[Freeipa-users] Trouble with replica install

2013-12-16 Thread Les Stott
Hi, Running ipa-server-3.0.0-37.el6.x86_64 on rhel6. Already setup master server, now trying to install replica (which I've done before and its worked fine). The replica install gets all the way to the end but errors out. For the most part, it looks like it is complete, but I want to be sure

Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Les Stott
Sorry, when I said selinux is in permissive mode, but it's the same as on the master server, so it should be the issue. It should have read as selinux is in permissive mode, but it's the same as on the master server, so it should NOT be the issue. Les From: freeipa-users-boun...@redhat.com

Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Petr Spacek
On 16.12.2013 10:55, Les Stott wrote: Sorry, when I said selinux is in permissive mode, but it's the same as on the master server, so it should be the issue. It should have read as selinux is in permissive mode, but it's the same as on the master server, so it should NOT be the issue. Les

Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Les Stott
Petr, The below was the error from apache error logs Apache logs the following error at the same time... [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: couldn't check access. No groups file?: /ipa/xml, referer: https://replica.mydomain.com/ipa/xml

Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Les Stott
Figured it out. Missing apache modules (not loaded). One of the following LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_alias_module

Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Alexander Bokovoy
On Mon, 16 Dec 2013, Les Stott wrote: Figured it out. Missing apache modules (not loaded). One of the following LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule

[Freeipa-users] FreeIPA integration with AIX and sudo

2013-12-16 Thread yves
Hi, I'm trying to integrate on AIX environment (as clients) a centralized authentication and authorization with freeipa, and using sudo also with sudo rules on freeipa. I followed several how-to and notes found by googeling, but still have problem with sudo. Everything is fine wiith root

[Freeipa-users] Replica master in strange state -- how to resolve?

2013-12-16 Thread Bret Wortman
I had a replica that was completely failing to respond to its clients, so I removed it by first running "ipa-replica-manage del" on the replica master, then "ipa-server-install -U --uninstall" on the replica. I regenereated the replica file and, upon trying to

Re: [Freeipa-users] FreeIPA integration with AIX and sudo

2013-12-16 Thread KodaK
I am an unfortunate AIX sufferer as well. I've gotten through setting this up. First, what version of sudo are you running on the AIX box? On Mon, Dec 16, 2013 at 8:46 AM, y...@degauquier.net wrote: Hi, I'm trying to integrate on AIX environment (as clients) a centralized authentication

Re: [Freeipa-users] FreeIPA integration with AIX and sudo

2013-12-16 Thread Yves Degauquier
Hi, I'm running the Sudo version 1.8.8 downloaded as RPM on http://www.oss4aix.org/download/RPMS/sudo/ Authentication is fine, but sudo is wrong. If in /etc/security/user for default stanza I don't mention SYSTEM = KRB5ALDAP registry = LDAP then when running sudo with a freeipa user it

Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Les Stott
Alexander, I think it was a case of a manually locked down (post install) system that had been previously built. The master was on a vm that was a newer build, but not done in the same way as the older server, so it had a more default out of the box configuration. At least now I now to check

[Freeipa-users] i could use some help with installing FreeIPA

2013-12-16 Thread Galen Brownsmith
My install fails on the invocation of pkispawn with a Socket Error in the pki-ca-spawn log ; anyone have any ideas? (It isn't the issue with special characters in the DM's password, as my Directory Manager and IPA Admin passwords may be 32 characters long, but only contain [A-Za-z0-9_] )

Re: [Freeipa-users] i could use some help with installing FreeIPA

2013-12-16 Thread Dmitri Pal
On 12/16/2013 06:46 PM, Galen Brownsmith wrote: My install fails on the invocation of pkispawn with a Socket Error in the pki-ca-spawn log ; anyone have any ideas? (It isn't the issue with special characters in the DM's password, as my Directory Manager and IPA Admin passwords may be 32

Re: [Freeipa-users] i could use some help with installing FreeIPA

2013-12-16 Thread Rob Crittenden
Dmitri Pal wrote: On 12/16/2013 06:46 PM, Galen Brownsmith wrote: My install fails on the invocation of pkispawn with a Socket Error in the pki-ca-spawn log ; anyone have any ideas? (It isn't the issue with special characters in the DM's password, as my Directory Manager and IPA Admin

Re: [Freeipa-users] Replica master in strange state -- how to resolve?

2013-12-16 Thread Rob Crittenden
Dmitri Pal wrote: On 12/16/2013 10:40 AM, Bret Wortman wrote: I had a replica that was completely failing to respond to its clients, so I removed it by first running ipa-replica-manage del on the replica master, then ipa-server-install -U --uninstall on the replica. I regenereated the replica