > > On 05/05/2012 08:01 PM, Chris Evich wrote: > >> On 05/04/2012 04:17 PM, Chris Evich wrote: > >> That makes me think maybe there's just a missing service principal or > >> something I can add? I'll

Re: [Freeipa-users] krbPasswordExpiration field not updating?

On Tue, May 8, 2012 at 1:55 AM, wrote: > Hi, > > Spec: > Red Hat Enterprise Linux Server release 6.2 (Santiago) >  ipa-admintools-2.1.3-9.el6.x86_64 >  ipa-client-2.1.3-9.el6.x86_64 >  ipa-pki-ca-theme-9.0.3-7.el6.noarch >  ipa-pki-common-theme-9.0.3-7.el6.noarch >  ipa-python-2.1.3-9.el6.x86_64

Re: [Freeipa-users] Please help: Any way to turn off IPA creation of private user group?

David Copperfield wrote: Hi folks, Are there any way to turn off IPA automatic creation of private user group? We use a common user group like ‘nis-wheel’, and completely disabled private groups in openldap before migration. If you disable private groups then the primary group of users is goin

Re: [Freeipa-users] IPA replica server rebuilding failed with 'Invalid credentials' error.

Simo Sorce wrote: On Mon, 2012-05-07 at 20:38 -0700, David Copperfield wrote: I have a IPA replica server with disk problems, and then it is reimaged and rebuild. But when the IPA replica function is rebuilt, it reports the following problem: [root@ipareplica02 ipa]# ipa-replica-install --no-n

Re: [Freeipa-users] krbPasswordExpiration field not updating?

Dan Scott wrote: On Tue, May 8, 2012 at 1:55 AM, wrote: Hi, Spec: Red Hat Enterprise Linux Server release 6.2 (Santiago) ipa-admintools-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.3-9.el6.

Re: [Freeipa-users] *SOLVED* Re: ipa-replica-prepare Certificate issuance failed

On 05/08/2012 09:10 AM, Simo Sorce wrote: On Sat, 2012-05-05 at 21:47 -0400, Chris Evich wrote: On 05/05/2012 09:08 PM, Chris Evich wrote: On 05/05/2012 08:01 PM, Chris Evich wrote: On 05/04/2012 04:17 PM, Chris Evich wrote: That makes me think maybe there's just a missing service principal or

Re: [Freeipa-users] IPA replica server rebuilding failed with 'Invalid credentials' error.

HI Simo and all,  Thanks for your reply. do you mean restarting ipa service on ipa master like 'service ipa restart'? or run 'kdestroy' on ipamaster to remove kerberos tickets?  It will be great if you could elaborate on this: like which IPA replica Kerberos principal, replica Kerberos tickets

Re: [Freeipa-users] IPA replica server rebuilding failed with 'Invalid credentials' error.

On Tue, 2012-05-08 at 12:20 -0700, David Copperfield wrote: > HI Simo and all, > > > Thanks for your reply. > > > do you mean restarting ipa service on ipa master like 'service ipa > restart'? or run 'kdestroy' on ipamaster to remove kerberos tickets? > It will be great if you could elaborate

Re: [Freeipa-users] krbPasswordExpiration field not updating?

On Tue, May 08, 2012 at 09:43:13AM -0400, Rob Crittenden wrote: > Dan Scott wrote: > >On Tue, May 8, 2012 at 1:55 AM, wrote: > >>Hi, > >> > >>Spec: > >>Red Hat Enterprise Linux Server release 6.2 (Santiago) > >> ipa-admintools-2.1.3-9.el6.x86_64 > >> ipa-client-2.1.3-9.el6.x86_64 > >> ipa-pki-c

Re: [Freeipa-users] krbPasswordExpiration field not updating?

On Tue, May 8, 2012 at 8:45 PM, wrote: > On Tue, May 08, 2012 at 09:43:13AM -0400, Rob Crittenden wrote: >> Dan Scott wrote: >> >On Tue, May 8, 2012 at 1:55 AM,  wrote: >> >>Hi, >> >> >> >>Spec: >> >>Red Hat Enterprise Linux Server release 6.2 (Santiago) >> >>  ipa-admintools-2.1.3-9.el6.x86_64 >

[Freeipa-users] host name too long for Web interface

Perhaps this is already corrected in 2.2.0, but I'm currently using 2.1.3 and when using a long hostname (like amazon ec2 names ec2-50-xx-xxx-xxx.us-1-east.compute.amazonaws.com), once you click on the hostname in the Identity/Hosts tab, you can no longer return to the hosts listing because the hos