Re: [Freeipa-users] DNS configuration

2014-12-09 Thread Petr Spacek
On 8.12.2014 20:27, Matthew Herzog wrote: OK, I found the generated zoe file in /tmp and it looks sane. Should I add those lines of config to our DNS servers? Yes, exactly. After that you can proceed with AD trust establishment. BTW ipa-server-install tells you where the file with message:

Re: [Freeipa-users] one step away from having freeipa work with vsphere ldap

2014-12-09 Thread Martin Kosek
On 12/07/2014 07:29 PM, Gianluca Cecchi wrote: On Sun, Dec 7, 2014 at 3:44 PM, Gianluca Cecchi gianluca.cec...@gmail.com wrote: Hello, I'm quite near to have users and groups working using ipa 3.3 as in CentOS 7 as this gives ability to do binds against compat tree. This is with the use of

Re: [Freeipa-users] vSphere 5.1 and FreeIPA 3.3 on CentOS 7 finally works! [How I did it...]

2014-12-09 Thread Petr Spacek
On 9.12.2014 02:43, Dmitri Pal wrote: On 12/08/2014 06:50 PM, Gianluca Cecchi wrote: On Mon, Dec 8, 2014 at 7:17 PM, Gianluca Cecchi gianluca.cec...@gmail.com mailto:gianluca.cec...@gmail.com wrote: OK. I will check requirements to write into The wiki When I try to login with my

Re: [Freeipa-users] Problem adding group after update IPA from CentOS 6.6 to 7.0

2014-12-09 Thread Martin Kosek
On 12/08/2014 04:17 PM, Gianluca Cecchi wrote: On Mon, Dec 8, 2014 at 3:47 PM, Gianluca Cecchi gianluca.cec...@gmail.com wrote: Hello, I followed the guide here to migrate IPA from CentOS 6.6 to CentOS 7.0:

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

2014-12-09 Thread Martin Kosek
On 12/07/2014 03:01 PM, Niranjan M.R wrote: On 12/06/2014 12:24 AM, Dmitri Pal wrote: Hello, WE NEED HELP! The biggest and the most interesting feature of FreeIPA 4.1.2 is support for the two factor authentication using HOTP/TOTP compatible software tokens like FreeOTP (open source

Re: [Freeipa-users] one step away from having freeipa work with vsphere ldap

2014-12-09 Thread Martin Kosek
On 12/09/2014 10:05 AM, Martin Kosek wrote: On 12/07/2014 07:29 PM, Gianluca Cecchi wrote: On Sun, Dec 7, 2014 at 3:44 PM, Gianluca Cecchi gianluca.cec...@gmail.com wrote: Hello, I'm quite near to have users and groups working using ipa 3.3 as in CentOS 7 as this gives ability to do binds

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

2014-12-09 Thread thierry bordaz
Hello, Niranjan, may I have access to your test machine. thanks theirry On 12/09/2014 10:01 AM, Martin Kosek wrote: On 12/07/2014 03:01 PM, Niranjan M.R wrote: On 12/06/2014 12:24 AM, Dmitri Pal wrote: Hello, WE NEED HELP! The biggest and the most interesting feature of FreeIPA 4.1.2 is

Re: [Freeipa-users] DNS configuration

2014-12-09 Thread Lukas Slebodnik
On (08/12/14 14:26), Dmitri Pal wrote: On 12/08/2014 02:10 PM, Matthew Herzog wrote: Here are some errors I'm seeing on the client. tail -f sssd_lnx.e-bozo.com.log (Mon Dec 8 14:03:20 2014) [sssd[be[lnx.e-bozo.com http://lnx.e-bozo.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x1e72ad0 (Mon Dec

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

2014-12-09 Thread Martin Kosek
On 12/09/2014 10:48 AM, Niranjan M.R wrote: On 12/09/2014 02:57 PM, thierry bordaz wrote: Hello, Niranjan, may I have access to your test machine. It's a vm on my laptop. I am trying to reproduce on another VM to which i can give access. I will provide the details of this VM as soon as

Re: [Freeipa-users] vSphere 5.1 and FreeIPA 3.3 on CentOS 7 finally works! [How I did it...]

2014-12-09 Thread Martin Kosek
On 12/09/2014 12:50 AM, Gianluca Cecchi wrote: On Mon, Dec 8, 2014 at 7:17 PM, Gianluca Cecchi gianluca.cec...@gmail.com wrote: OK. I will check requirements to write into The wiki When I try to login with my Fedora OpenID account and choose as nickname my real name and press login

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

2014-12-09 Thread thierry bordaz
On 12/09/2014 10:48 AM, Niranjan M.R wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/09/2014 02:57 PM, thierry bordaz wrote: Hello, Niranjan, may I have access to your test machine. It's a vm on my laptop. I am trying to reproduce on another VM to which i can give access. I will

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

2014-12-09 Thread Martin Kosek
On 12/09/2014 11:15 AM, thierry bordaz wrote: On 12/09/2014 10:48 AM, Niranjan M.R wrote: On 12/09/2014 02:57 PM, thierry bordaz wrote: Hello, Niranjan, may I have access to your test machine. It's a vm on my laptop. I am trying to reproduce on another VM to which i can give access. I will

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread thierry bordaz
On 12/09/2014 01:54 PM, chymian wrote: hey people, after a successful install of ipa 4.0.5-2 on jessie, the named services started flawless during setup. see attached log, Installation summary (line 3107) but after reboot, it refuses to start. (did this install a couple times, on vanilla

Re: [Freeipa-users] can't register new clients

2014-12-09 Thread Megan .
Everything looks ok. Our Networks team only opened 443 from the client to the server. is 80 required to be open too for registration? 80 is a lot harder for me to request on our network. I think I might have found the issue. Maybe it can't verify the CA because its pointing to port 80, and 80

Re: [Freeipa-users] can't register new clients

2014-12-09 Thread Rob Crittenden
Megan . wrote: Everything looks ok. Our Networks team only opened 443 from the client to the server. is 80 required to be open too for registration? 80 is a lot harder for me to request on our network. I think I might have found the issue. Maybe it can't verify the CA because its

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread Rich Megginson
On 12/09/2014 06:10 AM, thierry bordaz wrote: On 12/09/2014 01:54 PM, chymian wrote: hey people, after a successful install of ipa 4.0.5-2 on jessie, the named services started flawless during setup. see attached log, Installation summary (line 3107) but after reboot, it refuses to start.

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

2014-12-09 Thread Niranjan M.R
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/09/2014 03:22 PM, Martin Kosek wrote: On 12/09/2014 10:48 AM, Niranjan M.R wrote: On 12/09/2014 02:57 PM, thierry bordaz wrote: Hello, Niranjan, may I have access to your test machine. It's a vm on my laptop. I am trying to reproduce on

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread Ade Lee
On Tue, 2014-12-09 at 13:54 +0100, chymian wrote: hey people, after a successful install of ipa 4.0.5-2 on jessie, the named services started flawless during setup. see attached log, Installation summary (line 3107) but after reboot, it refuses to start. (did this install a couple times,

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

2014-12-09 Thread thierry bordaz
On 12/09/2014 11:15 AM, thierry bordaz wrote: On 12/09/2014 10:48 AM, Niranjan M.R wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/09/2014 02:57 PM, thierry bordaz wrote: Hello, Niranjan, may I have access to your test machine. It's a vm on my laptop. I am trying to reproduce on

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

2014-12-09 Thread thierry bordaz
On 12/09/2014 04:07 PM, thierry bordaz wrote: On 12/09/2014 11:15 AM, thierry bordaz wrote: On 12/09/2014 10:48 AM, Niranjan M.R wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/09/2014 02:57 PM, thierry bordaz wrote: Hello, Niranjan, may I have access to your test machine. It's

Re: [Freeipa-users] CA Replication Installation Failing

2014-12-09 Thread Ade Lee
On Tue, 2014-12-09 at 07:48 +, Les Stott wrote: __ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Tuesday, December 09, 2014 3:49 PM To:

[Freeipa-users] SUDO options on freeipa

2014-12-09 Thread William Muriithi
Afternoon  ‎ I have the following commands and I need to set up for Jenkins to run through sudo.  For this to work, I need to add two sudo options, no password and no requiretty Is this something supported by IPA version ipa-server-3.3.3-28.el7_0.3.x86_64 ?  I can't seem to get it working and

Re: [Freeipa-users] SUDO options on freeipa

2014-12-09 Thread Rob Crittenden
William Muriithi wrote: Afternoon ‎ I have the following commands and I need to set up for Jenkins to run through sudo. For this to work, I need to add two sudo options, no password and no requiretty Is this something supported by IPA version ipa-server-3.3.3-28.el7_0.3.x86_64 ? I

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread chymian
Am Dienstag, 9. Dezember 2014, 14:10:48 schrieb thierry bordaz: On 12/09/2014 01:54 PM, chymian wrote: hey people, after a successful install of ipa 4.0.5-2 on jessie, the named services started flawless during setup. see attached log, Installation summary (line 3107) but after

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread chymian
Am Dienstag, 9. Dezember 2014, 09:49:04 schrieb Ade Lee: On Tue, 2014-12-09 at 13:54 +0100, chymian wrote: hey people, after a successful install of ipa 4.0.5-2 on jessie, the named services started flawless during setup. see attached log, Installation summary (line 3107) but after

[Freeipa-users] Change default password expiry date

2014-12-09 Thread Thomas Lau
Hi All, FreeIPA Default is using 60days password expiry, how could I change it? Also, for existing accounts, can I just change krbPasswordExpiration on LDAP? anywhere else I need to change? do I need to generate keytab on Kerberos to activate new expiry date? -- Manage your subscription for

Re: [Freeipa-users] Change default password expiry date

2014-12-09 Thread Dmitri Pal
On 12/09/2014 08:43 PM, Thomas Lau wrote: Hi All, FreeIPA Default is using 60days password expiry, how could I change it? You go to password policies and change the global password policy. You change MAX lifetime. This is a global setting it will apply to new passwords/keytabs when they are

[Freeipa-users] change directory manager password

2014-12-09 Thread Thomas Lau
Hi All, Does anyone know to change directory manager password? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] change directory manager password

2014-12-09 Thread Thomas Lau
By the way, if I change Directory manager password, do I need to do anything else for replication cluster? On Wed, Dec 10, 2014 at 10:45 AM, Thomas Lau t...@tetrioncapital.com wrote: Hi All, Does anyone know to change directory manager password? -- Thomas Lau Director of Infrastructure

Re: [Freeipa-users] change directory manager password

2014-12-09 Thread Rich Megginson
On 12/09/2014 07:46 PM, Thomas Lau wrote: By the way, if I change Directory manager password, do I need to do anything else for replication cluster? http://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html Unless you are using directory manager for replication (please tell me

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread günter
Am Dienstag, 9. Dezember 2014, 07:26:35 schrieb Rich Megginson: On 12/09/2014 06:10 AM, thierry bordaz wrote: On 12/09/2014 01:54 PM, chymian wrote: hey people, after a successful install of ipa 4.0.5-2 on jessie, the named services started flawless during setup. see

Re: [Freeipa-users] change directory manager password

2014-12-09 Thread Simo Sorce
On Tue, 09 Dec 2014 20:33:32 -0700 Rich Megginson rmegg...@redhat.com wrote: On 12/09/2014 07:46 PM, Thomas Lau wrote: By the way, if I change Directory manager password, do I need to do anything else for replication cluster?

Re: [Freeipa-users] CA Replication Installation Failing

2014-12-09 Thread Les Stott
-Original Message- From: Ade Lee [mailto:a...@redhat.com] Sent: Wednesday, 10 December 2014 5:05 AM To: Les Stott Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] CA Replication Installation Failing On Tue, 2014-12-09 at 07:48 +, Les Stott wrote:

Re: [Freeipa-users] change directory manager password

2014-12-09 Thread Thomas Lau
Hi All, So I am using FreeIPA 3.3.3, when I change password on one IPA host, the other clusters will in sync with the change or I need to do it one by one manually? On Wed, Dec 10, 2014 at 12:03 PM, Simo Sorce s...@redhat.com wrote: On Tue, 09 Dec 2014 20:33:32 -0700 Rich Megginson