Re: [Freeipa-users] thousands DSRetroclPlugin mesages

On 04/26/2015 10:49 AM, Martin (Lists) wrote: Hallo after a reboot I get almost thousand of the following messages: DSRetroclPlugin - delete_changerecord: could not delete change record 128755 (rc: 32) this message comes from changeglog trimming and means that an entry, which should be purged

[Freeipa-users] Old FreeIPA upstream guides removed (WAS: Re: Web UI: Migrated Admins missing action buttons)

On 04/26/2015 08:23 AM, Alexander Bokovoy wrote: > > > - Original Message - >> Hi Rob and Dimitri >> >> Migrating via Replica is the obvious way that I would have gone, had the >> FreeIPA /RedHat documentation not suggested the replicas must have the same >> version. >> >> I think the lin

Re: [Freeipa-users] Old FreeIPA upstream guides removed (WAS: Re: Web UI: Migrated Admins missing action buttons)

Hi Martin Thanks: I am glad others can benefit from my mistakes. Cheers Chrsi From: Martin Kosek To: Alexander Bokovoy , Christopher Lamb/Switzerland/IBM@IBMCH Cc: freeipa-users@redhat.com, Robert Crittenden , Simo Sorce , Dmitri Pal Date: 27.

[Freeipa-users] FYI: Fedora 22 and trusts

Hi, if you are playing with Fedora 22 beta, your experience with FreeIPA may be rough. When installing freeipa-server-trust-ad make sure to also install samba-common-tools package. Samba packaging was split to allow samba-common to be an architecture-independent package but samba package didn't

[Freeipa-users] default e-mail address and aliases from LDAP

Hi there, I am preparing to move our site e-mail authentication backend to FreeIPA. That is, integrate Postfix with FreeIPA. Let's suppose user has two or more e-mail addresses, j...@site.com joe.u...@site.com Currently we use smtp_generic_maps on

Re: [Freeipa-users] Old FreeIPA upstream guides removed (WAS: Re: Web UI: Migrated Admins missing action buttons)

On Mon, 2015-04-27 at 12:51 +0200, Martin Kosek wrote: > On 04/26/2015 08:23 AM, Alexander Bokovoy wrote: > > > > > > - Original Message - > >> Hi Rob and Dimitri > >> > >> Migrating via Replica is the obvious way that I would have gone, had the > >> FreeIPA /RedHat documentation not sugg

[Freeipa-users] Access to IPA Web-UI with different domain names

Hi Folks, does somebody have a best practice, how to access the IPA Web-UI with different domain names? Example: Our IPA 4.1 have two different IPs (extern and intern) with two domain names. The web gui is only accessible from the domain name, which IPA was registered with (intern domain name).

[Freeipa-users] Fw: Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

Hi All I may have found a possible cause of our instance of the "Your session has expired" Web UI error on our new FreeIPA 4.1.0 Server By chance I checked the date on the server hosting FreeIPA 4.1.0. To my surprise, despite running ntpd it was 2 hours in the future! Some moons ago we sufferi

Re: [Freeipa-users] Fw: Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

Hello, comments inline Martin On 27/04/15 18:09, Christopher Lamb wrote: Hi All I may have found a possible cause of our instance of the "Your session has expired" Web UI error on our new FreeIPA 4.1.0 Server By chance I checked the date on the server hosting FreeIPA 4.1.0. To my surprise, d

[Freeipa-users] FreeIPA WebUI Logout logs back in

Hi All When I use the logout dropdown the WebUI (top righthand corner of the screen), it logs me out, then immediately reloads and logs me right back in again to the Users screen. This prevents me from logging in with a different user. The FreeIPA Server is 4.1.0 on OEL 7.5. I am using Web UI

Re: [Freeipa-users] IPA Web UI behind proxy

Hi Fraser, I actually attempted that procedure ( https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP) but it completely broke my IPA install. I could no longer log in with any users including admin, enrollment/client auth broke, etc. Unfortunately I couldn't find any way to roll

Re: [Freeipa-users] Access to IPA Web-UI with different domain names

On 04/27/2015 06:06 PM, David Dimovski wrote: Hi Folks, does somebody have a best practice, how to access the IPA Web-UI with different domain names? Example: Our IPA 4.1 have two different IPs (extern and intern) with two domain names. The web gui is only accessible from the domain name, which

[Freeipa-users] FreeIPA 4.1.4 and Windows Groups

Hi all, First I'd like to say thank you for the fantastic product. We've been using FreeIPA since v 1 and it's been fantastic. Recently we've hit a slight snag, however. We used this document (https://www.freeipa.org/page/Windows_authentication_against_FreeIPA) to setup Windows to use FreeIP

[Freeipa-users] Password expiration not updated with password change

I'm currently experimenting with Red Had Identity Management 6.0, and I've noticed that when I create a user, and have them change their password using the "passwd" command, the password is changed in IdM, but the password expiration date is not updated, so that their password remains expired. Fur

Re: [Freeipa-users] Password expiration not updated with password change

On 04/27/2015 01:08 PM, Tony Izzo wrote: I'm currently experimenting with Red Had Identity Management 6.0, This version does not make sense. Did you mean 7.0? and I've noticed that when I create a user, and have them change their password using the "passwd" command, the password is changed in

Re: [Freeipa-users] FreeIPA WebUI Logout logs back in

On 04/27/2015 12:39 PM, Christopher Lamb wrote: Hi All When I use the logout dropdown the WebUI (top righthand corner of the screen), it logs me out, then immediately reloads and logs me right back in again to the Users screen. This prevents me from logging in with a different user. The FreeIP

Re: [Freeipa-users] FreeIPA 4.1.4 and Windows Groups

On Mon, 27 Apr 2015, Zach McNeilly wrote: Hi all, First I'd like to say thank you for the fantastic product. We've been using FreeIPA since v 1 and it's been fantastic. Recently we've hit a slight snag, however. We used this document (https://www.freeipa.org/page/Windows_authentication_again

Re: [Freeipa-users] default e-mail address and aliases from LDAP

On 04/27/2015 07:49 AM, Ivars Strazdiņš wrote: Hi there, I am preparing to move our site e-mail authentication backend to FreeIPA. That is, integrate Postfix with FreeIPA. Let's suppose user has two or more e-mail addresses, j...@site.com joe.u...@site.com

Re: [Freeipa-users] default e-mail address and aliases from LDAP

On 04/27/2015 04:51 PM, Rich Megginson wrote: On 04/27/2015 07:49 AM, Ivars Strazdin,s( wrote: Hi there, I am preparing to move our site e-mail authentication backend to FreeIPA. That is, integrate Postfix with FreeIPA. Let's suppose user has two or more e-mail addresses, j...@site.com

[Freeipa-users] How to renew an expired admin certificate

Dear All, I'm in the process of regaining one of the old CA systems which was not being used for a long time. In the root CA, administrator certificate is expired and cannot access the agent interface. In order to renew it, i would need the access to the agent interface. Please help me to procee

[Freeipa-users] FreeIPA SAML and Google Apps

Hi, Is it yet possible to use FreeIPA as an identity provider to Google Apps via SAML. I understand there was some project afoot Thanks, Andrew -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for