Re: [Freeipa-users] DNS updates from dhcpd refused

On 13.1.2015 21:25, Dmitri Pal wrote: > On 01/13/2015 01:41 PM, Mike wrote: >> On Tue, 13 Jan 2015, Dmitri Pal wrote: >> >>> On 01/13/2015 12:35 PM, Mike wrote: Just a note to anyone else who may be interested. This may be obvious but it wasn't to me at first, The "ipa dnszone-mod

Re: [Freeipa-users] Can I revert back the hostname on client

Hello, On 14.1.2015 06:13, Rakesh Rajasekharan wrote: > Freeipa changes the hostname to FQDN. But in our exisitng set up that can > cause issues . Could you be more specific? It would help if we had detailed bug reports about this but up to know everybody just said 'I need non-FQDN hostname' but

[Freeipa-users] SASL GSSAPI behavior change in RHEL 7

This is not exactly the right place to post this message, but I reckon it is close enough. A year or so ago, I wrote up a guide for configuring a Postfix client to use Kerb/GSSAPI to authenticate against a Postfix server acting as a relay. The guide is here: https://stomp.colorado.edu/blog/blo

Re: [Freeipa-users] invalid cn=CACert,cn=ipa,cn=etc entry

On 01/13/2015 04:53 PM, Bram Vandoren wrote: > Hi All, > We run a FreeIPA server (3.0.0) on SL6. Fedora 21 clients are unable to > complete freeipa-client-install. It fails due to a parsing error of the CA > certificate. I tracked down the error and it seems our cn=CACert,cn=ipa,cn=etc > entry is i

Re: [Freeipa-users] Issues with new install - Configuration of CA failed

On 01/13/2015 09:06 PM, Megan . wrote: > I am having a very difficult time getting the ipa server installed on > our test server. > > > > CentOS release 6.6 (Final) > Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17 > 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > > ip

Re: [Freeipa-users] I think I trashed my FreeIPA CA - how to recover?

Hi Martin, thanks for your response! >> What I realize now is the certificate CRL points to the server that no >> longer exists and I'd like to get that cleaned up. I found >> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master >>

Re: [Freeipa-users] Password policy for admin account not working

Thank you Rob. That makes sense but I could have sworn I changed the policy before expiration. Resetting it did indeed resolve the issue though. Sorry for the headache. On Mon, 1/12/15, Rob Crittenden wrote: Subject: Re: [Freeipa-users] Password pol

[Freeipa-users] FreeIPA 4.1, OSX 10.9 and secondary groups

Hola, This is a response to: https://www.redhat.com/archives/freeipa-users/2014-October/msg00126.html Scott, maybe you already found the solution, but I've been banging my head with the same problem, albeit with a newer version of FreeIPA and OSX. I used this excellent howto to get started: http:

Re: [Freeipa-users] Can I revert back the hostname on client

On 01/14/2015 03:38 AM, Petr Spacek wrote: Hello, On 14.1.2015 06:13, Rakesh Rajasekharan wrote: Freeipa changes the hostname to FQDN. But in our exisitng set up that can cause issues . Could you be more specific? It would help if we had detailed bug reports about this but up to know everybody

Re: [Freeipa-users] FreeIPA 4.1, OSX 10.9 and secondary groups

On 01/14/2015 01:11 PM, Ejner Fergo wrote: Hola, This is a response to: https://www.redhat.com/archives/freeipa-users/2014-October/msg00126.html Scott, maybe you already found the solution, but I've been banging my head with the same problem, albeit with a newer version of FreeIPA and OSX. I

[Freeipa-users] Broken krb5.conf after ipa-server-install

After running ipa-server-install like this: ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat /etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt --dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXX --http_pkcs12=nwra.com.p12 --http_pin=XXX --idstart=8000 I'm not configuring b

Re: [Freeipa-users] Broken krb5.conf after ipa-server-install

On 01/14/2015 04:04 PM, Orion Poplawski wrote: After running ipa-server-install like this: ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat /etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt --dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXX --http_pkcs12=nwra.com.p12 --h

Re: [Freeipa-users] Broken krb5.conf after ipa-server-install

On Wed, 14 Jan 2015, Orion Poplawski wrote: After running ipa-server-install like this: ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat /etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt --dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXX --http_pkcs12=nwra.com.p12 --http

Re: [Freeipa-users] Mount cifs share using kerberos

2015-01-12 10:13 GMT+01:00 Alexander Bokovoy : > On Mon, 12 Jan 2015, John Obaterspok wrote: > >> 2015-01-11 16:33 GMT+01:00 Jakub Hrozek : >> >> On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote: >>> > 2015-01-10 13:32 GMT+01:00 Gianluca Cecchi >> >: >>> > >>> > > To get the whole

Re: [Freeipa-users] Mount cifs share using kerberos

On Wed, 14 Jan 2015, John Obaterspok wrote: 2015-01-12 10:13 GMT+01:00 Alexander Bokovoy : On Mon, 12 Jan 2015, John Obaterspok wrote: 2015-01-11 16:33 GMT+01:00 Jakub Hrozek : On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote: > 2015-01-10 13:32 GMT+01:00 Gianluca Cecchi : >

Re: [Freeipa-users] Redhat/Centos iDM 3.0 to 3.1 upgrade fail

Hi, I need some information from you. Which versions of the PKI packages that you are using on the CentOS 6.6 and 7.0 machines? Could you email me the PKI CA debug logs (/var/log/pki-ca/debug or /var/log/pki/pki-tomcat/ca/debug) from both machines? There's a possibility it may be related to

[Freeipa-users] FreeIPA for Debian Wheezy, Ubuntu 12.04

Hi List Please is it really possible to have Debian and Ubuntu serve as IPA clients? I've tried some instructions/guidelines on the list and they always fail with the IPA client install being halfway completed and sssd's configuration file moved to .deleted. I'm really interested in getting this t

[Freeipa-users] Problems with ntpd when running FreeIPA in a Docker container

Hi, I'm running into a strange problem related to ntpd when trying to use IPA in a container. I'm using the adelton/freeipa-server:fedora-21 and adelton/freeipa-client:fedora-21 docker images. Basically, the client install hangs when it runs ntpd. This is reproducible on two different docker ho