On 06/18/2013 02:28 AM, Dmitri Pal wrote:
> On 06/14/2013 11:59 AM, Erinn Looney-Triggs wrote:
>> So my CA certificate in IPA is a subordinate certificate of an AD CS
>> instance. These certificates by default are only valid for two years,
>> and mine will be up come this December.
>>
>> So, I am l
On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote:
> Thank you for your response. As you suggested I
> checked /etc/nsswitch.conf. ipa-client-automount left the line looking
> like:
>
> automount: sss files
If it did, then I would consider it to be ipa-client-automount, I think
we shoul
Has anyone successfully set up trusts between 2003 R2 and FreeIPA? I
noticed the documentation mentions 2008 R2 as a prerequisite. Unfortunately
our organization has not completed the migration to 2008 R2 yet. I know,
we're a little behind the curve on that, but fortunately Windows servers
aren't m
We have managed to establish a FreeIPA / Windows 2003R2.
However domain and forest functional level has to be set to max on that
platform which i believe is 2003 anyways.
I know when I was first attempting the trusts, on a new 2003r2 DC and the
forest functional level was set to 2000, the trust wou
On Tue, Jun 18, 2013 at 08:00:02AM +0200, Leah Zimmermann wrote:
> On 06/14/2013 09:08 AM, Sumit Bose wrote:
> >On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote:
> >>Hello Sumit,
> >>Hello List Members,
> >>
> >>Am 13.06.2013 09:18, schrieb Sumit Bose:
> >>>On Wed, Jun 12, 2013 at 02
On Wed, 19 Jun 2013, Brian Lee wrote:
Has anyone successfully set up trusts between 2003 R2 and FreeIPA? I
noticed the documentation mentions 2008 R2 as a prerequisite. Unfortunately
our organization has not completed the migration to 2008 R2 yet. I know,
we're a little behind the curve on that,
In /etc/auto_home add a line above +auto_home that reads
/home/local -rw localhost:/export/home/local
Then create the directory in /export/home, chown it properly, and you should be
good.
If you have any issues its probably syntax, I am fairly certain you need -rw on
linux but that would not
So as others have mentioned windows obviously isn't my area of focus here
either, however we have this working with 2003r2, but I do notice odd
behaviour with "id" returning odd results sometimes depending on what
system I am logged in from or initial logins failing the first time and
working the s
ipa-client-install fails with "Cannot resolve network address for KDC"
message.
I don't have SRV records, but I provide IPA server name via "--server"
param.
any ideas?
TIA,
Vitaly
2013-06-19 13:58:39,113 DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2013-06-19
On 06/19/2013 09:05 AM, Aly Khimji wrote:
> We have managed to establish a FreeIPA / Windows 2003R2.
> However domain and forest functional level has to be set to max on
> that platform which i believe is 2003 anyways.
> I know when I was first attempting the trusts, on a new 2003r2 DC and
> th
On Wed, 19 Jun 2013, Aly Khimji wrote:
So as others have mentioned windows obviously isn't my area of focus here
either, however we have this working with 2003r2, but I do notice odd
behaviour with "id" returning odd results sometimes depending on what
system I am logged in from or initial logins
On 06/19/2013 12:35 PM, Alexander Bokovoy wrote:
> On Wed, 19 Jun 2013, Aly Khimji wrote:
>> So as others have mentioned windows obviously isn't my area of focus
>> here
>> either, however we have this working with 2003r2, but I do notice odd
>> behaviour with "id" returning odd results sometimes d
On 06/19/2013 10:32 AM, Vitaly wrote:
>
> ipa-client-install fails with "Cannot resolve network address for KDC"
> message.
> I don't have SRV records, but I provide IPA server name via
> "--server" param.
> any ideas?
>
> TIA,
> Vitaly
>
> 2013-06-19 13:58:39,113 DEBUG Loading Index file from
> '
On Wed, 19 Jun 2013, Dmitri Pal wrote:
On 06/19/2013 12:35 PM, Alexander Bokovoy wrote:
On Wed, 19 Jun 2013, Aly Khimji wrote:
So as others have mentioned windows obviously isn't my area of focus
here
either, however we have this working with 2003r2, but I do notice odd
behaviour with "id" retu
hey guys,
so at this point in time we haven't been having any issues, but I am not
100% if the odd issues we have been having have been related to 2003 vs
2008 issue
when we joined our IPA server to the 2003r2 we got the following output
[root@didmsvrua01 ~]# ipa trust-add --type=ad corpnonprd.x
On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote:
> On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote:
> > Thank you for your response. As you suggested I
> > checked /etc/nsswitch.conf. ipa-client-automount left the line looking
> > like:
> >
> > automount: sss files
>
> If
Jakub Hrozek wrote:
On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote:
On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote:
Thank you for your response. As you suggested I
checked /etc/nsswitch.conf. ipa-client-automount left the line looking
like:
automount: sss files
If
On Wed, 19 Jun 2013, Aly Khimji wrote:
hey guys,
so at this point in time we haven't been having any issues, but I am not
100% if the odd issues we have been having have been related to 2003 vs
2008 issue
when we joined our IPA server to the 2003r2 we got the following output
[root@didmsvrua01
On 06/19/2013 06:47 PM, Alexander Bokovoy wrote:
> On Wed, 19 Jun 2013, Dmitri Pal wrote:
>> On 06/19/2013 12:35 PM, Alexander Bokovoy wrote:
>>> On Wed, 19 Jun 2013, Aly Khimji wrote:
So as others have mentioned windows obviously isn't my area of focus
here
either, however we have t
This may need to be passed upstream to the SSH maintainers or openssh folks,
but:
(Centos 6.4, ipa-client 3.0.0-26, openssh-5.3p1-84.1 )
IPA (sssd) when installed is to modify the /etc/ssh/ssh_config file, by adding
(at least) a line :
GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
D
Great
I basically said just advised that if they want to make all the IDM bells
and whistles work with AD and Elevated access they need to move on from a
2k3 as its just not being supported upstream really.
Thanks guys.
On Wed, Jun 19, 2013 at 3:24 PM, Ana Krivokapic wrote:
> On 06/19/2013
Thank you so much! A few questions below.
On Wednesday, June 19, 2013 08:46:06 Martin Kosek wrote:
> This is the migration plan that should work:
>
> 0) We have IPA server(s) of aging version (2.0 in your case)
>
> 1) On one of your servers, create a replica (ipa-replica-prepare) and copy
> the
Hello!
I'm working on trying to migrate users into FreeIPA 3.1.5 (Fedora 18) from
DS389 (CentOS 6) 1.2.2. I've enabled migration on DS389 and I'm attempting
to migrate a subset of people using:
ipa migrate-ds --user-container="ou=Systems &
Networking,ou=Personnel,dc=plu,dc=edu" --ignore* ldap://
Joshua J. Kugler wrote:
Thank you so much! A few questions below.
On Wednesday, June 19, 2013 08:46:06 Martin Kosek wrote:
This is the migration plan that should work:
0) We have IPA server(s) of aging version (2.0 in your case)
1) On one of your servers, create a replica (ipa-replica-prepar
On Wed, 2013-06-19 at 14:00 -0400, Rob Crittenden wrote:
> https://fedorahosted.org/freeipa/ticket/3733
>
> I guess I'd check the system logs to see if /home/local was attempted to
> be mounted at all. Does it exist on the NFS server?
>
> I find running automount in foreground mode with debuggi
So, first roadblock encountered.
One of the reasons we're migrating off of this machine (besides the fact that
it is OLD) is that root CA cert has expired (the one used by Tomcat), and so
far I haven't found any documentation on renewing it. Well that presents a
problem (see attached).
It can'
Hit more glitches. As to the expired CA cert, I set the clock back, then ran
ipa-replica-prepare. That got me the bundle.
Took that to the new one.
Tried running
ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg
But that gave me:
> Connection from replica to master i
OK, getting further. Turns out the admin password wasn't really reset when I
thought it was reset.
So, this command:
ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg
produces a bunch of encouraging output until it hits this:
Check SSH connection to remote master
Execut
El mié, 19-06-2013 a las 16:34 -0800, Joshua J. Kugler escribió:
[...]
> Remote master check failed with following error message(s):
> bash: /usr/sbin/ipa-replica-conncheck: No such file or directory
>
> Connection check failed!
> Please fix your network settings according to error messages abov
On Wednesday, June 19, 2013 16:34:31 Joshua J. Kugler wrote:
> Check SSH connection to remote master
> Execute check on remote master
>
> Remote master check failed with following error message(s):
> bash: /usr/sbin/ipa-replica-conncheck: No such file or directory
>
> Connection check failed!
> P
Thanks to all for the suggestions. Adding a "local" key to
"/etc/auto.home" resolved the problem:
[root@host ~]# ipa automountlocation-tofiles VM
/etc/auto.master:
/- /etc/auto.direct
/home /etc/auto.home
---
/etc/auto.direct:
/mnt/Shared -fstype=nfs4,sec=krb5p h
31 matches
Mail list logo
