Re: [Freeipa-users] Certificate renewal issues for dogtag GUI (9443/9444/9445 ports)

2015-06-09 Thread Thibaut Pouzet
Le 05/06/2015 22:19, Endi Sukma Dewata a écrit : On 5/19/2015 3:54 AM, Thibaut Pouzet wrote: Hi, It appeared that the NSS DB had fips enabled due to the troubleshooting of an old problem : # modutil -dbdir /var/lib/pki-ca/alias/ -list Listing of PKCS #11 Modules

[Freeipa-users] IPA and AD trusts

2015-06-09 Thread Alexander Frolushkin
Hello! I need some clarification, because I already killed one of my replica twice... After new replica server installation, do I need to run ipa-adtrust-install on it? WBR, Alexander Frolushkin ?? ? ? ? ? ???

Re: [Freeipa-users] IPA and AD trusts

2015-06-09 Thread Alexander Bokovoy
On Tue, 09 Jun 2015, Alexander Frolushkin wrote: Hello! I need some clarification, because I already killed one of my replica twice... After new replica server installation, do I need to run ipa-adtrust-install on it? Once initial replication finished, yes, you need to run

Re: [Freeipa-users] IPA and AD trusts

2015-06-09 Thread Alexander Bokovoy
On Tue, 09 Jun 2015, Alexander Frolushkin wrote: It's little sad for me, because after that my new replica fails to start after reboot, on smb: Jun 09 15:41:23 nw-rhidm02 smbd[4692]: [2015/06/09 15:41:23.174023, 0] ipa_sam.c:4128(bind_callback_cleanup) Jun 09 15:41:23 nw-rhidm02 smbd[4692]:

Re: [Freeipa-users] IPA and AD trusts

2015-06-09 Thread Alexander Frolushkin
Thank you very much, I really missed this detail. Not good thing, this is not checked anywhere during replica installation... WBR, Alexander Frolushkin Cell +79232508764 Work +79232507764 -Original Message- From: Alexander Bokovoy [mailto:aboko...@redhat.com] Sent: Tuesday, June 09,

Re: [Freeipa-users] IPA and AD trusts

2015-06-09 Thread Alexander Frolushkin
It's little sad for me, because after that my new replica fails to start after reboot, on smb: Jun 09 15:41:23 nw-rhidm02 smbd[4692]: [2015/06/09 15:41:23.174023, 0] ipa_sam.c:4128(bind_callback_cleanup) Jun 09 15:41:23 nw-rhidm02 smbd[4692]: kerberos error: code=-1765328203, message=Keytab

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

2015-06-09 Thread Martin Basti
On 08/06/15 20:59, nat...@nathanpeters.com wrote: I am trying my best to figure out why any FreeIPA internal 'administrators' that I create cannot search DNS entries. The builtin admin user can search and get results for DNS entries just fine, but we would rather not share this account with

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

2015-06-09 Thread Martin Basti
On 09/06/15 12:58, Martin Basti wrote: On 08/06/15 20:59, nat...@nathanpeters.com wrote: I am trying my best to figure out why any FreeIPA internal 'administrators' that I create cannot search DNS entries. The builtin admin user can search and get results for DNS entries just fine, but we

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

2015-06-09 Thread Martin Basti
On 09/06/15 13:05, Martin Basti wrote: On 09/06/15 12:58, Martin Basti wrote: On 08/06/15 20:59, nat...@nathanpeters.com wrote: I am trying my best to figure out why any FreeIPA internal 'administrators' that I create cannot search DNS entries. The builtin admin user can search and get

Re: [Freeipa-users] Certificate renewal issues for dogtag GUI (9443/9444/9445 ports)

2015-06-09 Thread Thibaut Pouzet
Le 09/06/2015 15:50, Rob Crittenden a écrit : Thibaut Pouzet wrote: Le 05/06/2015 22:19, Endi Sukma Dewata a écrit : Is this still a problem? Per discussion with Rob it doesn't seem to be an issue with Dogtag itself. I suppose you are following this instruction:

[Freeipa-users] add suse 11 sp3 to ipa

2015-06-09 Thread mohammad sereshki
 hiWould you please let me know is it possible to add suse 11 sp3 to IPA? and how it is possible?Regards -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] add suse 11 sp3 to ipa

2015-06-09 Thread Rob Crittenden
mohammad sereshki wrote: hi Would you please let me know is it possible to add suse 11 sp3 to IPA? and how it is possible? Regards I'm not sure if any version of SUSE has ipa-client or freeipa-client, but I know that 12+ has sssd. If 11 also has sssd then you can configure that

Re: [Freeipa-users] Certificate renewal issues for dogtag GUI (9443/9444/9445 ports)

2015-06-09 Thread Rob Crittenden
Thibaut Pouzet wrote: Le 05/06/2015 22:19, Endi Sukma Dewata a écrit : Is this still a problem? Per discussion with Rob it doesn't seem to be an issue with Dogtag itself. I suppose you are following this instruction: http://www.freeipa.org/page/Howto/CA_Certificate_Renewal Could you post the

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

2015-06-09 Thread Petr Spacek
On 9.6.2015 13:54, Martin Basti wrote: On 09/06/15 13:05, Martin Basti wrote: On 09/06/15 12:58, Martin Basti wrote: On 08/06/15 20:59, nat...@nathanpeters.com wrote: I am trying my best to figure out why any FreeIPA internal 'administrators' that I create cannot search DNS entries. The