Re: [Freeipa-users] adding group fails with "Type or value exists"

On 11/16/2012 12:48 AM, Qing Chang wrote: On 15/11/2012 6:10 PM, John Dennis wrote: On 11/15/2012 04:21 PM, Qing Chang wrote: Adding group produces error message "Type or value exists" and fails. As shown below, I tried a few different group name to ensure that there is no duplicates: [root@

[Freeipa-users] failure to register dns on joining IPA domain

hi, this is a part of ipaclient-install.log 2012-11-16T12:12:32Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt : zone ipa.domain.tld. update delete host.ipa.domain.tld. IN SSHFP send update add host.ipa.domain.tld. 1200 IN SSHFP 1 1 904DA80AD2554ABEC354599E6876 89307F4ADCF3 update a

Re: [Freeipa-users] failure to register dns on joining IPA domain

On 11/16/2012 01:29 PM, Natxo Asenjo wrote: hi, this is a part of ipaclient-install.log 2012-11-16T12:12:32Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt : zone ipa.domain.tld. update delete host.ipa.domain.tld. IN SSHFP send update add host.ipa.domain.tld. 1200 IN SSHFP 1 1 904D

[Freeipa-users] sssd cache

hi, when running getent negroup I get old entries. Apparently sssd is being helpful :-) and caching info, but it should not do it when I am connected to the domain (IMHO). According to https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sssd-cache.htm

Re: [Freeipa-users] sssd cache

On Fri, Nov 16, 2012 at 2:52 PM, Natxo Asenjo wrote: > hi, > > when running getent negroup I get old entries. > Apparently sssd is being helpful :-) and caching info, but it should > not do it when I am connected to the domain (IMHO). > > According to > https://access.redhat.com/knowledge/docs/e

Re: [Freeipa-users] sssd cache

On Fri 16 Nov 2012 08:56:59 AM EST, Natxo Asenjo wrote: On Fri, Nov 16, 2012 at 2:52 PM, Natxo Asenjo wrote: hi, when running getent negroup I get old entries. Apparently sssd is being helpful :-) and caching info, but it should not do it when I am connected to the domain (IMHO). According t

Re: [Freeipa-users] sssd cache

Hello On Fri, Nov 16, 2012 at 7:22 PM, Natxo Asenjo wrote: > hi, > > when running getent negroup I get old entries. > Apparently sssd is being helpful :-) and caching info, but it should > not do it when I am connected to the domain (IMHO). > > According to > https://access.redhat.com/knowledge

Re: [Freeipa-users] sssd cache

On Fri, Nov 16, 2012 at 3:00 PM, Stephen Gallagher wrote: > Two points here. 1) sss_cache is moving to the main package in RHEL 6.4, so > you won't have to install the separate sssd-tools package for it. 2) You > might also look at the manpage for entry_cache_netgroup_timeout. If you want > to ha

[Freeipa-users] Problem adding DNS Zones

Using FreeIPA on a private network (where it's easier to just alias our own servers to these names than to edit config file after config file). Any idea what I'm doing wrong here? # ipa dnszone-add 0.pool.ntp.org --name-server=dns.project.net--admin-email= r...@project.net ipa: ERROR: Nameserver '

Re: [Freeipa-users] Problem adding DNS Zones

On 11/16/2012 04:11 PM, Bret Wortman wrote: Using FreeIPA on a private network (where it's easier to just alias our own servers to these names than to edit config file after config file). Any idea what I'm doing wrong here? # ipa dnszone-add 0.pool.ntp.org --name-server=d

Re: [Freeipa-users] Problem adding DNS Zones

On 11/16/2012 04:11 PM, Bret Wortman wrote: Using FreeIPA on a private network (where it's easier to just alias our own servers to these names than to edit config file after config file). Any idea what I'm doing wrong here? # ipa dnszone-add 0.pool.ntp.org --name-serve

Re: [Freeipa-users] adding group fails with "Type or value exists"

On 16/11/2012 3:25 AM, Martin Kosek wrote: On 11/16/2012 12:48 AM, Qing Chang wrote: On 15/11/2012 6:10 PM, John Dennis wrote: On 11/15/2012 04:21 PM, Qing Chang wrote: Adding group produces error message "Type or value exists" and fails. As shown below, I tried a few different group name t

Re: [Freeipa-users] Problem adding DNS Zones

Hello, you didn't specified IPA version, OS version etc., so my reply will be valid latest IPA master but not necessarily for Your version: You are trying to use name server from another zone so you have to enter absolute DNS name. Value "dns.project.net" is missing the trailing dot, so DNS

[Freeipa-users] IPA weirdness with Samba, Dovecot IMAP and SSHD

just migrated all my user from OpenLDAP and MIT Kerberos to IPA. Out of more than 400 users, there are around 10 that have problem accessing Samba or Dovecot IMAP or ssh. They never have problem login to ipa/ipa/ui/login.html. For Dovecot IMAP following error is generated: = Nov 16 10:15:03

Re: [Freeipa-users] IPA weirdness with Samba, Dovecot IMAP and SSHD

On 11/16/2012 10:59 AM, Qing Chang wrote: > just migrated all my user from OpenLDAP and MIT Kerberos to IPA. > > Out of more than 400 users, there are around 10 that have problem > accessing Samba or Dovecot IMAP or ssh. > > They never have problem login to ipa/ipa/ui/login.html. > > For Dovecot IM

[Freeipa-users] testing cross realm trusts

Hi I'm trying to setup a cross realm trust with AD using directions here: http://freeipa.org/page/IPAv3_testing_AD_trust#Prepare_FreeIPA_server_for_trusts I got all the way to creating the trust, but then I get: [root@ipa1 slapd-IPA-TEST]# ipa trust-add --type=ad msad.test --admin Administrato

[Freeipa-users] FreeIPA on a dual boot system

Hi fellow FreeIPA users! I just got my FreeIPA set up perfectly and I was wondering if it's possible to set it up in the other OS in a dual boot configuration. Since I'm still on the same computer (therefore, the same MAC address), ipa-client-install fails saying that I'm already joined to the