On 09/09/2015 06:32 PM, Thomas Suiter wrote:
Is there an equivalent host/computer default objectclasses that there
is for ipa config-mod –groupobjectclasses/--userobjectclasses ? We
are wanting to add some additional attributes to all of the servers,
I’m able to add the object class to ind
Now all is ok :)
# ipa trust-add --type=ad mydomain.com --admin Administrator --password
Active Directory domain administrator's password:
---
Added Active Directory trust for realm "mydomain.com"
-
Hello Steven!
I would like to help you but unfortunately I have no chance to guess
what went wrong.
To help us help you please report any issue in a way described on
FreeIPA Troubleshooting page (http://www.freeipa.org/page/Troubleshooting).
Most importantly we need the following:
1. Versi
OS: RHEL 7.1 w IDM
I'm seeing these messages in my master's log messages. I don't know if it's
related, but I think I started seeing them after I set up a replica.
Everything seems to be working fine, but I'm worried that things will break
if delta grows beyond a point. I tried steps in
https://ac
Hi,
I assume you are virtualising.
Try adding "tinker panic 0" to /etc/ntp.conf.
It should make it tolerant to heavily drifting virtual clocks.
Cheers,
Andrew
On 10 September 2015 at 13:46, Prasun Gera wrote:
> OS: RHEL 7.1 w IDM
>
> I'm seeing these messages in my master's log messages. I
Thanks. I'm not virtualizing though. Should I still add it ?
On Thu, Sep 10, 2015 at 5:02 AM, Andrew Holway
wrote:
> Hi,
>
> I assume you are virtualising.
>
> Try adding "tinker panic 0" to /etc/ntp.conf.
>
> It should make it tolerant to heavily drifting virtual clocks.
>
> Cheers,
>
> Andrew
Thats odd. You would normally not need it on bare metal. It could be broken
hardware.
On 10 September 2015 at 14:05, Prasun Gera wrote:
> Thanks. I'm not virtualizing though. Should I still add it ?
>
> On Thu, Sep 10, 2015 at 5:02 AM, Andrew Holway
> wrote:
>
>> Hi,
>>
>> I assume you are virt
Thomas Suiter wrote:
> Is there an equivalent host/computer default objectclasses that there is
> for ipa config-mod groupobjectclasses/--userobjectclasses ? We are
> wanting to add some additional attributes to all of the servers, Im
> able to add the object class to individual servers but not
Hello,
what is the best way to include a external Nameserver for a IPA Host?
My DNS (DNSSEC) server is running on a extra Instance (KVM) now I have setup a
extra Instance for a IPA Master Server and I have now to include the CNAMe
Server like "smtp.example.com CNAME imap.example.com" or cvan I
On 10.9.2015 15:38, Günther J. Niederwimmer wrote:
> Hello,
>
> what is the best way to include a external Nameserver for a IPA Host?
>
> My DNS (DNSSEC) server is running on a extra Instance (KVM) now I have setup
> a
> extra Instance for a IPA Master Server and I have now to include the CNAMe
On 09/08/2015 08:13 PM, Ian Pilcher wrote:
> Now that I'm actually using IPA authentication for a few services within
> my house, I'm going to set up a simple "start page" with a few links,
> including a link to IPA web UI for password changes. I'd like to use
> the FreeIPA logo, but I've only bee
On 09/09/2015 09:50 PM, Janelle wrote:
> Hello,
>
> I was wondering if anyone has played with thee extended logging of IPA and
> specifically SSSD and the kibana dashboards they put together.
> https://www.freeipa.org/page/Centralized_Logging
>
> I can't seem to get "clients" to send the login i
The hardware is not very old (ivybridge). The entries appear every few
minutes in the log. The /etc/ntp.conf has not been modified manually. It
lists 3 servers - 0.rhel.pool.ntp.org, 1 and 2. At the end, there are also
a couple of additional local servers with the comment added by
/sbin/dhclient-sc
On 9/10/15 7:55 AM, Martin Kosek wrote:
On 09/09/2015 09:50 PM, Janelle wrote:
Hello,
I was wondering if anyone has played with thee extended logging of IPA and
specifically SSSD and the kibana dashboards they put together.
https://www.freeipa.org/page/Centralized_Logging
I can't seem to get "
Hi,
I'm not sure I understood all of your problem, but here are some
information that may help:
- First, you don't change a certificate, but you can revoke it a make a new
one
- If you need to add a SubjectAltName to a certificate, you may have
realized that the -D parameter makes the request to g
On Thu, 10 Sep 2015, Martin Kosek wrote:
On 09/08/2015 08:13 PM, Ian Pilcher wrote:
Now that I'm actually using IPA authentication for a few services within
my house, I'm going to set up a simple "start page" with a few links,
including a link to IPA web UI for password changes. I'd like to use
Hello:
So recently, we received some new workstations that I loaded with Ubuntu 12.04.
The person who had this sysadmin position before me set up the IPA domain and
had it running for quite some time. I went to add one of the systems to the
domain through a script he created, something in the c
On 10.9.2015 17:22, Alexander Bokovoy wrote:
> On Thu, 10 Sep 2015, Martin Kosek wrote:
>> On 09/08/2015 08:13 PM, Ian Pilcher wrote:
>>> Now that I'm actually using IPA authentication for a few services within
>>> my house, I'm going to set up a simple "start page" with a few links,
>>> including
So I did a bit of googling and tinker panic 0 only makes sense for virtual
machines. Is there any way to confirm if it is indeed a hardware issue ?
On Thu, Sep 10, 2015 at 5:16 AM, Andrew Holway
wrote:
> Thats odd. You would normally not need it on bare metal. It could be
> broken hardware.
>
>
Thanks all!
(And I should have known that it would be Mo's work.)
--
Ian Pilcher arequip...@gmail.com
"I grew up before Mark Zuckerberg invented friendship"
Following instructions from here...
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
RHEL6 server
# rpm -qa ipa-server
ipa-server-3.0.0-42.el6.x86_64
RHEL7 server
# rpm -q ipa-server
ipa-ser
Hi,
I'm trying to setup my Amazon Linux instances to be able to fetch the IPA
users public ssh key.
Do I have to setup a binddn and bindpw in the ldap.conf file and use
/usr/libexec/openssh/ssh-ldap-wrapper or is there a better way to do it?
Thanks,
Gustavo
--
Manage your subscription for the F
One way to do it is write a small script which will fetch the keys from
LDAP.
As for authentication, I make the SSH public key anonymously readable for
everyone.
On 11 September 2015 at 05:00, Gustavo Mateus
wrote:
> Hi,
>
> I'm trying to setup my Amazon Linux instances to be able to fetch the
23 matches
Mail list logo