Hi all
I am fighting this exact problem too.
We had setup Jira, integrated to FreeIPA with the option Internal
Directory with LDAP Authentication, using anonymous bind.
This integration path means that when a FreeIPA user attempts to logon to
Jira with his FreeIPA Credentials, his user is
On 29.6.2015 13:16, Matt . wrote:
Hi,
The zones are on both servers, just not all records are, this has a
reason. One server is maintained by a script, the other one only
forwards to it if needed.
The idea is that it does a local lookup, when it doesn't find the
record locally, it
Hi Petr,
Yes I understand why this is not possible. The idea was to have a
managed DNS server from scripting and one for other usage by clients
who only need to know about the unknown records on Server1, this as
it should forward most and only do specific local lookups.
Your subdomain solution
On Mon, Jun 29, 2015 at 11:24:00AM +0200, Giorgio Biacchi wrote:
On 06/29/2015 10:30 AM, Sumit Bose wrote:
On Mon, Jun 29, 2015 at 10:04:04AM +0200, Giorgio Biacchi wrote:
On 06/26/2015 08:06 PM, Sumit Bose wrote:
On Fri, Jun 26, 2015 at 04:34:05PM +0200, Giorgio Biacchi wrote:
On
On 29.6.2015 14:07, Matt . wrote:
Hi Petr,
Bot servers have zone:
domain.tld
Server1 (192.168.1.1) has:
domain.tld
foo A 192.168.1.10
bar A 192.168.1.20
Server2 (192.168.2.1) has:
domain.tld
candy A 192.168.2.100
I have a forward first on Server1 to the IP of
On Mon, Jun 29, 2015 at 03:11:57PM +0200, Sumit Bose wrote:
On Mon, Jun 29, 2015 at 11:24:00AM +0200, Giorgio Biacchi wrote:
On 06/29/2015 10:30 AM, Sumit Bose wrote:
On Mon, Jun 29, 2015 at 10:04:04AM +0200, Giorgio Biacchi wrote:
On 06/26/2015 08:06 PM, Sumit Bose wrote:
On Fri, Jun
On 29.6.2015 13:57, John Stein wrote:
Hi,
I have an AD and IdM server.
AD domain - john.com
IdM domain - linux.john.com
each spans multiple netwrok segments, with some segments having both linux
and windows machines.
the IdM is configured to forward DNS requests to AD (forward first),
Hi
As of a few minutes ago, we can now replicate FreeIPA users to JIRA,
including the vital mail attribute!
Note there are probably other solutions that work as well, but this is the
one that works for us.
Key points:
a) Integration Style: Internal Directory with LDAP Authentication --
only
On 27.6.2015 19:06, Matt . wrote:
Hi All,
When I add a forwarder with policy to forward first, there is only
forwarder and not a fallback to local when the record doesn't exist on
the forward server.
When I remove the forwardserver, the local lookup works great again.
Is this known to
Hi,
I have an AD and IdM server.
AD domain - john.com
IdM domain - linux.john.com
each spans multiple netwrok segments, with some segments having both linux
and windows machines.
the IdM is configured to forward DNS requests to AD (forward first), and
the AD is configured to forward requests in
Hi,
The zones are on both servers, just not all records are, this has a
reason. One server is maintained by a script, the other one only
forwards to it if needed.
The idea is that it does a local lookup, when it doesn't find the
record locally, it forwards to it's forwarder to see if it has an
Hi Petr,
Bot servers have zone:
domain.tld
Server1 (192.168.1.1) has:
domain.tld
foo A 192.168.1.10
bar A 192.168.1.20
Server2 (192.168.2.1) has:
domain.tld
candy A 192.168.2.100
I have a forward first on Server1 to the IP of Server2
So when my DNS server on my client is 192.168.1.1
On 29.6.2015 16:10, Matt . wrote:
Hi Petr,
Yes I understand why this is not possible. The idea was to have a
managed DNS server from scripting and one for other usage by clients
who only need to know about the unknown records on Server1, this as
it should forward most and only do specific
On Mon, Jun 29, 2015 at 03:49:37PM +0200, Jakub Hrozek wrote:
On Mon, Jun 29, 2015 at 03:11:57PM +0200, Sumit Bose wrote:
On Mon, Jun 29, 2015 at 11:24:00AM +0200, Giorgio Biacchi wrote:
On 06/29/2015 10:30 AM, Sumit Bose wrote:
On Mon, Jun 29, 2015 at 10:04:04AM +0200, Giorgio Biacchi
Our dirsrv access logs on our freeipa master server are getting flooded
with this:
[29/Jun/2015:12:02:09 -0400] conn=215758 op=1355326784 SRCH
base=cn=u2,cn=groups,cn=accounts,dc=ccr,dc=buffalo,dc=edu scope=0
filter=(objectClass=*) attrs=objectClass posixgroup cn userPassword
gidNumber member
Hi,
Because it can happen that hostnames are used twice, but one for each network.
This sounds a little bit odd, but it has something todo with hostnames
that are needed, public names and internal names. But as both networks
have their own DNS servers, some records are just not provisioned so
On 29.6.2015 18:22, Matt . wrote:
Hi,
Because it can happen that hostnames are used twice, but one for each network.
This sounds a little bit odd, but it has something todo with hostnames
that are needed, public names and internal names. But as both networks
have their own DNS servers,
On Mon, Jun 29, 2015 at 12:34:25PM -0400, Andrew E. Bruno wrote:
On Mon, Jun 29, 2015 at 10:29:24AM -0600, Rich Megginson wrote:
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
Our dirsrv access logs on our freeipa master server are getting flooded
with this:
[29/Jun/2015:12:02:09
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
Our dirsrv access logs on our freeipa master server are getting flooded
with this:
[29/Jun/2015:12:02:09 -0400] conn=215758 op=1355326784 SRCH
base=cn=u2,cn=groups,cn=accounts,dc=ccr,dc=buffalo,dc=edu scope=0
filter=(objectClass=*)
On Mon, Jun 29, 2015 at 10:29:24AM -0600, Rich Megginson wrote:
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
Our dirsrv access logs on our freeipa master server are getting flooded
with this:
[29/Jun/2015:12:02:09 -0400] conn=215758 op=1355326784 SRCH
Hi Petr,
No problem at all! I can remove/move things easily... but this
splitbrain really makes these 2 networks standing on their own, which
is what I need.
Both are provisioned but not all the same. It gives me the flexibility
we need, that's why it's not difficult to move, as it's flexible at
Hello,
I have a problem on a replica server running Centos 7.1 and ipa
4.1.0-18.el7.centos.3.x86_64 (last version)
Ipa server doesn’t restart correctly (using systemctl restart ipa or reboot the
whole server) :
# ipactl status
Directory Service: STOPPED
Directory Service must be running in
I setup IPA using the internal CA. I'd like to continue using this CA,
however, I'd also like to allow authorized external browser users (who
haven't imported our CA) to access the WebUI without receiving a warning.
Is it possible to add a 3rd party certificate and CA such that it is only
used for
On Fri, Jun 26, 2015 at 09:12:53PM -0400, Dmitri Pal wrote:
On 05/18/2015 06:16 AM, Andy Thompson wrote:
-Original Message-
From: Jakub Hrozek [mailto:jhro...@redhat.com]
Sent: Monday, May 18, 2015 4:07 AM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users]
On (26/06/15 10:10), Prasun Gera wrote:
More importantly, ipa-client-install is just a thin configuration tool. If
ipa-client-install is not available on your platform you can configure
everything manually and it will work (as long as the client is
standard-compliant).
I.e. the client side
On 30/06/15 05:17, Umarzuki Mochlis wrote:
Every once in a week suddenly IPA service would failed and only
realized when zimbra that using authentication with it failed during
user log in.
So I had to type in below commands one by one each time this happened.
systemctl start
Hello.
What does message
NSMMReplicationPlugin - agmt=cn=cloneAgreement1-host1.domain.com-pki-tomcat
(host2:389): Unable to acquire replica: the replica instructed us to go into
backoff mode. Will retry later.
mean?
A lot of these message appeared in error dirsrv log yesterday, and several
27 matches
Mail list logo
