David Copperfield wrote:
Hi Rich and all,
For the latest IPA version 2.1.3-9 on red hat 6.2, the CA RUV records
clearance seems a must. Before clearance the annoying messages are
filling /var/log/dirsrv/slapd-PKI-IPA/errors on master file, while after
clearance the entries are gone.
[16/May
Rich Megginson wrote:
On 05/17/2012 03:13 PM, Iliyan Stoyanov wrote:
Hello,
I'm running latest (as of today) F17 with FreeIPA v.2.2.0. After
running ipa-server-install everything runs alright and IPA is running
fine. 389, kerberos and the rest of the components start up fine.
However after rebo
Hi,
On Wed, May 2, 2012 at 11:13 PM, Rob Crittenden wrote:
> Rich Megginson wrote:
>>
>> On 05/02/2012 07:36 PM, Ian Levesque wrote:
>>>
>>> On May 2, 2012, at 6:48 PM, Rich Megginson wrote:
>>>
> Is there any way to expose the nsDS5ReplicationAgreement objectClass
> to a less privileged
On 05/18/2012 08:13 AM, Dan Scott wrote:
Hi,
On Wed, May 2, 2012 at 11:13 PM, Rob Crittenden wrote:
Rich Megginson wrote:
On 05/02/2012 07:36 PM, Ian Levesque wrote:
On May 2, 2012, at 6:48 PM, Rich Megginson wrote:
Is there any way to expose the nsDS5ReplicationAgreement objectClass
to a
On 05/17/2012 04:10 PM, Kline, Sara wrote:
I was able to fix the import issue, and found some special SSL things
for Server 2008 when you are wanting to run LDAP/SSL. So Pass Sync is
no longer stating SSL is may not be setup correctly.
I am running into an issue however. These are the entrie
Yes, after installing PassSync I rebooted, and I have not changed any passwords
in AD. The bind dn I am using is the one that the documentation says to use
which was:
uid=passsync,cn=systemaccounts,cn=etc,dc=prod,dc=example,dc=com. If I do an ipa
user-find on this, it comes back empty but I am t
On 05/18/2012 09:11 AM, Kline, Sara wrote:
Yes, after installing PassSync I rebooted, and I have not changed any
passwords in AD.
If you have not changed any passwords in AD, then the log is correctly
reporting "No entries yet"
The bind dn I am using is the one that the documentation say
On Wed, 2012-05-16 at 15:08 -0700, Thomas Jackson wrote:
>
>
> On Tue, May 15, 2012 at 3:24 PM, Simo Sorce wrote:
> On Tue, 2012-05-15 at 14:21 -0700, Thomas Jackson wrote:
> > So going through the documentation it's clearly laid out not
> to use
> > kadmin or kad
On Fri, 2012-05-18 at 09:16 -0600, Rich Megginson wrote:
>
> ldapsearch -xLLL -D "cn=directory manager" -W -b dc=example,dc=com
> uid=passsync
This should be:
ldapsearch -xLLL -D "cn=directory manager" -W -b dc=prod,dc=exampled.dc=com
uid=passync
You also want to check that this user is proper
Ldapsearch revealed the issue. The documentation in the Integrating AD section
says that passsync is in the systemaccounts cn. Ldapsearch revealed it is
actually sysaccounts cn. It is successfully binding now. I created a test user,
then I logged in as him and changed his password, it took a whi
On 05/18/2012 09:56 AM, Kline, Sara wrote:
Ldapsearch revealed the issue. The documentation in the Integrating AD
section says that passsync is in the systemaccounts cn. Ldapsearch
revealed it is actually sysaccounts cn. It is successfully binding
now. I created a test user, then I logged in
Good to know, thank you so much for your help. Everything is up and running now!
Thanks,
Sara Kline
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Friday, May 18, 2012 9:04 AM
To: Kline, Sara
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Problems with Passsync
On 05/18/2012
On Fri, May 18, 2012 at 10:29 AM, Rich Megginson wrote:
> On 05/18/2012 08:13 AM, Dan Scott wrote:
>>
>> Hi,
>>
>> On Wed, May 2, 2012 at 11:13 PM, Rob Crittenden
>> wrote:
>>>
>>> Rich Megginson wrote:
On 05/02/2012 07:36 PM, Ian Levesque wrote:
>
> On May 2, 2012, at 6:48 PM,
On 05/18/2012 10:06 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 10:29 AM, Rich Megginson wrote:
On 05/18/2012 08:13 AM, Dan Scott wrote:
Hi,
On Wed, May 2, 2012 at 11:13 PM, Rob Crittenden
wrote:
Rich Megginson wrote:
On 05/02/2012 07:36 PM, Ian Levesque wrote:
On May 2, 2012, at 6:48 P
On Fri, May 18, 2012 at 12:21 PM, Rich Megginson wrote:
> On 05/18/2012 10:06 AM, Dan Scott wrote:
>>
>> On Fri, May 18, 2012 at 10:29 AM, Rich Megginson
>> wrote:
>>>
>>> On 05/18/2012 08:13 AM, Dan Scott wrote:
Hi,
On Wed, May 2, 2012 at 11:13 PM, Rob Crittenden
wrote:
On 05/18/2012 10:31 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 12:21 PM, Rich Megginson wrote:
On 05/18/2012 10:06 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 10:29 AM, Rich Megginson
wrote:
On 05/18/2012 08:13 AM, Dan Scott wrote:
Hi,
On Wed, May 2, 2012 at 11:13 PM, Rob Crittenden
Hi,
i solved the problem by downgrading the 389-ds-base from the one that comes
with F17 - 1.2.11.3-1 to the one that comes with F16. I essentially did a
rpmbuild --rebuild of the 1.2.10.8-1 srpm. Right now everything seems fine. It
seems freeipa doesn't work ok with the 1.2.11 tree of 389-ds.
iliyan ilf Stoyanov wrote:
Hi,
i solved the problem by downgrading the 389-ds-base from the one that
comes with F17 - 1.2.11.3-1 to the one that comes with F16. I
essentially did a rpmbuild --rebuild of the 1.2.10.8-1 srpm. Right now
everything seems fine. It seems freeipa doesn't work ok with t
On Fri, May 18, 2012 at 12:38 PM, Rich Megginson wrote:
> On 05/18/2012 10:31 AM, Dan Scott wrote:
>>
>> On Fri, May 18, 2012 at 12:21 PM, Rich Megginson
>> wrote:
>>>
>>> On 05/18/2012 10:06 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 10:29 AM, Rich Megginson
wrote:
>
>
On 05/18/2012 11:46 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 12:38 PM, Rich Megginson wrote:
On 05/18/2012 10:31 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 12:21 PM, Rich Megginson
wrote:
On 05/18/2012 10:06 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 10:29 AM, Rich Megginson
wrot
On Fri, May 18, 2012 at 1:52 PM, Rich Megginson wrote:
> On 05/18/2012 11:46 AM, Dan Scott wrote:
>>
>> On Fri, May 18, 2012 at 12:38 PM, Rich Megginson
>> wrote:
>>>
>>> On 05/18/2012 10:31 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 12:21 PM, Rich Megginson
wrote:
>
> O
Hi,
unfortunately I didn't know that beforehand. Probably it will be good if this
is mentioned somewhere on the FreeIPA install pages up on the website.
Br,
--ilf
On Fri May 18 2012 08:24:35 PM EEST, Rob Crittenden wrote:
> iliyan ilf Stoyanov wrote:
> > Hi,
> >
> > i solved the problem by d
On 05/18/2012 12:05 PM, Dan Scott wrote:
On Fri, May 18, 2012 at 1:52 PM, Rich Megginson wrote:
On 05/18/2012 11:46 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 12:38 PM, Rich Megginson
wrote:
On 05/18/2012 10:31 AM, Dan Scott wrote:
On Fri, May 18, 2012 at 12:21 PM, Rich Megginson
wrote
Hey All,
Ever since upgrading to Fedora 16 I've noticed that ipa-server causes reboot /
shutdown to hang indefinitely (I've only actually waited ~30 minutes). If I
run "service ipa stop" before rebooting, there is no hang.
I've searched bugzilla a bit and couldn't see any reports of this - is
Adamson, Dros wrote:
Hey All,
Ever since upgrading to Fedora 16 I've noticed that ipa-server causes reboot / shutdown
to hang indefinitely (I've only actually waited ~30 minutes). If I run "service ipa
stop" before rebooting, there is no hang.
I've searched bugzilla a bit and couldn't see an
Hi all,
Is there any Web interfaces for IPA users to reset their expired password over
web? Currently we let test users to ssh/login to a particular Linux server, and
sssd will let the users to authenticate with their old expired password and
then reset to newer password.
the IPA web UI coul
Hi all,
Just like to clarify my confusion: Are the HBAC (Host Based Access Control)
rules immediately in effect after IPA client software configurations through
sssd? Do we have any options inside sssd.conf to enable/disable the HBAC rules
per machine (inside IPA domain)? I have this question
Hi all,
Are the sudo rules applied to IPA clients through nss_ldap, instead of sssd?
I tried that on Redhat 6.2 clients, and some documents said that sudo rules
would work when enabled inside /etc/nslcd.conf, but we need to hack the script
/etc/init.d/nslcd.conf a little bit -- basically to
On Fri, May 18, 2012 at 2:35 PM, Gelen James wrote:
> Hi all,
>
> Are the sudo rules applied to IPA clients through nss_ldap, instead of
> sssd?
>
> I tried that on Redhat 6.2 clients, and some documents said that sudo rules
> would work when enabled inside /etc/nslcd.conf, but we need to hack t
Hi Stephen,
That's very helpful. Thanks a lot.
--Gelen
From: Stephen Ingram
To: Gelen James
Cc: "freeipa-users@redhat.com" ; Rob Crittenden
; Rich Megginson
Sent: Friday, May 18, 2012 2:58 PM
Subject: Re: [Freeipa-users] sudo rules in IPA infrastructure
Hi all,
I've the following messages logged on my IPA master server's
/var/log/dirsvr/slapd-EXAMPLE.COM/errors log file:
[17/May/2012:04:02:42 -0700] _entry_set_tombstone_rdn - Failed to convert DN
cn=CA to RDN
[17/May/2012:04:02:42 -0700] id2entry - str2entry returned NULL for id 128,
string=
On 05/18/2012 07:38 PM, David Copperfield wrote:
Hi all,
I've the following messages logged on my IPA master server's
/var/log/dirsvr/slapd-EXAMPLE.COM/errors log file:
[17/May/2012:04:02:42 -0700] _entry_set_tombstone_rdn - Failed to
convert DN cn=CA to RDN
[17/May/2012:04:02:42 -0700] id2
32 matches
Mail list logo