Hi
With further debugging, I discovered, that I messed up the
/etc/sssd/sssd.conf file. There, I added:
…
[domain/customer.company.internal]
krb5_realm = customer.company.internal
…
Exactly like that. With "krb5_realm = customer.company.internal"; ie. with
the realm in lowercase letters.
Aft
On 6.10.2015 03:40, Brendan Kearney wrote:
> i have two bind instances in somewhat of a multi-master server arrangement,
> where they share the same ldap backend via bind-dyndb-ldap. currently, they
> are authoritative and recursive servers, and i want to change things up a
> bit. i want to move
On 5.10.2015 21:57, nat...@nathanpeters.com wrote:
Looking at the log entries, it appears that there may have been a
network
connectivity 'blip' (maybe a switch or router was restarted) at some
point
and even after connectivity was restored, the global forwarding was
f
On 10/06/2015 07:42 AM, Petr Spacek wrote:
On 6.10.2015 03:40, Brendan Kearney wrote:
i have two bind instances in somewhat of a multi-master server arrangement,
where they share the same ldap backend via bind-dyndb-ldap. currently, they
are authoritative and recursive servers, and i want to ch
On Mon, Oct 05, 2015 at 02:48:48PM -0400, Rob Crittenden wrote:
> Andrew E. Bruno wrote:
> > On Mon, Oct 05, 2015 at 12:40:42PM +0200, Martin Kosek wrote:
> >> On 10/02/2015 06:00 PM, Andrew E. Bruno wrote:
> >>> On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno wrote:
> What's the bes
Thanks for the info, Tomas.
I will definitely try this one out! Couldn’t wait for it to be released
for CentOS if it really does what the changes you mentioned describe :-)
We would like to have hostgroup of 10.000 hostmembers or even more in
one group. We currently split these group into mul
On Tue, Oct 06, 2015 at 11:26:42AM +0200, Alexander Skwar wrote:
> Hi
>
> With further debugging, I discovered, that I messed up the
> /etc/sssd/sssd.conf file. There, I added:
>
> …
> [domain/customer.company.internal]
>
> krb5_realm = customer.company.internal
> …
>
>
>
> Exactly like that.
Herwono W Wijaya writes:
>
>
> Tomorrow I will try to capture Univention LDAP traffic with
> wireshark, and if possible I will try also this FreeIPA with vCenter
> 6. Since I became one of the private beta testers so I had vCenter
Any updates on this? I am getting the same issue i
Andrew E. Bruno wrote:
> On Mon, Oct 05, 2015 at 02:48:48PM -0400, Rob Crittenden wrote:
>> Andrew E. Bruno wrote:
>>> On Mon, Oct 05, 2015 at 12:40:42PM +0200, Martin Kosek wrote:
On 10/02/2015 06:00 PM, Andrew E. Bruno wrote:
> On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno wr
On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
> Andrew E. Bruno wrote:
> > On Mon, Oct 05, 2015 at 02:48:48PM -0400, Rob Crittenden wrote:
> >> Andrew E. Bruno wrote:
> >>> On Mon, Oct 05, 2015 at 12:40:42PM +0200, Martin Kosek wrote:
> On 10/02/2015 06:00 PM, Andrew E. Bruno
Andrew E. Bruno wrote:
> On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
>> Andrew E. Bruno wrote:
>>> The replica is not showing up when running ipa-replica-manage list.
>>>
>>> # ipa-replica-manage list
>>> srv-m14-32.cbls.ccr.buffalo.edu: master
>>> srv-m14-31-02.cbls.ccr.b
On 6.10.2015 14:13, Brendan Kearney wrote:
> On 10/06/2015 07:42 AM, Petr Spacek wrote:
>> On 6.10.2015 03:40, Brendan Kearney wrote:
>>> i have two bind instances in somewhat of a multi-master server arrangement,
>>> where they share the same ldap backend via bind-dyndb-ldap. currently, they
>>>
On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote:
> Andrew E. Bruno wrote:
> > On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
> >> Andrew E. Bruno wrote:
> >>> The replica is not showing up when running ipa-replica-manage list.
> >>>
> >>> # ipa-replica-manage list
Hello Sumit
ipa-client-install hasn't set krb5_realm. I did that.
We're using Chef-Solo to manage our systems and I have /etc/sssd/sssd.conf
in chef. So it overwrote, whatever ipa-client-install put there. And that's
how the mistake happened.
I think the ipa-client-install discovered everything
On 09/22/2015 01:03 AM, Craig White wrote:
-Original Message-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: Friday, September 18, 2015 1:44 AM
To: Craig White; Martin Kosek; freeipa-users@redhat.com; Jan Cholasta
Subject: Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA
Hello,
I had assumed sudo rules worked because I have an "allow_all for admins"
sudo rule that seemed to work, but I wonder if there is an implicit rule
for the special group admins ?
Because I have tried to replicate this allow_all rule for for other user
groups, and it does not seem to work at
On 10/06/2015 10:30 AM, Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote:
Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
Andrew E. Bruno wrote:
The replica is not showing up when running ipa-replica-manage list.
> Your expectation #1 is correct, but there can be multiple reasons why it
> fails.
>
> Did you try to set forward policy = only as I advised you in the previous
> e-mail? Forward policy 'first' does not make sense when split-DNS is
> involved
> because you can end up with mixture of records from d
Hello,
I have been rolling out an IPA deployment for IBM Watson for the past 3
months. Initially I did not want to take on application ids (linux OS Ids
owning apps). I now have to so I have created the accounts in IPA however
new files created by user wdadeploy are being created with
wdadepl
Sean Hogan wrote:
> Hello,
>
> I have been rolling out an IPA deployment for IBM Watson for the past 3
> months. Initially I did not want to take on application ids (linux OS
> Ids owning apps). I now have to so I have created the accounts in IPA
> however new files created by user wdadeploy are b
On Tue, Oct 06, 2015 at 12:53:04PM -0400, Mark Reynolds wrote:
>
>
> On 10/06/2015 10:30 AM, Andrew E. Bruno wrote:
> >On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote:
> >>Andrew E. Bruno wrote:
> >>>On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
> Andrew E. Br
On 10/06/2015 01:13 PM, Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 12:53:04PM -0400, Mark Reynolds wrote:
On 10/06/2015 10:30 AM, Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote:
Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob
On Tue, Oct 06, 2015 at 02:29:49PM -0400, Mark Reynolds wrote:
>
>
> On 10/06/2015 01:13 PM, Andrew E. Bruno wrote:
> >On Tue, Oct 06, 2015 at 12:53:04PM -0400, Mark Reynolds wrote:
> >>
> >>On 10/06/2015 10:30 AM, Andrew E. Bruno wrote:
> >>>On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittend
Hi all;
I'm working an initiative to centralize user accounts in Active Directory.
We have a large RHEL (6+) footprint and want to manage these as well. I am
a Red Hat Engineer on the project and, while it is possible to integrate
all of the RHEL clients directly to AD, I have a nagging feeling th
Hi all;
I'm working an initiative to centralize user accounts in Active Directory.
We have a large RHEL (6+) footprint and want to manage these as well. I am
a Red Hat Engineer on the project and, while it is possible to integrate
all of the RHEL clients directly to AD, I have a nagging feeling th
On 06/10/15 13:14, Rob Crittenden wrote:
Sean Hogan wrote:
Hello,
I have been rolling out an IPA deployment for IBM Watson for the past 3
months. Initially I did not want to take on application ids (linux OS
Ids owning apps). I now have to so I have created the accounts in IPA
however new files
Hi,
I am trying to determine what the difference is between the 2 options above in
IPA4.1 and the implications and complications are of using one or other. Also
which one would be the better choice and why?
Can someone explain in simple terms please?
regards
Steven
--
Manage your subscri
Hi,
I have problem with setup new replicas.
I tried setup two replicas, both failed with the same error.
environment:
Fedora 21
packages:
freeipa-server-4.1.3-2.fc21.x86_64
389-ds-base-1.3.3.8-1.fc21.x86_64
389-ds-base-libs-1.3.3.8-1.fc21.x86_64
pki-server-10.2.0-5.fc21.noarch
same on server an
28 matches
Mail list logo