On Thu, 01 Oct 2015, Fujisan wrote:
I get this:
-
$ ldapsearch -D cn=directory\ manager -W -b cn=accounts,dc=mydomain
'(uid=user1*)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (uid=user1*)
# requesting: ALL
#
# search result
On Thu, 01 Oct 2015, Simo Sorce wrote:
On 01/10/15 03:15, Petr Spacek wrote:
On 30.9.2015 20:36, Matt Wells wrote:
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting atop a Fedora 21 server. The initial plan
was to replicate users+passwords with Windows
On 10/02/2015 04:15 AM, Andrew Meyer wrote:
I just created a new FreeIPA setup at my home and i'm getting the following:
[Thu Oct 01 14:02:10.082255 2015] [core:notice] [pid 18792] AH00094: Command
line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Oct 01 14:02:14.742680 2015] [:error] [pid 18795] ipa:
Yep! Rebooting is just what I needed.
It just cleaned LDAP from user1. I could create 'user1' again within the
FreeIPA web UI.
$ ldapsearch -x -h ipasrv uid=user1
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: uid=user1
# requesting: ALL
#
# user1, users, compat, mydoma
On 10/01/2015 07:50 PM, Andrew E. Bruno wrote:
On Thu, Oct 01, 2015 at 05:40:34PM +0200, Martin Basti wrote:
On 10/01/2015 05:28 PM, Andrew E. Bruno wrote:
On Thu, Oct 01, 2015 at 05:09:23PM +0200, Martin Basti wrote:
On 10/01/2015 05:03 PM, Andrew E. Bruno wrote:
Running CentOS 7.1.1503.
Hello,
I cannot login to the web UI anymore.
The password or username you entered is incorrect.
Log says:
Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes {18 17
16 23 25 26 1 3 2}) 10.0.21.18: NEEDED_PREAUTH: HTTP/zaira2.opera@OPERA for
krbtgt/OPERA@OPERA, Additional pre-auth
More info:
I can initiate a ticket:
$ kdestroy
$ kinit admin
but cannot view user admin:
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
$ ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RU
Hi folks,
we recently setup an IPA-Server on Centos 7.1 and connected some Ubuntu 14.04
LTS machines to this server.
The IPA-Realm is just for configuring the clients, such as HBAC and SUDO. The
user information are stored in an AD to which we established a two-way trust.
Our problem is now, th
On 02/10/15 04:06, Alexander Bokovoy wrote:
On Thu, 01 Oct 2015, Simo Sorce wrote:
On 01/10/15 03:15, Petr Spacek wrote:
On 30.9.2015 20:36, Matt Wells wrote:
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting atop a Fedora 21 server. The
initial plan
On 10/02/2015 02:52 PM, Fujisan wrote:
More info:
I can initiate a ticket:
$ kdestroy
$ kinit admin
but cannot view user admin:
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
$ ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
Sorry. I'm running the latest one, 4.1.4.
On Fri, Oct 2, 2015 at 3:27 PM, Martin Babinsky wrote:
> On 10/02/2015 02:52 PM, Fujisan wrote:
>
>> More info:
>>
>> I can initiate a ticket:
>> $ kdestroy
>> $ kinit admin
>>
>> but cannot view user admin:
>> $ ipa user-show admin
>> ipa: ERROR: cannot
On Fri, 02 Oct 2015, Simo Sorce wrote:
On 02/10/15 04:06, Alexander Bokovoy wrote:
On Thu, 01 Oct 2015, Simo Sorce wrote:
On 01/10/15 03:15, Petr Spacek wrote:
On 30.9.2015 20:36, Matt Wells wrote:
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting ato
On Fri, 02 Oct 2015, Fujisan wrote:
More info:
I can initiate a ticket:
$ kdestroy
$ kinit admin
but cannot view user admin:
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
$ ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kad
I tried to clear them out of the preferences. No go.Still getting this:
Secure Connection Failed
An error occurred during a connection to asm-dns01.borg.local. You have
received an invalid certificate. Please contact the server administrator or
email correspondent and give them the following inf
works in chrome and not firefox, creating new FF profile.
On Friday, October 2, 2015 3:09 AM, Martin Kosek wrote:
On 10/02/2015 04:15 AM, Andrew Meyer wrote:
> I just created a new FreeIPA setup at my home and i'm getting the following:
>
> [Thu Oct 01 14:02:10.082255 2015] [core:n
On 10/02/2015 03:41 PM, Andrew Meyer wrote:
works in chrome and not firefox, creating new FF profile.
Hi,
try to remove IPA certificates from firefox in ff settings
Martin
On Friday, October 2, 2015 3:09 AM, Martin Kosek
wrote:
On 10/02/2015 04:15 AM, Andrew Meyer wrote:
>
What's the best way to re-initialize a replica?
Suppose one of your replicas goes south.. is there a command to tell
that replicate to re-initialize from the first master (instead of
removing/re-adding the replica from the topology)?
Thanks,
--Andrew
--
Manage your subscription for the Freei
On Fri, 02 Oct 2015, Simo Sorce wrote:
On 02/10/15 04:06, Alexander Bokovoy wrote:
On Thu, 01 Oct 2015, Simo Sorce wrote:
On 01/10/15 03:15, Petr Spacek wrote:
On 30.9.2015 20:36, Matt Wells wrote:
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting ato
Well, I think I messed up when trying to configure cockpit to use kerberos.
What should I do to fix this?
I have this on the ipa server:
$ klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
--
2 host/zaira2.op
On Fri, 02 Oct 2015, Fujisan wrote:
Well, I think I messed up when trying to configure cockpit to use kerberos.
What should I do to fix this?
I have this on the ipa server:
$ klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
On 02/10/15 10:25, Alexander Bokovoy wrote:
On Fri, 02 Oct 2015, Fujisan wrote:
Well, I think I messed up when trying to configure cockpit to use
kerberos.
What should I do to fix this?
I have this on the ipa server:
$ klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---
I still cannot login to the web UI.
Here is what I did:
1. mv /etc/krb5.keytab /etc/krb5.keytab.save
2. kinit admin
Password for admin@OPERA:
3. ipa-getkeytab -s zaira2.opera -p host/zaira2.opera@OPERA -k
/etc/krb5.keytab
4. systemctl restart sssd.service
5. mv /etc/httpd/con
I forgot to mention that
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
On Fri, Oct 2, 2015 at 4:44 PM, Fujisan wrote:
> I still cannot login to the web UI.
>
> Here is what I did:
>
>1. mv /etc/krb5.keytab /etc/krb5.keytab.save
>2. kin
On Fri, 02 Oct 2015, Fujisan wrote:
I forgot to mention that
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
This is most likely because of the cached session to your server.
You can check if
keyctl list @s
returns you something like
[root@m
I only have this:
$ keyctl list @s
1 key in keyring:
641467419: --alswrv 0 65534 keyring: _uid.0
$
On Fri, Oct 2, 2015 at 5:01 PM, Alexander Bokovoy
wrote:
> On Fri, 02 Oct 2015, Fujisan wrote:
>
>> I forgot to mention that
>>
>> $ ipa user-show admin
>> ipa: ERROR: cannot connect to 'htt
Hello
How do I get password authentication to work with freeipa-client
3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo?
Long version follows :)
We've got an IPA server with the Red Hat Identity Management server
on RHEL 7.1 servers; FreeIPA v4.1.0 is being used there. I configured
users and gr
On Fri, Oct 02, 2015 at 04:28:57PM +0200, Alexander Skwar wrote:
> Hello
>
> How do I get password authentication to work with freeipa-client
> 3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo?
>
> Long version follows :)
>
> We've got an IPA server with the Red Hat Identity Management server
>
On Fri, Oct 02, 2015 at 04:28:57PM +0200, Alexander Skwar wrote:
> Hello
>
> How do I get password authentication to work with freeipa-client
> 3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo?
>
> Long version follows :)
>
> We've got an IPA server with the Red Hat Identity Management server
>
On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno wrote:
> What's the best way to re-initialize a replica?
>
> Suppose one of your replicas goes south.. is there a command to tell
> that replicate to re-initialize from the first master (instead of
> removing/re-adding the replica from the
We have a FreeIPA domain running IPA server 4.1.4 on CentOS 7.
We have no per zone forwarding enabled, only a single global forwarder.
This seems to work fine, but then after a while (several weeks I think)
will randomly stop working.
We had this issue several weeks ago on a different IPA domain
We have a FreeIPA domain running IPA server 4.1.4 on CentOS 7.
We have no per zone forwarding enabled, only a single global forwarder.
This seems to work fine, but then after a while (several weeks I think)
will randomly stop working.
We had this issue several weeks ago on a different IPA domain
This issue has occured again and I am once again trying to troubleshoot it.
show forwarder
--
-bash-4.2$ ipa dnsconfig-show
Global forwarders: 10.21.0.14
Allow PTR sync: TRUE
attempt ping
-bash-4.2$ ping stash.externaldomain.net
ping: unknown host stash.externaldoma
Sorry about this post. I sent this email to the list 3 times over the
last 48 hours and it was finally accepted after the 3rd send when I
changed the subject to something totally not descriptive of my problem.
Original email with original subject also finally posted today :(
> We have a FreeIPA
We have a FreeIPA domain running IPA server 4.1.4 on CentOS 7.
We have no per zone forwarding enabled, only a single global forwarder.
This seems to work fine, but then after a while (several weeks I think)
will randomly stop working.
We had this issue several weeks ago on a different IPA domain
34 matches
Mail list logo
