[Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I'm open to hear some opinions and thoughts on what the best way to auto-provision service principles in an environment with a 100% autonomous build process.. Lets say for example, I wanted to provision a mail server and configure dovecot

Re: [Freeipa-users] Upgraded, login + password webui auth and ssh token manipulation gone

2013-03-11 Thread Sumit Bose
On Mon, Mar 11, 2013 at 01:21:26AM -0400, Tim Hildred wrote: It definately wasn't a policy problem. I couldn't even use ipa passwd as admin from the command line, there was a connection error. The upgrade meant my IPA server was straight borked. The solution? Revert to a previous snapshot,

Re: [Freeipa-users] ipa-* tools throws errors

2013-03-11 Thread Martin Kosek
Hello David, I am still not convinced that this issue is not caused by a DNS. This is what we do in ipa command: 1) We try to primarily connect to server that is defined in /etc/ipa/default.conf in server option 2) If it is not available, we try to fallback to other IPA servers which are

Re: [Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Christian Horn
Hoi, Dale Macartneyさんが書きました: I'm open to hear some opinions and thoughts on what the best way to auto-provision service principles in an environment with a 100% autonomous build process.. Lets say for example, I wanted to provision a mail server and configure dovecot SSO in the same

Re: [Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2013 11:04 AM, Christian Horn wrote: Hoi, Dale Macartneyさんが書きました: I'm open to hear some opinions and thoughts on what the best way to auto-provision service principles in an environment with a 100% autonomous build process.. Lets

Re: [Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Christian Horn
Dale Macartneyさんが書きました: On 03/11/2013 11:04 AM, Christian Horn wrote: How about having service-add/ipa-getkeytab done on the server, and having the keytab deployed onto the clientsystem using scp from the server, or via configmanagement? That definitely gets around security

Re: [Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2013 11:39 AM, Christian Horn wrote: Dale Macartneyさんが書きました: On 03/11/2013 11:04 AM, Christian Horn wrote: How about having service-add/ipa-getkeytab done on the server, and having the keytab deployed onto the clientsystem using

Re: [Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Dmitri Pal
On 03/11/2013 07:43 AM, Dale Macartney wrote: On 03/11/2013 11:39 AM, Christian Horn wrote: Dale Macartneyさんが書きました: On 03/11/2013 11:04 AM, Christian Horn wrote: How about having service-add/ipa-getkeytab done on the server, and having the keytab deployed onto the clientsystem

Re: [Freeipa-users] ipa-* tools throws errors

2013-03-11 Thread David Fitzgerald
Here is the output of the dig command. Cyclone does show up here , but our networking people say there are no srv records in our current db. I still think the trouble I am having has to do with the Internal Server Error I get when I run ipa commands. ; DiG

Re: [Freeipa-users] ipa-* tools throws errors

2013-03-11 Thread John Dennis
On 03/11/2013 02:05 PM, David Fitzgerald wrote: Here is the output of the dig command. Cyclone does show up here , but our networking people say there are no srv records in our current db. I still think the trouble I am having has to do with the Internal Server Error I get when I run ipa