>
> Do you know if these options are generated by the installer or are those
> the ones included with the sssd generated file ?
>
I do not. I didn't setup any kerberos configurations other then
running the ipa client install to join the domain.
> Would you mind filing a ticket? I think this
>
> Looking into krb5/src/util/profile/prof_get.c, the code that supports
> 'yes'/'no' (y,yes,1,true,t,on and n,no,nil,off,false) was added in 2000
> with the commit 97971c69b9389be08b7e9ffb742ca35f3706b3af (it was CVS at
> the time but the commit is traceable via git after import from SVN).
>
>
On Mon, 07 Dec 2015, Marc Boorshtein wrote:
FreeIPA team,
In doing some work with Java I came across an issue with = the
krb5.conf file generated by the IPA client install process. Options
in the krb5.conf file that are boolean are being set as yes/no instead
of true/false. MIT Kerberos
On Mon, 2015-12-07 at 10:45 -0500, Marc Boorshtein wrote:
> >
> > Do you know if these options are generated by the installer or are those
> > the ones included with the sssd generated file ?
> >
>
> I do not. I didn't setup any kerberos configurations other then
> running the ipa client install
FreeIPA team,
In doing some work with Java I came across an issue with = the
krb5.conf file generated by the IPA client install process. Options
in the krb5.conf file that are boolean are being set as yes/no instead
of true/false. MIT Kerberos accepts it but per the docs it should be
On Mon, 2015-12-07 at 10:04 -0500, Marc Boorshtein wrote:
> FreeIPA team,
>
> In doing some work with Java I came across an issue with = the
> krb5.conf file generated by the IPA client install process. Options
> in the krb5.conf file that are boolean are being set as yes/no instead
> of
> So the questions are:
> - is there another cleaner way to exclude the localauth sssd plugin
> (considering that the configuration snippet is recreated at every sssd
> restart)?
Can you test if this hack would help:
# service sssd stop
# rm
On Mon, 07 Dec 2015, Marc Boorshtein wrote:
Looking into krb5/src/util/profile/prof_get.c, the code that supports
'yes'/'no' (y,yes,1,true,t,on and n,no,nil,off,false) was added in 2000
with the commit 97971c69b9389be08b7e9ffb742ca35f3706b3af (it was CVS at
the time but the commit is traceable
On Mon, Dec 07, 2015 at 06:04:30PM +0100, Stefano Cortese wrote:
> >> So the questions are:
> >> - is there another cleaner way to exclude the localauth sssd plugin
> >> (considering that the configuration snippet is recreated at every sssd
> >> restart)?
> >
> >Can you test if this hack would
On Mon, 2015-12-07 at 18:04 +0100, Stefano Cortese wrote:
> > > So the questions are:
> > > - is there another cleaner way to exclude the localauth sssd plugin
> > > (considering that the configuration snippet is recreated at every sssd
> > > restart)?
> >
> > Can you test if this hack would help:
On Mon, Dec 07, 2015 at 06:04:30PM +0100, Stefano Cortese wrote:
> >> So the questions are:
> >> - is there another cleaner way to exclude the localauth sssd plugin
> >> (considering that the configuration snippet is recreated at every sssd
> >> restart)?
> >
> >Can you test if this hack would
Hi Jakub
On Mon, Dec 7, 2015 at 12:00 PM, Jakub Hrozek wrote:
> On Sun, Dec 06, 2015 at 09:58:58PM +0300, Traiano Welcome wrote:
>> Hi List
>>
>>
>> Current Scenario:
>> =
>>
>> I have a number of stores on really unreliable network connections:
>> It's quite
Dear Team,
I’m trying to remove DNS records from IPA server and getting following error:
"ipa: ERROR: webapps001.mz984: DNS resource record not found"
I suspect that there was such server "webapps001.mz984" in the past properly
added to IPA server via “spa-client-install” utility , but it was
Hello Everyone,
I'm using IPA on a CentOS 7 box at home (because why not?). I'm running
into a problem which so far has stumped me.
The host running the IPA master is on the protected LAN subnet (let's
call it 1.1.1.1). The replica I'm now trying to setup is running in the
"dmz" subnet (this one
On Sat, Dec 05, 2015 at 06:44:45PM +0100, Stefano Cortese wrote:
> Hello,
> we have a number of ipa 3.0 clients that have been upgraded from Scientific
> Linux 6.6 to 6.7 and after the upgrade both the .k5login authorization and
> auth_to_local_names mappings don't work anymore as before.
> The
On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote:
> Hello,
>
> We are having a problem with HBAC that appears to be related to group
> membership lookup. I am testing with a new install on RHEL 7.2 with a
> cross-forest trust with AD. When an AD user attempts to log into a client
>
On Sun, Dec 06, 2015 at 09:58:58PM +0300, Traiano Welcome wrote:
> Hi List
>
>
> Current Scenario:
> =
>
> I have a number of stores on really unreliable network connections:
> It's quite possible for the links to have been down for 3 - 4 days at
> a time.
>
> In a given store is a
On 12/04/2015 09:11 PM, Martin Štefany wrote:
> Hi Daryl,
>
> IPA client <-> IPA server are both backward and forward compatible, see:
>
> http://www.freeipa.org/page/Client#Compatibility
>
> Note: except ipa-admintools, that one is a (thick) client and is
> compatible only forward, see the
Hello
for me working if ipv6 address is e.g. 2002::101 so reverse zone will be :
0.2.0.0.2.ip6.arpa
you can use more char as you mentioned ( 0.0.0.0.0.2.0.0.2.ip6.arpa will still
be reverse for ip 2002::101 )
so if your IP start 2001:: have reverse 2.0.0.1.ip6.arpa
hope it helps
-
Orion Poplawski wrote:
> I just upgraded my SL7 box to ipa-server-4.2.0, but this process appears to
> have broken ipa. From the ipaupgrade.log:
>
> 2015-12-07T17:47:46Z DEBUG Starting external process
> 2015-12-07T17:47:46Z DEBUG args='/bin/systemctl' 'is-active'
> 'certmonger.service'
>
Martin,
Here is the output you requested:
[root@ipa-idm]# ipa dnsrecord-find 123.xyz.com mz984 --all --raw
dn:
idnsName=webapps001.mz984+nsuniqueid=650db4bc-88c511e5-90e7864e-76f6b2c3,idnsname=123.xyz.com.,cn=dns,dc=123,dc=xyz,dc=com
idnsname: webapps001.mz984
arecord: 10.16.9.232
Martin,
For my education, how did you identify that from my output?
Regards,
Andrey Ptashnik
From: Martin Basti >
Date: Monday, December 7, 2015 at 1:24 PM
To: Andrey Ptashnik >,
Andrey Ptashnik wrote:
> Martin,
>
> For my education, how did you identify that from my output?
The +nsuniqueid= in the dn.
When managing entries in IPA it constructs the DN based on the values
provided which is why you got a notfound for webapps001.mz984, because
it literally doesn't exist.
Yes, it is replication conflict.
Please follow:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
On 07.12.2015 20:19, Andrey Ptashnik wrote:
Martin,
Here is the output you
On Mon, Dec 07, 2015 at 10:00:02AM +0100, Jakub Hrozek wrote:
> On Sun, Dec 06, 2015 at 09:58:58PM +0300, Traiano Welcome wrote:
> > Hi List
> >
> >
> > Current Scenario:
> > =
> >
> > I have a number of stores on really unreliable network connections:
> > It's quite possible for
On 07.12.2015 20:12, Pavel Picka wrote:
Hello
for me working if ipv6 address is e.g. 2002::101 so reverse zone will be :
0.2.0.0.2.ip6.arpa
you can use more char as you mentioned ( 0.0.0.0.0.2.0.0.2.ip6.arpa will still
be reverse for ip 2002::101 )
so if your IP start 2001:: have
> Jakub Hrozek wrote:
>
> On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote:
> > Hello,
> >
> > We are having a problem with HBAC that appears to be related to group
> > membership lookup. I am testing with a new install on RHEL 7.2 with a
> > cross-forest trust with AD. When an AD
On Mon, 2015-12-07 at 19:39 +0100, Martin Basti wrote:
> IMO 2.2.2.2/32 is why installation is failing, it should be something
> 2.2.2.2/24, please try to reconfigure your network interface.
Wow - I can't believe I missed the /32. I don't know _why_ the netmask
was set to /32, but after changing
Am Monday 07 December 2015, 20:41:29 schrieb Martin Basti:
> On 07.12.2015 20:12, Pavel Picka wrote:
> > Hello
> >
> > for me working if ipv6 address is e.g. 2002::101 so reverse zone will be :
> >
> > 0.2.0.0.2.ip6.arpa
> >
> > you can use more char as you mentioned (
On 12/07/2015 12:17 PM, Rob Crittenden wrote:
> Orion Poplawski wrote:
>> I just upgraded my SL7 box to ipa-server-4.2.0, but this process appears to
>> have broken ipa. From the ipaupgrade.log:
>>
>> 2015-12-07T17:47:46Z DEBUG Starting external process
>> 2015-12-07T17:47:46Z DEBUG
On Mon, Dec 07, 2015 at 02:04:26PM -0600, Sauls, Jeff wrote:
> > Jakub Hrozek wrote:
> >
> > On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote:
> > > Hello,
> > >
> > > We are having a problem with HBAC that appears to be related to group
> > > membership lookup. I am testing with a
On 07.12.2015 21:26, Günther J. Niederwimmer wrote:
Am Monday 07 December 2015, 20:41:29 schrieb Martin Basti:
On 07.12.2015 20:12, Pavel Picka wrote:
Hello
for me working if ipv6 address is e.g. 2002::101 so reverse zone will be :
0.2.0.0.2.ip6.arpa
you can use more char as you mentioned
On 07.12.2015 21:24, Ranbir wrote:
On Mon, 2015-12-07 at 19:39 +0100, Martin Basti wrote:
IMO 2.2.2.2/32 is why installation is failing, it should be something
2.2.2.2/24, please try to reconfigure your network interface.
Wow - I can't believe I missed the /32. I don't know _why_ the netmask
Hello,
Does anyone have a ldapsearch syntax that will check the database for
all enrolled hosts within IPA and ignore non-enrolled hosts? I am not
familiar enough with the schema yet to know which containers contain what.
I know there is a flag on the gui for enrolled or not so thinking its
Sean Hogan wrote:
> Hello,
>
> Does anyone have a ldapsearch syntax that will check the database for
> all enrolled hosts within IPA and ignore non-enrolled hosts? I am not
> familiar enough with the schema yet to know which containers contain
> what. I know there is a flag on the gui for
On 07.12.2015 18:40, Kanwar Ranbir Sandhu wrote:
Hello Everyone,
I'm using IPA on a CentOS 7 box at home (because why not?). I'm running
into a problem which so far has stumped me.
The host running the IPA master is on the protected LAN subnet (let's
call it 1.1.1.1). The replica I'm now
Andrey Ptashnik wrote:
> Dear Team,
>
> Im trying to remove DNS records from IPA server and getting following
> error: "ipa: ERROR: webapps001.mz984: DNS resource record not found"
> I suspect that there was such server "webapps001.mz984" in the past
> properly added to IPA server via
On 07.12.2015 18:08, Andrey Ptashnik wrote:
Dear Team,
I’m trying to remove DNS records from IPA server and getting following
error: "ipa: ERROR: webapps001.mz984: DNS resource record not found"
I suspect that there was such server "webapps001.mz984" in the past
properly added to IPA server
Hello,
I like to create a ip6.arpa with freeIPA but this is not possible ? I can't
found the correct syntax for a IPv6 reverse Zone :-(.
I Tested
16 Char
x.x.x.x.x.x.x.x.x.x.x.x.1.0.0.2
x.x.x.x.x.x.x.x.x.x.x.x.1.0.0.2.ip6.arpa
The last is working with named (bind)
Can any tell me, is this
39 matches
Mail list logo