-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Saturday, 7 February 2015 1:40 AM
To: Les Stott; freeipa-users@redhat.com; Matthew Harmsen; Endi Dewata
Subject: Re: [Freeipa-users] bug in pki during install of CA replica and
workaround/solution
On
Matt Wells wrote:
I've seen many links and conversations about migrating from 3.X to 4.X;
some with migrate-ds but nothing that said I did it and it worked.
Perhaps my Google-Fu is failing me.
So I thought I'd ask here, has anyone fully migrated? Systems, SSL
certs, sudo and everything?
-Original Message-
From: Endi Sukma Dewata [mailto:edew...@redhat.com]
Sent: Saturday, 7 February 2015 1:53 AM
To: Martin Kosek; Les Stott; freeipa-users@redhat.com; Matthew Harmsen
Subject: Re: [Freeipa-users] bug in pki during install of CA replica and
workaround/solution
On
Hello,
My IPA servers are currently saying:
Failed to get data from 'hostname.lan': Invalid credentials SASL(-13):
authentication failure: GSSAPI Failure: gss_accept_sec_context
tail -f /var/log/dirsrv/slapd-HOSTNAME-LAN/errors
[06/Feb/2015:21:42:41 -0500] slapd_ldap_sasl_interactive_bind -
On Fri, Feb 06, 2015 at 03:30:34PM +0100, Martin Kosek wrote:
On 02/06/2015 12:53 AM, Christopher Young wrote:
Obvious next question: Any plans to implement that functionality or advice
on how one might get some level of functionality for this? Would it be
possible to create another
I did a bit more digging into the issue, and realized that the ruv-id of
ipa2 is different on only one of the servers of the 3. I am imaging I will
need to run clean-ruv on inconsistent node.
Bryan
On Fri, Feb 6, 2015 at 10:11 PM, Bryan Pearson bwp.pear...@gmail.com
wrote:
Hello,
My IPA
On Friday, February 06, 2015 05:14:57 PM Rob Crittenden wrote:
Matt Wells wrote:
I've seen many links and conversations about migrating from 3.X to 4.X;
some with migrate-ds but nothing that said I did it and it worked.
Perhaps my Google-Fu is failing me.
So I thought I'd ask
I've seen many links and conversations about migrating from 3.X to 4.X;
some with migrate-ds but nothing that said I did it and it worked.
Perhaps my Google-Fu is failing me.
So I thought I'd ask here, has anyone fully migrated? Systems, SSL certs,
sudo and everything? What resources did you
On Thu, 05 Feb 2015, Nicolas Zin wrote:
Hi,
is it possible to create a one way AD trust relationship with FreeIPA/IDM 3.3?
No.
- From Windows I created an incoming one-way trust relationship, with a
trust-secret
- on Linux I use the trust-secret with ipa: ipa trust-add --type=ad
On Thu, 05 Feb 2015, Guertin, David S. wrote:
I'm trying to set up a trust between IPA and Active Directory, and it
keeps failing. The problem is the same as this one
(https://www.redhat.com/archives/freeipa-users/2014-April/msg00039.html),
but the solution is not. In that case, it was solved by
On Fri, Feb 06, 2015 at 10:16:37AM +0200, Alexander Bokovoy wrote:
On Thu, 05 Feb 2015, Nicolas Zin wrote:
Hi,
is it possible to create a one way AD trust relationship with FreeIPA/IDM
3.3?
No.
- From Windows I created an incoming one-way trust relationship, with a
trust-secret
- on
On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek mko...@redhat.com wrote:
On 02/06/2015 12:53 AM, Christopher Young wrote:
Obvious next question: Any plans to implement that functionality or
advice
on how one might get some level of functionality for this? Would it be
possible to create
Ran the suggested command from the primary (master) IPA:
[root@ipaN1 ~]# ipa-replica-manage list -v ipaN1..local
ipa-N2..local: replica
last init status: None
last init ended: None
last update status: -1 - LDAP error: Can't contact LDAP server
last update ended: None
Then ran it
Check:
https://gist.github.com/duncaninnes/c91985822be9782df581
which contains 2 scripts based on:
http://directory.fedoraproject.org/docs/389ds/howto/howto-replicationmon
itoring.html
I just expanded it to cope with a list of servers, then version 2 sorts
by last end, last start, hostname.
On 2/6/2015 8:39 AM, Martin Kosek wrote:
Reinstalling the pki-selinux rpm (found references in some other forum posts)
via yum reinstall pki-selinux is not enough to help.
The solution is as follows:
yum downgrade pki-selinux pki-ca pki-common pki-setup pki-silent pki-java-tools
pki-symkey
Innes, Duncan wrote:
Check:
https://gist.github.com/duncaninnes/c91985822be9782df581
which contains 2 scripts based on:
http://directory.fedoraproject.org/docs/389ds/howto/howto-replicationmon
itoring.html
I just expanded it to cope with a list of servers, then version 2 sorts
by
On 02/06/2015 12:53 AM, Christopher Young wrote:
Obvious next question: Any plans to implement that functionality or advice
on how one might get some level of functionality for this? Would it be
possible to create another command-line based openssl CA that could issue
these but using IPA as
On 02/06/2015 06:59 AM, Les Stott wrote:
Hi,
I found a bug in the pki packages and CA replica installation.
Environment:
Rhel 6.6
IPA Server 3.0.0-42
Pki components:
pki-symkey-9.0.3-38.el6_6.x86_64
pki-common-9.0.3-38.el6_6.noarch
pki-setup-9.0.3-38.el6_6.noarch
18 matches
Mail list logo