On 29/05/15 18:57, Thomas Sailer wrote:
Hello everyone.
I upgraded a freeipa server from fedora 20 to fedora 22. It mostly
worked ok, but there are a few issues:
- pki-tomcat didn't start after the upgrade, and that in turn made
ipa-upgradeconfig fail, because /var/lib/pki/pki-tomcat/conf/ca
Hello everyone.
I modified the /etc/selinux/config file :
#
# This file controls the state of SELinux on the system.
# SELINUX=disabled
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings inst
On 05/31/2015 12:21 PM, Bob Hinton wrote:
Hello,
I've written a Ruby script to add IPA users from CSV files. This works
fine when specifying a username and password. However, using a keytab
produces an error (see below). This seems to happen whatever I put in
the keytab file.
Any suggestions ?
I've got an IPA installation with 8 servers replicating between each
other across various parts of our network. Recently I've started
pushing the dirsrv logs to a remote log collector from 4 of these
machines and see a huge disparity in the number of entries being sent.
ipa01 - ~42,000 logs per
Hello,
From a DS point of view, you may use logconv.pl to get a rapid summary
of the received activity (DS access logs).
You may take the same period of time on each server and compare the
results. It will give hints to know if the difference comes from bind,
connections, replication session,
On 01/06/2015 09:55, Petr Vobornik wrote:
> On 05/31/2015 12:21 PM, Bob Hinton wrote:
>> Hello,
>>
>> I've written a Ruby script to add IPA users from CSV files. This works
>> fine when specifying a username and password. However, using a keytab
>> produces an error (see below). This seems to happe
On 06/01/2015 11:36 AM, Bob Hinton wrote:
On 01/06/2015 09:55, Petr Vobornik wrote:
On 05/31/2015 12:21 PM, Bob Hinton wrote:
Hello,
I've written a Ruby script to add IPA users from CSV files. This works
fine when specifying a username and password. However, using a keytab
produces an error (s
On Mon, 01 Jun 2015, Bob Hinton wrote:
On 01/06/2015 09:55, Petr Vobornik wrote:
On 05/31/2015 12:21 PM, Bob Hinton wrote:
Hello,
I've written a Ruby script to add IPA users from CSV files. This works
fine when specifying a username and password. However, using a keytab
produces an error (see
On 01/06/2015 11:01, Petr Vobornik wrote:
> On 06/01/2015 11:36 AM, Bob Hinton wrote:
>> On 01/06/2015 09:55, Petr Vobornik wrote:
>>> On 05/31/2015 12:21 PM, Bob Hinton wrote:
Hello,
I've written a Ruby script to add IPA users from CSV files. This works
fine when specifying a u
Hi,
I am currently trying to use FreeIPA to issue client certificates for
some internal application we have. (More precisely, SSL double
authentication between two of my applications, client side would be
java, server-side would be apache httpd.) I considered two options :
1. Issue client certifi
On Mon, 01 Jun 2015, Thibaut Pouzet wrote:
Hi,
I am currently trying to use FreeIPA to issue client certificates for
some internal application we have. (More precisely, SSL double
authentication between two of my applications, client side would be
java, server-side would be apache httpd.) I cons
On 1.6.2015 10:56, Innes, Duncan wrote:
> We don't have access to the _SRV_ records as the AD domain controls
> that, so we had to hard code the main and failover servers on the
Side note:
It sounds that your FreeIPA setup is using the same domain name as AD realm.
This is directly against
http://
Hi,
how could I possibly trace why there is a noticeable delay when logging into
sssd enabled server?
With ssh there is a 2-3 second delay before users logs in. But most users
notice this with webmail, which uses dovecot->pam->sssd as authentication
backend.
Environment is Centos 7.1 and FreeIPA
On Mon, Jun 01, 2015 at 03:42:53PM +0100, Ivars Strazdiņš wrote:
> Hi,
> how could I possibly trace why there is a noticeable delay when logging into
> sssd enabled server?
Using SSSD logs:
https://fedorahosted.org/sssd/wiki/Troubleshooting
> With ssh there is a 2-3 second delay before users
Orion Poplawski wrote:
On 05/28/2015 03:09 PM, Rob Crittenden wrote:
Orion Poplawski wrote:
We did a CAless install:
ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat
/etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt
--dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin= -
Thomas Sailer wrote:
Hello everyone.
I upgraded a freeipa server from fedora 20 to fedora 22. It mostly
worked ok, but there are a few issues:
- pki-tomcat didn't start after the upgrade, and that in turn made
ipa-upgradeconfig fail, because /var/lib/pki/pki-tomcat/conf/ca/CS.cfg
had the wrong
bahan w wrote:
Hello everyone.
I modified the /etc/selinux/config file :
#
# This file controls the state of SELinux on the system.
# SELINUX=disabled
# enforcing - SELinux security policy is enforced.
# permissive - SELinux pri
Petr,
We're using a different domain for IPA thankfully (unix.example.com),
but the AD guys control DNS and don't want to touch anything in the DNS
that might affect their example.com records. Everything is on the same
VLANs, so I didn't want to press with any configuration request that
might hav
Martin, Rob, thanks for your answers!
On 06/01/2015 09:52 AM, Martin Basti wrote:
Could DS in chroot, cause the ipa-ldap-updater --upgrade cannot locate
the DS socket?
2015-05-28T13:04:55Z DEBUG stderr=Running in chroot, ignoring request.
I used fedup for the distro upgrade, so yes initially
Hi All
Bad news.
Over the weekend I was able to get the original problem EL7.1 / FreeIPA 4.1
host (FreeIPA client) to authenticate FreeiPA users (my test being ssh
remote login with FreeIPA user and password).
Today I tried a second machine, and had the same problem, ssh connections
with FreeIP
hi All,
I'm stuck:
$ kinit admin
Password for admin@CXCLIENTS:
kinit: Password incorrect while getting initial credentials
[root@ipa-clients1 ~]$ kinit admin
Password for admin@CXCLIENTS:
Password expired. You must change it now.
Enter new password:
Enter it again:
kinit: Password has expired
On Fri, May 29, 2015 at 06:57:33PM +0200, Thomas Sailer wrote:
>
> I upgraded a freeipa server from fedora 20 to fedora 22. It mostly worked
> ok, but there are a few issues:
>
> - pki-tomcat didn't start after the upgrade, and that in turn made
> ipa-upgradeconfig fail, because /var/lib/pki/pki-
On Mon, Jun 01, 2015 at 05:19:20PM +0300, Alexander Bokovoy wrote:
> On Mon, 01 Jun 2015, Thibaut Pouzet wrote:
> >Hi,
> >
> >I am currently trying to use FreeIPA to issue client certificates for
> >some internal application we have. (More precisely, SSL double
> >authentication between two of my a
I, too, am very much in need of user certificates. If it is possible to
setup an additional FreeIPA server to test this out, then I could help out
in testing the feature. I obviously don't want to impact my production
environment too much, but it is rather stagnant, so if I can backup the
LDAP db
I have a duplicate user.
Same exact name, but different UID's. But there does not seem to be a
way to do "ipa user-del" on anything other than username, which ends up
returning:
# ipa user-del another_username
ipa: ERROR: The search criteria was not specific enough. Expected 1 and
found 2.
On (01/06/15 15:42), Ivars Strazdiņš wrote:
>Hi,
>how could I possibly trace why there is a noticeable delay when logging into
>sssd enabled server?
>With ssh there is a 2-3 second delay before users logs in. But most users
>notice this with webmail, which uses dovecot->pam->sssd as authenticatio
Hello.
Maybe this is a little off topic, sorry if so.
Faced a strange behavior of server when trying to login a newly created user
from AD, which have a password must be changed on first login.
Using this user to login via ssh to server feeds to ssh session termination
without any messages regar
27 matches
Mail list logo