Re: [Freeipa-users] Radius schema addition to default user objectclasses in FreeIPA 4.1

2014-10-29 Thread Orkhan Gasimov
One last question: if I'm using 2 FreeIPA servers in a multi-master replication scenario, should I add the radiusschema.ldif file on both servers? Or it's sufficient to add it on just one server? 29-Oct-14 09:50, Orkhan Gasimov пишет: I solved the problem. I tried to add my radiusschema.ldif

Re: [Freeipa-users] Question About Properly Configuring DNS

2014-10-29 Thread Petr Spacek
On 27.10.2014 19:15, Simo Sorce wrote: On Mon, 27 Oct 2014 17:50:13 + Trevor T Kates (Services - 6) trevor.t.ka...@dom.com wrote: -Original Message- From: Simo Sorce [mailto:s...@redhat.com] Sent: Monday, October 27, 2014 12:30 PM To: Trevor T Kates (Services - 6) Cc:

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-29 Thread Martin Basti
On 28/10/14 20:54, Michael Lasevich wrote: I have a pair of servers that were both installed on clean Fedora20 4.0.1 from pviktori copr repo and then upgraded from mkosek to 4.1 During update, secondary was done first and worked but primary run into trouble as described Looking under

Re: [Freeipa-users] Radius schema addition to default user objectclasses in FreeIPA 4.1

2014-10-29 Thread Orkhan Gasimov
I checked myself on test VMs. It's enough to add Radius schema to one FreeIPA server and issue ipactl restart on another. 29-Oct-14 10:16, Orkhan Gasimov пишет: One last question: if I'm using 2 FreeIPA servers in a multi-master replication scenario, should I add the radiusschema.ldif file on

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread John Obaterspok
Hello, I might be interested in this as well. Does this mean it would be possible for a windows client to access samba FS through IPA provided credentials? Currently my Windows PC gets IPA ticket (through MIT kerberos application) and can use this ticket to login to Linux server via putty. I

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread Dmitri Pal
On 10/29/2014 08:15 AM, John Obaterspok wrote: Hello, I might be interested in this as well. Does this mean it would be possible for a windows client to access samba FS through IPA provided credentials? Currently my Windows PC gets IPA ticket (through MIT kerberos application) and can use

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Petr Spacek
On 28.10.2014 18:42, Rob Verduijn wrote: before the update its 4.5-1.fc20.x86_64.rpm from fedora 20 updates repo after the update its 6.0-5.fc20.x86_64.rpm from copr repo Regards Rob 2014-10-28 17:58 GMT+01:00 Martin Basti mba...@redhat.com: On 28/10/14 16:10, Rob Verduijn wrote: Hello

Re: [Freeipa-users] Synchronization Agreements between FreeIPA and AD

2014-10-29 Thread Сапегин Валерий
Yes Dmitri, ldapsearch works good: [root@ipa ~]# LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-TEST-CSBI-ITS-RU/ ldapsearch -xLLL -ZZ -h csbi-it-dc01.csbigroup.ru -D cn=ipa-test,cn=users,dc=csbigroup,dc=ru -w t -s base -b cn=users,dc=csbigroup,dc=ru dn: cn=users,dc=csbigroup,dc=ru objectClass: top

Re: [Freeipa-users] 389 DS admin consoles

2014-10-29 Thread Rob Crittenden
Craig White wrote: *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Rich Megginson *Sent:* Tuesday, October 28, 2014 3:02 PM *To:* freeipa-users@redhat.com *Subject:* Re: [Freeipa-users] 389 DS admin consoles On 10/28/2014 02:45 PM,

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
Hello, I've checked and I see a lot of objects representing my dns entries. Still I get no answers if i try to resolve any of them :( Rob 2014-10-29 13:28 GMT+01:00 Petr Spacek pspa...@redhat.com: On 28.10.2014 18:42, Rob Verduijn wrote: before the update its 4.5-1.fc20.x86_64.rpm from

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Petr Spacek
On 29.10.2014 14:32, Rob Verduijn wrote: I've checked and I see a lot of objects representing my dns entries. Still I get no answers if i try to resolve any of them :( Are you running ldapsearch with *exactly* same credentials as you have in /etc/named.conf? Could you post dynamic-db

Re: [Freeipa-users] Synchronization Agreements between FreeIPA and AD

2014-10-29 Thread Rich Megginson
On 10/29/2014 03:19 AM, Сапегин Валерий wrote: Yes Dmitri, ldapsearch works good: [root@ipa ~]# LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-TEST-CSBI-ITS-RU/ ldapsearch -xLLL -ZZ -h csbi-it-dc01.csbigroup.ru http://csbi-it-dc01.csbigroup.ru -D cn=ipa-test,cn=users,dc=csbigroup,dc=ru -w t -s

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
You're right duh I should read more carefully and not try to do to many things at once. when using the dns principal and keytab the entries are not found. How do i fix the access controll instructions ? I can revert back easely and try a different aproach for the upgrade if you know one (I

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Martin Basti
On 29/10/14 15:46, Rob Verduijn wrote: You're right duh I should read more carefully and not try to do to many things at once. when using the dns principal and keytab the entries are not found. How do i fix the access controll instructions ? I can revert back easely and try a different

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Martin Basti
On 29/10/14 15:56, Martin Basti wrote: On 29/10/14 15:46, Rob Verduijn wrote: You're right duh I should read more carefully and not try to do to many things at once. when using the dns principal and keytab the entries are not found. How do i fix the access controll instructions ? I can

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Martin Basti
On 29/10/14 16:13, Martin Basti wrote: On 29/10/14 15:56, Martin Basti wrote: On 29/10/14 15:46, Rob Verduijn wrote: You're right duh I should read more carefully and not try to do to many things at once. when using the dns principal and keytab the entries are not found. How do i fix the

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
Hello, # ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update fixes the problem. I can resolv my internal dns zones again :-) Many thanx. Since this problem happened every time I tried to update the freeipa server. I could re-run the update with some debug options if you like so you

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Martin Basti
On 29/10/14 16:46, Rob Verduijn wrote: Hello, # ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update fixes the problem. I can resolv my internal dns zones again :-) Many thanx. Since this problem happened every time I tried to update the freeipa server. I could re-run the update

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
Hello again, I jumped to early. # ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update didn't work but ipa-ldap-updater fixes the problem for me. Rob 2014-10-29 16:55 GMT+01:00 Martin Basti mba...@redhat.com: On 29/10/14 16:46, Rob Verduijn wrote: Hello, # ipa-ldap-updater

Re: [Freeipa-users] FreeIPA 3.3.3-28 Integration with Samba 4.1.1-37 Problems

2014-10-29 Thread Clint Savage
Interestingly enough, I have almost the same setup here. I did an ipa-server install, then did ipa-adtrust-install. Afterward, I went through and grabbed the configs with 'net conf list' and modified it to use my shares. This one is just my testing, but the production one works perfectly! How

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Petr Spacek
On 29.10.2014 16:46, Rob Verduijn wrote: Hello, # ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update fixes the problem. I can resolv my internal dns zones again:-) Many thanx. Since this problem happened every time I tried to update the freeipa server. I could re-run the update

Re: [Freeipa-users] getent passwd / group [SOLVED]

2014-10-29 Thread Craig White
-Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Tuesday, October 28, 2014 5:34 PM To: Craig White; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] getent passwd / group [SOLVED] Craig White wrote: *From:*Dmitri Pal

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread Loris Santamaria
El jue, 23-10-2014 a las 12:32 +0200, Sumit Bose escribió: On Tue, Oct 21, 2014 at 07:49:11AM -0430, Loris Santamaria wrote: El lun, 20-10-2014 a las 21:19 -0400, Dmitri Pal escribió: On 10/20/2014 09:15 AM, Loris Santamaria wrote: [...] Trying to join the server to the

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread John Obaterspok
Hello, I've tried this as well. My IPA is not connected to an AD. My smb.conf looks almost the same. The differences are: - I got the default workgroup set (MY or something) - No FILE:/ prefix for keytab file I had the samba and ipserver on the same box so I just had to add the cifs server and

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread Loris Santamaria
El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió: Hello, I've tried this as well. My IPA is not connected to an AD. My smb.conf looks almost the same. The differences are: - I got the default workgroup set (MY or something) - No FILE:/ prefix for keytab file I had the

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
Hello, I've tested the update again. The bind-utils conflict is still there when I issue yum update freeipa-server ( as indicated on the freeipa 4.1 download page http://www.freeipa.org/page/Downloads#Upgrading ) 'yum update' works fine My internal zones didn't resolv after the update

Re: [Freeipa-users] getent passwd / group [SOLVED]

2014-10-29 Thread Dmitri Pal
On 10/29/2014 02:40 PM, Craig White wrote: -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Tuesday, October 28, 2014 5:34 PM To: Craig White; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] getent passwd / group [SOLVED] Craig White

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread Dmitri Pal
On 10/29/2014 05:01 PM, Loris Santamaria wrote: El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió: Hello, I've tried this as well. My IPA is not connected to an AD. My smb.conf looks almost the same. The differences are: - I got the default workgroup set (MY or something) - No

Re: [Freeipa-users] getent passwd / group [SOLVED]

2014-10-29 Thread Rich Megginson
On 10/29/2014 06:45 PM, Dmitri Pal wrote: On 10/29/2014 02:40 PM, Craig White wrote: -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Tuesday, October 28, 2014 5:34 PM To: Craig White; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users]

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread Loris Santamaria
El mié, 29-10-2014 a las 20:49 -0400, Dmitri Pal escribió: On 10/29/2014 05:01 PM, Loris Santamaria wrote: El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió: Hello, I've tried this as well. My IPA is not connected to an AD. My smb.conf looks almost the same. The

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-29 Thread Michael Lasevich
Maybe I should not be doing this late at night, but I cannot find cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config anywhere. -M On 10/29/14, 3:03 AM, Martin Basti wrote: On 28/10/14 20:54, Michael Lasevich wrote: I have a pair of servers that were both installed on clean Fedora20 4.0.1