Re: [Freeipa-users] ID Views without AD

On Wed, 10 Feb 2016, Mike Kelly wrote: On Wed, Feb 10, 2016 at 3:19 AM Alexander Bokovoy wrote: On Wed, 10 Feb 2016, Mike Kelly wrote: >Is there some extra logging I can turn on to see why this ID View isn't >being applied like I would expect? Or perhaps some extra bit

Re: [Freeipa-users] BIND apparently not loading ldap.so

On 10.2.2016 20:05, Chris Lajoie wrote: > Hi, I am using the bind-dyndb-ldap package (not full FreeIPA) and I am having > a problem where it appears that the plugin is not getting loaded by BIND at > all. I have nothing in the logs at all from the plugin. No failures of any > kind, just regular

Re: [Freeipa-users] PKINIT support in FreeIPA 4.2.0

On Thu, 11 Feb 2016, Nik Lam wrote: I've upgraded that package on both the IdM server and the (problem) client. I haven't looked *really* closely at the logs or the trace output, but it doesn't look like I'm getting any additional output. However, on a whim, went to another client. This time I

Re: [Freeipa-users] PKINIT support in FreeIPA 4.2.0

On Thu, Feb 11, 2016 at 11:16:14AM +1100, Nik Lam wrote: > On Thu, Feb 11, 2016 at 1:42 AM, Sumit Bose wrote: > > > On Wed, Feb 10, 2016 at 11:07:14PM +1100, Nik Lam wrote: > > > On Wed, Feb 10, 2016 at 7:43 PM, Sumit Bose wrote: > > > > > > > On Wed, Feb 10,

Re: [Freeipa-users] BIND apparently not loading ldap.so

On 11.2.2016 19:32, Chris Lajoie wrote: > On 02/11/2016 02:46 AM, Petr Spacek wrote: >> What version of BIND and bind-dyndb-ldap packages are you using? $ rpm >> -q bind bind-dyndb-ldap > bind-9.9.4-29.el7_2.2.x86_64 bind-dyndb-ldap-8.0-1.el7.x86_64 >> >> I'm not sure how exactly the logging

Re: [Freeipa-users] CA: Failing to add Centos7 replica to Centos6.7 ipa server

Thank you! Dodgig the dogtag guys, then ;-) Il giorno Gio 11 Feb 2016 13:26 Martin Basti ha scritto: > > > On 11.02.2016 12:51, Quasar wrote: > > Martin, > > I've re-tested the replica with a freshly-installed CentOS 7 (1511). > Installation still fails (damn!) and the log is

Re: [Freeipa-users] ID Views without AD

On Thu, Feb 11, 2016 at 10:21:37AM +0200, Alexander Bokovoy wrote: > On Wed, 10 Feb 2016, Mike Kelly wrote: > >On Wed, Feb 10, 2016 at 3:19 AM Alexander Bokovoy > >wrote: > > > >>On Wed, 10 Feb 2016, Mike Kelly wrote: > >> > >>>Is there some extra logging I can turn on to see

Re: [Freeipa-users] smart cards caintaining multiple certificates

On Wed, Feb 10, 2016 at 04:05:20PM -0600, Michael Rainey (Contractor) wrote: > Greetings, > > I'm curious as to how IPA handles smart cards containing multiple > certificates. When I follow the steps listed at > https://fedorahosted.org/sssd/wiki/DesignDocs/SmartcardAuthenticationStep1 > when

Re: [Freeipa-users] Failing to add Fedora 20 replica to Centos6.7 ipa server

Hello, comments inline. On 11.02.2016 10:46, Quasar wrote: Hi, I desperately need your help/advice with our ipa update process. Briefly, we'd like to update our IPA 3.0 installation based on CentOS 6.7 to a newer version, and I read that the way of doing it is to create a new replica with a

Re: [Freeipa-users] CA: Failing to add Centos7 replica to Centos6.7 ipa server

On 11.02.2016 12:51, Quasar wrote: Martin, I've re-tested the replica with a freshly-installed CentOS 7 (1511). Installation still fails (damn!) and the log is a bit more verbose. I suppose it has something to do with certificate in my master server proably due to incremental updates did in

Re: [Freeipa-users] Failing to add Fedora 20 replica to Centos6.7 ipa server

On 11.02.2016 11:05, Martin Basti wrote: Hello, comments inline. On 11.02.2016 10:46, Quasar wrote: Hi, I desperately need your help/advice with our ipa update process. Briefly, we'd like to update our IPA 3.0 installation based on CentOS 6.7 to a newer version, and I read that the way of

Re: [Freeipa-users] ID Views without AD

On Thu, Feb 11, 2016 at 3:21 AM Alexander Bokovoy wrote: > On Wed, 10 Feb 2016, Mike Kelly wrote: > >On Wed, Feb 10, 2016 at 3:19 AM Alexander Bokovoy > >wrote: > > > >> On Wed, 10 Feb 2016, Mike Kelly wrote: > >> > >> >Is there some extra logging I can

Re: [Freeipa-users] ID Views without AD

On Wed, Feb 10, 2016 at 3:19 AM Alexander Bokovoy wrote: > On Wed, 10 Feb 2016, Mike Kelly wrote: > > >Is there some extra logging I can turn on to see why this ID View isn't > >being applied like I would expect? Or perhaps some extra bit of > >configuration I missed? >

Re: [Freeipa-users] CA: Failing to add Centos7 replica to Centos6.7 ipa server

On 11.02.2016 13:33, Quasar wrote: Thank you! Dodgig the dogtag guys, then ;-) Do you have CA configured as external CA? It could be: https://bugzilla.redhat.com/show_bug.cgi?id=1291747 I don't think that it is already in CentOS Il giorno Gio 11 Feb 2016 13:26 Martin Basti

Re: [Freeipa-users] CA: Failing to add Centos7 replica to Centos6.7 ipa server

​ Excellent news Martin! After checking the bug you shared with me, I tried to check if pki-core-9.0.3-45.el6_7 was released for CentOS 6.7 and I was quite lucky this time! After a "yum update" I retried the teplica and this time everything went smoothly! Thanks a lot for your help and time!

Re: [Freeipa-users] Failing to add Fedora 20 replica to Centos6.7 ipa server

Please disregard this email, as it was duplicated. Sorry for the incovenience On Tue, Feb 9, 2016 at 4:26 PM, wrote: > Hi, I desperately need your help/advice with our ipa update process. > Briefly, we'd like to update our IPA 3.0 installation based on CentOS

Re: [Freeipa-users] CA: Failing to add Centos7 replica to Centos6.7 ipa server [solved]

On 11.02.2016 14:49, Quasar wrote: ​ Excellent news Martin! After checking the bug you shared with me, I tried to check if pki-core-9.0.3-45.el6_7 was released for CentOS 6.7 and I was quite lucky this time! After a "yum update" I retried the teplica and this time everything went smoothly!

Re: [Freeipa-users] Failing to add Fedora 20 replica to Centos6.7 ipa server

Hi Martin, first of all thanks for taking some time to read and provide feedback, much appreciated. I firstly tried with CentOS 7.x (build 1511) but got the same errore during CA configuration. Then I supposed I had to upgrade step-by-step, from 3.0 to 3.3 (instead of 3.0 to 4.x) and used Fedora

Re: [Freeipa-users] BIND apparently not loading ldap.so

On 02/11/2016 02:46 AM, Petr Spacek wrote: What version of BIND and bind-dyndb-ldap packages are you using? $ rpm -q bind bind-dyndb-ldap bind-9.9.4-29.el7_2.2.x86_64 bind-dyndb-ldap-8.0-1.el7.x86_64 I'm not sure how exactly the logging magic in BIND works so I would recommend you to to run