On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/15/15 6:36 AM, Rob Crittenden wrote:
Usually means there is a replication conflict entry. You may be able
to get more details on what failed by looking at the LDAP access log
of both LDAP ser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I have a question about using IPA (v.4) with an AD (2012) Trust.
Is it possible to login with a user from the Active Directory Domain to an
Web-Service (like redmine) which is configured to the IPA LDAP?
I have understand this by read this art
On 16.6.2015 09:34, Henry Hofmann wrote:
> Hi,
>
> I have a question about using IPA (v.4) with an AD (2012) Trust.
> Is it possible to login with a user from the Active Directory Domain to an
> Web-Service (like redmine) which is configured to the IPA LDAP?
>
> I have understand this by read th
On 06/16/2015 09:02 AM, Ludwig Krispenz wrote:
On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/15/15 6:36 AM, Rob Crittenden wrote:
Usually means there is a replication conflict entry. You may be able
to get more details on what failed by
Hello.
Just to remind if somebody still not familiar with our IPA installation :)
We currently have 18 IPA servers in domain, on 8 sites in different regions
across the Russia.
And now, our new problem.
Regularly we getting a nsds5ReplConflict records on some of our servers, very
often on servers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I understand this is for application which is using Kerberos.
I have some web applications like "redmine" and "owncloud" which have a own
user management. They needs to be configure to LDAP to grant authorizations
without Kerberos. And not all of t
On 16.6.2015 11:43, Henry Hofmann wrote:
> I understand this is for application which is using Kerberos.
> I have some web applications like "redmine" and "owncloud" which have a own
> user management. They needs to be configure to LDAP to grant authorizations
> without Kerberos. And not all of t
On 06/16/2015 11:42 AM, Alexander Frolushkin wrote:
Hello.
Just to remind if somebody still not familiar with our IPA installation J
We currently have 18 IPA servers in domain, on 8 sites in different
regions across the Russia.
And now, our new problem.
Regularly we getting a nsds5ReplCon
It looks like our duplicates have some "internal" source, it source is not a
client system, but one of our IPA servers.
Is it possible to get such duplicate records in combination of replication
"multipath" and some clock skew (it is not ideally synchronized because of very
big distances between
On 06/16/2015 12:44 PM, Alexander Frolushkin wrote:
It looks like our duplicates have some "internal" source, it source is
not a client system, but one of our IPA servers.
to get these kind of conflict two servers have to be involved
if you say internal source, what kind of entries are affe
On Jun 16, 2015, at 01:56, thierry bordaz wrote:
>
>> On 06/16/2015 09:02 AM, Ludwig Krispenz wrote:
>>
>>> On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle wrote:
>> On 6/15/15 6:36 AM, Rob Crittenden wrote:
>>
>> Usually means the
One example of duplicate:
krbprincipalname=HTTP/nw-rhidm02.unix.megafon...@unix.megafon.ru+nsuniqueid=5a726d95-0e9611e5-8418a085-d3870578,cn=services,cn=accounts,dc=unix,dc=megafon,dc=ru
the original one:
krbprincipalname=HTTP/nw-rhidm02.unix.megafon...@unix.megafon.ru,cn=services,cn=accounts,dc=u
On 06/16/2015 02:08 PM, Janelle wrote:
On Jun 16, 2015, at 01:56, thierry bordaz wrote:
On 06/16/2015 09:02 AM, Ludwig Krispenz wrote:
On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/15/15 6:36 AM, Rob Crittenden wrote:
Usually means th
Hi,
I have a question about using IPA (v.4) with an AD (2012) Trust.
Is it possible to login with a user from the Active Directory Domain to an
Web-Service (like redmine) which is configured to the IPA LDAP?
I have understand this by read this article
(http://www.freeipa.org/page/IPAv3_Architec
Hi,
I have made a trace with gdb, and this is the output from that.
So it looks like the suid user isnt found.
Program received signal SIGSEGV, Segmentation fault.
0x08518f44 in utilcuti_GetUsrid(void) ()
Missing separate debuginfos, use: debuginfo-install
atk-2.10.0-1.fc20.i686 bzip2-libs-1.0.
On Tue, 2015-06-16 at 14:50 +0200, richard wrote:
> Hi,
>
> I have made a trace with gdb, and this is the output from that.
> So it looks like the suid user isnt found.
Hi Richard,
this looks like a bug in the application you are using, as a failure to
lookup a user (if that is the case), should
Hi guys,
How do I force the host to update its own DNS record?
--
*Esdras La-Roque*
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 06/16/2015 06:18 AM, Ludwig Krispenz wrote:
On 06/16/2015 02:08 PM, Janelle wrote:
On Jun 16, 2015, at 01:56, thierry bordaz wrote:
On 06/16/2015 09:02 AM, Ludwig Krispenz wrote:
On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/15/15
On 16/06/15 15:32, Esdras La-Roque wrote:
Hi guys,
How do I force the host to update its own DNS record?
--
*Esdras La-Roque*
Hello,
SSSD do synchronization automatically. (dyndns_update=true in sssd.conf)
We need more info:
Do you have integrated DNS?
If yes, do you have enabled "dynami
Good morning,
Just a quick note. I hope that all my questions do not make any one the
DEV Team think that I do not support FreeIPA wholly and completely. I am
a huge fan of this package and have in fact discussed with several of my
clients (I'm a consultant of course) who have purchased RH sup
On 06/16/2015 03:54 PM, Janelle wrote:
Good morning,
Just a quick note. I hope that all my questions do not make any one
the DEV Team think that I do not support FreeIPA wholly and
completely. I am a huge fan of this package and have in fact discussed
with several of my clients (I'm a consul
Thanks!
I put "dyndns_update=true" in sssd.conf only and that's works fine!
2015-06-16 10:51 GMT-03:00 Martin Basti :
> On 16/06/15 15:32, Esdras La-Roque wrote:
>
> Hi guys,
>
>
> How do I force the host to update its own DNS record?
>
> --
> *Esdras La-Roque*
>
>
>
> Hello,
>
> SSSD do
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Janelle
Sent: Tuesday, June 16, 2015 6:55 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Migration error?
Good morning,
Just a quick note. I hope that all my que
On 16.6.2015 19:15, Randall Harrison wrote:
> Hello freeipa!
>
> I am having difficulty installing freeipa on a freshly installed CentOS6.6
> box. I have not had this problem on previous CentOS releases, and it
> installed with no problems on a CentOS7.1 box.
>
> Here is a list of steps I took t
(First of all, always Cc the list. I'm adding it back to the loop.)
Interesting.
Which versions of packages do you have installed?
$ rpm -qa 'ipa*' 'java-*' 'pki*'
Dogtag might not work if you have java-1.8.0 installed. To eliminate this
problem I would recommend you to let only java-1.7.0 inst
Ok,
Here are the versions you requested:
IPA
ipa-admintools-3.0.0-42.el6.centos.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-python-3.0.0-42.el6.centos.x86_64
ipa-client-3.0.0-42.el6.centos.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-server-selinux-3.0.0-42.el6.centos.x86_64
ipa-server-3
Hi,
Had a server - named ipa001.example.com -- it was a replica. It died. It
was re-installed. However, prior to the re-install it was saying the
wonderful:
TLS error -8172:Peer's certificate issuer has been marked as not trusted
by the user.
It was rebuilt - new OS and doing a brand new i
Yes, please remove java 1.8.0*
This is unfortunate and known issue caused by over-enthusiastic people doing
Software Collections project who released 1.8 Java directly into the release
tree.
We have a bug for it where dogtag does introduce some dependency requirements
to weed out java-1.8.0 on
Hi,
I am trying to setup ssh keys into an IPA enabled server. This refuses to work
asking for a password each time. If I drop the server out of IPA the ssh keys
then work.
I can ssh from a non-IPA RHEL7 server to an IPA enabled server but non-IPA user
fine, but when I try to go to a IPA user
I have 2 CentOS 6 clients both running FreeIPA client 3.0.0-42 and sssd
1.11.6-30. The server is CentOS 7 / IPA 4.1.3
When I try to log in using MIT kerberos and a valid ticket it works on one
client, and fails on the other. I have compared the /etc/krb5.conf,
/etc/sssd/sssd.conf and /etc/openld
On Tue, 16 Jun 2015, Henry Hofmann wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I understand this is for application which is using Kerberos.
No, it is not only for that.
I have some web applications like "redmine" and "owncloud" which have a
own user management. They needs to be co
On 06/15/2015 02:19 PM, Henry Hofmann wrote:
Hi,
I have a question about using IPA (v.4) with an AD (2012) Trust.
Is it possible to login with a user from the Active Directory Domain to an
Web-Service (like redmine) which is configured to the IPA LDAP?
I have understand this by read this artic
Hello.
Another example. Today appeared on servers of different site.
Original LDIF:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# System: Manage Host Keytab, permissions, pbac, unix.megafon.ru
dn: cn=System: Manage Host Keytab,cn=permissions
33 matches
Mail list logo
