On Thu, 21 May 2015, Rudolf Gabler wrote:
Hi to whom it may concern,
we used for many years a 2 location policy to separate email users from
unix users in order to not using the same passwords. So we had 2 trees
in our LDAP with the same user but different passwords.
In freeipa (where we want
On 05/21/2015 09:50 AM, Alexander Frolushkin wrote:
Thank you. Do I need to run this on each of my 17 IPA servers in unix
domain?
no, the cleanallruv task should be propagated to all server a repl
agreement exists
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
could you try this:
https://www.redhat.com/archives/freeipa-users/2015-May/msg00062.html
it was successfully applied before
On 05/21/2015 06:58 AM, Alexander Frolushkin wrote:
Hello again.
Is it now clear how to deal with problem ipa-replica-manage list-ruv
showing
unable to decode:
Hi to whom it may concern,
we used for many years a 2 location policy to separate email users from unix
users in order to not using the same passwords. So we had 2 trees in our LDAP
with the same user but different passwords.
In freeipa (where we want to migrate now) I can use the accounts
On 05/21/2015 07:50 AM, Martin Kosek wrote:
On 05/20/2015 04:01 PM, Boyce, George Robert. (GSFC-762.0)[NICS] wrote:
This worked for me:
$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=cm
(|(uid=admin)(name=admin)) dn
SASL/GSSAPI authentication started
SASL username:
On 5/20/15 7:53 AM, Mark Reynolds wrote:
On 05/20/2015 10:17 AM, thierry bordaz wrote:
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
Knowing that the first issue is 'working as designed', I can now focus on
exactly how to fix it. In my case, the issue is that a vendor's code is
appending name=... to its search filter to find a user group.
Thanks, I can troubleshoot the second issue, it isn't a roadblock to my task.
On
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be ds2-ipa1 established a replication session with its peers and
send those RIDs.
Could you track in all the access logs, when
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be ds2-ipa1 established a replication session with its peers and
send those RIDs.
Could
On 05/21/2015 03:04 PM, Janelle wrote:
On 5/21/15 5:49 AM, Rich Megginson wrote:
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be
On 5/21/15 5:49 AM, Rich Megginson wrote:
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be ds2-ipa1 established a replication session
On 05/21/2015 01:36 PM, Janelle wrote:
And just like that - for no reason, they all reappeared:
unable to decode {replica 16} 5535647200030010 5535647200030010
unable to decode {replica 23} 5545d61f00020017 5552f71800030017
unable to decode {replica 24} 554d53d30018
On 5/21/15 5:20 AM, thierry bordaz wrote:
On 05/21/2015 01:36 PM, Janelle wrote:
On 5/20/15 7:53 AM, Mark Reynolds wrote:
On 05/20/2015 10:17 AM, thierry bordaz wrote:
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/21/15 5:16 AM, Ludwig Krispenz wrote:
On 05/21/2015 01:36 PM, Janelle wrote:
And just like that - for no reason, they all reappeared:
unable to decode {replica 16} 5535647200030010 5535647200030010
unable to decode {replica 23} 5545d61f00020017 5552f71800030017
unable
On 05/21/2015 01:36 PM, Janelle wrote:
On 5/20/15 7:53 AM, Mark Reynolds wrote:
On 05/20/2015 10:17 AM, thierry bordaz wrote:
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 20.5.2015 17:38, Brian Koontz wrote:
Running FreeIPA 4.1.4, Fedora 21. Trying to get dynamic DNS updates on
clients to work following these instructions:
http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
(Using GSS-TSIG isn't an option because I have no way of
Hi All
what a count of IPA servers does make sense for sssd configuration? We
have 5 IPA servers and each Host can reach them. Can I put them all to
sssd configuration (redundancy) or does it dont make sense (timeouts to
big etc)?
MfG
Christoph Kaminski
--
Manage your subscription for the
On 05/21/2015 03:59 PM, Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as
a replica some time ago with all the others. Think of this -- the
Christoph Kaminski wrote:
Hi All
what a count of IPA servers does make sense for sssd configuration? We
have 5 IPA servers and each Host can reach them. Can I put them all to
sssd configuration (redundancy) or does it dont make sense (timeouts to
big etc)?
The recommended procedure is to use
On 05/21/2015 09:15 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:04 PM, Janelle wrote:
On 5/21/15 5:49 AM, Rich Megginson wrote:
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ?
Rob,
Try adding the inetUser objectclass to your system account. You're probably
lacking memberOf.
Thanks, that worked. My last issue is to add read/search permission on the
name attribute as the vendor doesn't offer a way to not include it in a
search filter to find user groups.
I was in
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them was this server. Then the
other 4 servers
Sanju A wrote:
Dear Rob,
Please find the result of getcert list.
Request ID '20140430124456':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them was this server. Then the
other 4 servers were RE-BUILT from scratch, so all the
I've got a freeIPA client where a user account cannot authenticate.
The log entry for IPA looks like:
audit/audit.log.4:type=USER_AUTH msg=audit(1425316592.375:38090): user
pid=16485 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication
On 05/21/2015 05:54 PM, John Williams wrote:
I've got a freeIPA client where a user account cannot authenticate.
The log entry for IPA looks like:
audit/audit.log.4:type=USER_AUTH msg=audit(1425316592.375:38090): user
pid=16485 uid=0 auid=4294967295 ses=4294967295
We have requirements to only allow AES encryption. I'm trying to understand
what is the default and where everything comes in to play, the user tickets
are AES when obtained using kinit, but the system keytab shows des3 and arcfour
in addition to AES.
So my questions are
What is
On 5/21/15 8:12 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:59 PM, Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as
a replica some time ago with
On 05/21/2015 09:59 AM, Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as
a replica some time ago with all the others. Think of this -- the
31 matches
Mail list logo
