Re: [Freeipa-users] Migrate from SunONE DS5.2 - UnicodeDecodeError

On Thu, Sep 20, 2012 at 3:49 PM, Martin Kosek wrote: > Since an Internal error was returned, there should at least be a traceback in > /var/log/httpd/error_log. This should help us narrow down the root cause of > this issue. > > Martin > Oops, I only sent to Rob. So that's temporarily cop

Re: [Freeipa-users] ipa host-add having both an IPv4 and an IPv6 address

On 09/20/2012 10:35 PM, Sigbjorn Lie wrote: > Hi, > > I see that I can add hosts with either an IPv4 or an IPv6 address when using > "ipa host-add --ip-address=". > > Is there a way to add a host specifying both an IPv4 and an IPv6 address at > the > same time? > > Adding the --ip-address optio

[Freeipa-users] Do we need ipa-client-update script?

Hello users, we have a question for client machine administrators: On 09/21/2012 10:12 AM, Martin Kosek wrote: > ..., that it may be useful to implement a script > like "ipa-client-update" which would be capable of updating client information > (and could be entered in a cron for example) witho

Re: [Freeipa-users] Do we need ipa-client-update script?

Dne 21.9.2012 10:45, Petr Spacek napsal(a): Hello users, we have a question for client machine administrators: On 09/21/2012 10:12 AM, Martin Kosek wrote: > ..., that it may be useful to implement a script > like "ipa-client-update" which would be capable of updating client information > (a

Re: [Freeipa-users] winsync agreement wipes IPA users

When using bare ldapsearch, you are hitting 389-ds limits - in your case nsslapd-sizelimit. This can be increased either globally or (this seems as a more secure solution) for a user you bind as: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/

Re: [Freeipa-users] Ipa migration, from ui cannot change password

I was mistaken. The password change from the ui works well. Thanks again for your help. 2012/9/21 James James > This is my krb5kdc.log ... > > Sep 21 00:03:14 ipa.example.com krb5kdc[22836](info): AS_REQ (4 etypes > {18 17 16 23}) 129.104.11.85: CLIENT KEY EXPIRED: test@LIX.POLYTECHN > IQUE.FR

Re: [Freeipa-users] krb5-server-1.9-33.el6_3.3.x86_64 prevents named from starting when selinux is enforcing

Simo Sorce wrote: - Original Message - Sigbjorn Lie wrote: On 09/20/2012 10:17 PM, Rob Crittenden wrote: bind isn't my strongest suite. My guess is that this file is the ccache for bind. I'm guessing that 25 is the UID of the named user. If this is the case, then it should be safe to

Re: [Freeipa-users] winsync agreement wipes IPA users

On 09/21/2012 05:21 AM, Martin Kosek wrote: When using bare ldapsearch, you are hitting 389-ds limits - in your case nsslapd-sizelimit. This can be increased either globally or (this seems as a more secure solution) for a user you bind as: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_D

Re: [Freeipa-users] sudden ipa errors.

Lager, Nathan T. wrote: Well, after all of this, RedHat support just resolved my issue! It came down the the domain_realm definitions in /etc/krb5.conf. They had me change: [domain_realm] .systems.lafayette.edu = SYSTEMS.LAFAYETTE.EDU systems.lafayette.edu = SYSTEMS.LAFAYETTE.EDU To: [dom

Re: [Freeipa-users] winsync agreement wipes IPA users

On 09/21/2012 09:23 AM, Rich Megginson wrote: > On 09/21/2012 05:21 AM, Martin Kosek wrote: >> When using bare ldapsearch, you are hitting 389-ds limits - in your case >> nsslapd-sizelimit. This can be increased either globally or (this >> seems as a >> more secure solution) for a user you bind as:

Re: [Freeipa-users] sudden ipa errors.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/21/2012 10:18 AM, Rob Crittenden wrote: > Lager, Nathan T. wrote: >> Well, after all of this, RedHat support just resolved my issue! >> >> It came down the the domain_realm definitions in /etc/krb5.conf. >> >> They had me change: >> >> [doma

Re: [Freeipa-users] winsync agreement wipes IPA users

On 09/21/2012 09:04 AM, Dmitri Pal wrote: On 09/21/2012 09:23 AM, Rich Megginson wrote: On 09/21/2012 05:21 AM, Martin Kosek wrote: When using bare ldapsearch, you are hitting 389-ds limits - in your case nsslapd-sizelimit. This can be increased either globally or (this seems as a more secure s

Re: [Freeipa-users] sudden ipa errors.

Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/21/2012 10:18 AM, Rob Crittenden wrote: Lager, Nathan T. wrote: Well, after all of this, RedHat support just resolved my issue! It came down the the domain_realm definitions in /etc/krb5.conf. They had me change: [dom

Re: [Freeipa-users] sudden ipa errors.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/21/2012 11:07 AM, Nathan Lager wrote: > > > On 09/21/2012 10:18 AM, Rob Crittenden wrote: >> Lager, Nathan T. wrote: >>> Well, after all of this, RedHat support just resolved my >>> issue! >>> >>> It came down the the domain_realm definition

Re: [Freeipa-users] Migrate from SunONE DS5.2 - UnicodeDecodeError

On 09/21/2012 04:23 AM, Pieter Baele wrote: > On Thu, Sep 20, 2012 at 3:49 PM, Martin Kosek wrote: > >> Since an Internal error was returned, there should at least be a traceback in >> /var/log/httpd/error_log. This should help us narrow down the root cause of >> this issue. >> >> Martin >> > Oops

Re: [Freeipa-users] winsync agreement wipes IPA users

On 09/21/2012 11:07 AM, Rich Megginson wrote: > On 09/21/2012 09:04 AM, Dmitri Pal wrote: >> On 09/21/2012 09:23 AM, Rich Megginson wrote: >>> On 09/21/2012 05:21 AM, Martin Kosek wrote: When using bare ldapsearch, you are hitting 389-ds limits - in your case nsslapd-sizelimit. This

Re: [Freeipa-users] sudden ipa errors.

On 09/21/2012 11:13 AM, Nathan Lager wrote: > > > On 09/21/2012 11:07 AM, Nathan Lager wrote: > > > > On 09/21/2012 10:18 AM, Rob Crittenden wrote: > >> Lager, Nathan T. wrote: > >>> Well, after all of this, RedHat support just resolved my > >>> issue! > >>> > >>> It came down the the domain_realm

Re: [Freeipa-users] winsync agreement wipes IPA users

On 09/21/2012 09:18 AM, Dmitri Pal wrote: On 09/21/2012 11:07 AM, Rich Megginson wrote: On 09/21/2012 09:04 AM, Dmitri Pal wrote: On 09/21/2012 09:23 AM, Rich Megginson wrote: On 09/21/2012 05:21 AM, Martin Kosek wrote: When using bare ldapsearch, you are hitting 389-ds limits - in your case

Re: [Freeipa-users] sudden ipa errors.

Sure thing, can you point me to where i'd do so? I usually have this sort of thing taken care of via a RedHat support ticket. And the support rep creates the bug report. On 09/21/2012 11:19 AM, Dmitri Pal wrote: >> That, might be worthy of a bug report. >> >> > Can you please file one? > __

Re: [Freeipa-users] krb5-server-1.9-33.el6_3.3.x86_64 prevents named from starting when selinux is enforcing

On 09/21/2012 02:47 PM, Rob Crittenden wrote: Simo Sorce wrote: - Original Message - Sigbjorn Lie wrote: On 09/20/2012 10:17 PM, Rob Crittenden wrote: bind isn't my strongest suite. My guess is that this file is the ccache for bind. I'm guessing that 25 is the UID of the named user.

Re: [Freeipa-users] ipa host-add having both an IPv4 and an IPv6 address

On 09/21/2012 10:29 AM, Martin Kosek wrote: On 09/20/2012 10:35 PM, Sigbjorn Lie wrote: Hi, I see that I can add hosts with either an IPv4 or an IPv6 address when using "ipa host-add --ip-address=". Is there a way to add a host specifying both an IPv4 and an IPv6 address at the same time? Add

Re: [Freeipa-users] Do we need ipa-client-update script?

On 09/21/2012 10:45 AM, Petr Spacek wrote: Hello users, we have a question for client machine administrators: On 09/21/2012 10:12 AM, Martin Kosek wrote: > ..., that it may be useful to implement a script > like "ipa-client-update" which would be capable of updating client information > (and