Hi Traiano,
I think it really needs quite some memory (I think it's the SELinux
setboolean part); In my case, I ran some initial configuration tests on
virtual machines (configured initially with just around 512MB mem), and
had to increase to close to 800MB for the config setup scripts to run
Hi all,
I tried to do single sign on for FreeIPa Web UI according to "4.3.3.
Configuring the Browser"
I did browser side and then turn back to server side. And run those command:
# scp /etc/krb5.conf r...@externalmachine.example.com:/etc/krb5_ipa.conf
and
vim /etc/httpd/conf.d/ipa.conf
and c
On Wed, Sep 10, 2014 at 08:19:15AM +0200, Gregor Bregenzer wrote:
> Hello Sumit,
> i think maybe there is a different problem i just discovered by
> accident. As stated in the first email, i have an AD trust with
> FreeIPA that receives all POSIX attributes from AD, but i get
> different values:
>
Hello Tevfik,
comments inline
On 11.9.2014 12:24, Tevfik Ceydeliler wrote:
Hi all,
I tried to do single sign on for FreeIPa Web UI according to "4.3.3.
Configuring the Browser"
I did browser side and then turn back to server side. And run those
command:
# scp /etc/krb5.conf r...@externalmachi
hi,
thnx for comment.
I really dont care sibgle sign on or something like that now :)
All I want I try to get back my ipa server :)
I check IPA status and :
[root@srv httpd]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Serv
Hello Sumit!
Ah, thanks alot! I was wondering why this worked on the FreeIPA server
(ipa1.linux.intern), but there i have SSSD 1.12. I will try with a
newer client on another client and join the FreeIPA domain.
About the original UID change problem: i will try that again and post
the correct logfi
Thanks for your responses Alexander, Dimitri and Gerardo. It appears
further debugging will be unnecessary: I reinstalled on RHEL 7 and the
trust established without issue:
[root@kwtpocidm001 ~]# ipa trust-add --type=ad mhatest.local --admin
Administrator --password
Active directory domain a
Sounds like a job for Puppet.
On Wed, Sep 10, 2014 at 7:58 PM, Dmitri Pal wrote:
> On 09/10/2014 07:49 PM, William Graboyes wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> Hi Dimitri,
>>
>> Yeah just the logo should do, I believe I found it at
>> `/usr/share/ipa/ui/images/ip
Hi,
My bind server refuses to start. I get the following:
Sep 11 14:14:40 orpst named-sdb[4343]: generating session key for dynamic DNS
Sep 11 14:14:40 orpst named-sdb[4343]: sizing zone task pool based on 6 zones
Sep 11 14:14:40 orpst named-sdb[4343]: set up managed keys zone for view
_default,
Hi List
I'm currently working through the IPAv3 AD integration document at:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup
I've managed to establish a trust between the IdM and the AD server.
However, when I run the command:
---
[root@kwtpocidm001 ~]# ipa trustdomain-fetch "mhatest.loc
On Thu, 11 Sep 2014, Traiano Welcome wrote:
Hi List
I'm currently working through the IPAv3 AD integration document at:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup
I've managed to establish a trust between the IdM and the AD server.
However, when I run the command:
---
[root@kwtpo
On Wed, Sep 10, 2014 at 09:58:27PM +, Trevor T Kates (Services - 6) wrote:
> Hi all:
>
> I'm using FreeIPA 3.0 under CentOS 6.5 and I'm trying to solve a bit of a
> quirky
> problem. From what I've read thus far, sudo under SSSD can't provide sudo
> rules
> for local users that are not part
On Thu, Sep 11, 2014 at 6:06 PM, Traiano Welcome wrote:
> Hi Alexander
>
>
>
> On Thu, Sep 11, 2014 at 4:38 PM, Alexander Bokovoy
> wrote:
>
>> On Thu, 11 Sep 2014, Traiano Welcome wrote:
>>
>>> Hi List
>>>
>>> I'm currently working through the IPAv3 AD integration document at:
>>>
>>> http://ww
On 11.9.2014 14:20, Renier Gertzen wrote:
Hi,
My bind server refuses to start. I get the following:
Sep 11 14:14:40 orpst named-sdb[4343]: generating session key for dynamic DNS
Sep 11 14:14:40 orpst named-sdb[4343]: sizing zone task pool based on 6 zones
Sep 11 14:14:40 orpst named-sdb[4343]: s
On Thu, 11 Sep 2014, Traiano Welcome wrote:
This one is not usable. You need to enable debugging on the server side.
See http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
Debugging_trust
in the part where it talks about /usr/share/ipa/smb.conf.empty.
I've attached the debug logs, I'd be
On 11.9.2014 13:36, Tevfik Ceydeliler wrote:
hi,
thnx for comment.
I really dont care sibgle sign on or something like that now :)
All I want I try to get back my ipa server :)
I check IPA status and :
[root@srv httpd]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Servic
If I remember correctly, you could not use SAN (Subject Alternate Names)
for certificates in FreeIPA 3.0 - is this still the case with 4?
I have hosts that automatically receive two hostnames, a long proper name
(like "service-i-12345678") and a simpler cname based on an index for ease
of access (
Hi:
i set max life no expiry already but still pomt reset password every 3
month
any idea to disable it ??? what happening
Regards
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the
Yes I can use ipa on cli
On 11-09-2014 20:17, Petr Vobornik wrote:
On 11.9.2014 13:36, Tevfik Ceydeliler wrote:
hi,
thnx for comment.
I really dont care sibgle sign on or something like that now :)
All I want I try to get back my ipa server :)
I check IPA status and :
[root@srv httpd]# ipactl
19 matches
Mail list logo