On 03.05.2016 02:40, Gary T. Giesen wrote:
I've followed the guide at https://www.freeipa.org/page/Howto/DNSSEC to
configure DNSSEC support in my FreeIPA 4.2/CentOS 7.2 installation, but I've
been unable for the life of me to get it to sign zones. I've followed the
steps at
http://www.freeipa.o
On (03/05/16 07:35), Harald Dunkel wrote:
>Hi Lukas,
>
>On 05/02/16 17:59, Lukas Slebodnik wrote:
>> Could you provide output of "systemctl cat sssd.service"?
>> In my case, it should be started before nss-user-lookup.target
>>
>> # /usr/lib/systemd/system/sssd.service
>> [Unit]
>> Des
On (29/04/16 17:16), Hosakote Nagesh, Pawan wrote:
>Thanks for your quick response. I am trying this on ubuntu.
>
>This is the bug I m facing right now:
>https://lists.launchpad.net/freeipa/msg00236.html
>They say its fixed in Trusty release of Ubuntu. But it doesn’t work for me.
>There is no ot
May 03 06:21:09 host.example.com systemd[1]: Stopping Berkeley Internet Name
Domain (DNS) with native PKCS#11...
May 03 06:21:09 host.example.com named-pkcs11[27047]: received control
channel command 'stop'
May 03 06:21:09 host.example.com named-pkcs11[27047]: shutting down:
flushing changes
May 03
I made a change to the zone to try to trigger an update and got the follow
in the log:
May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): serial 1462271604 (unsigned 1462271604)
May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): cou
On 3.5.2016 02:40, Gary T. Giesen wrote:
> I've followed the guide at https://www.freeipa.org/page/Howto/DNSSEC to
> configure DNSSEC support in my FreeIPA 4.2/CentOS 7.2 installation, but I've
> been unable for the life of me to get it to sign zones. I've followed the
> steps at
> http://www.freei
1. Confirmed, it was already set to ISMASTER=1
2. Logs:
May 03 07:21:05 host.example.com ipa-dnskeysyncd[27099]: ipa : INFO
Signal 15 received: Shutting down!
May 03 07:21:05 host.example.com systemd[1]: Started IPA key daemon.
May 03 07:21:05 host.example.com systemd[1]: Starting IPA key
On 3.5.2016 13:28, Gary T. Giesen wrote:
> 1. Confirmed, it was already set to ISMASTER=1
>
> 2. Logs:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUGCurrent cookie is: None
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUGDetect
See attached.
GTG
-Original Message-
From: Petr Spacek [mailto:pspa...@redhat.com]
Sent: May-03-16 7:33 AM
To: Gary T. Giesen ;
freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to configure DNSSEC signing
On 3.5.2016 13:28, Gary T. Giesen wrote:
> 1. Confirmed, it was alread
Hmm, this is really weird.
It should log message "Initial LDAP dump is done, sychronizing with ODS and
BIND" which is apparently not there. Maybe LDAP server is doing something
weird ...
Could you inspect /var/log/dirsrv/*/access_log and look for lines similar to
ones in the attached file, please
All lines from the log file with conn=152.
[03/May/2016:07:21:06 -0400] conn=152 fd=83 slot=83 connection from local to
/var/run/slapd-EXAMPLE-COM.socket
[03/May/2016:07:21:06 -0400] conn=152 op=0 BIND dn="" method=sasl version=3
mech=GSSAPI
[03/May/2016:07:21:06 -0400] conn=152 op=0 RESULT err=14
On 3.5.2016 15:29, Gary T. Giesen wrote:
> All lines from the log file with conn=152.
>
> [03/May/2016:07:21:06 -0400] conn=152 fd=83 slot=83 connection from local to
> /var/run/slapd-EXAMPLE-COM.socket
> [03/May/2016:07:21:06 -0400] conn=152 op=0 BIND dn="" method=sasl version=3
> mech=GSSAPI
> [
The old version of 389-ds-base is 1.2.11.15-48. The version we are migrating
to is 1.3.4.0-29
> On Apr 30, 2016, at 9:30 AM, Rob Crittenden wrote:
>
> Zak Wolfinger wrote:
>> Did the password encryption method change between V3.0 and newer
>> versions? Where can I find out what method is bei
Thanks Petr. I'm on IRC as well if a more interactive troubleshooting
session would be better.
Cheers,
GTG
-Original Message-
From: Petr Spacek [mailto:pspa...@redhat.com]
Sent: May-03-16 9:59 AM
To: Gary T. Giesen ;
freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to config
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Lukas,
On 05/03/16 10:21, Lukas Slebodnik wrote:
> But that's not a problem of sssd. It bug in cron service file. If cron relies
> on user lookup then it shoudl not be started before nss-user-lookup.target.
>
> Fedora has correct service file f
Hello all,
I've deployed FreeIPA in my home lab and I'm happy to have single
sign-on for all my Archlinux virtual machines and Fedora laptops :)
It took me lots of research and conversations before hearing about
FreeIPA for the first time while searching for a libre SSO solution. I
think FreeIPA
Currently this is the error I m stuck with. There isn’t enough material online
to proceed further. Failure starts with bus error..
Logs during ipa-client-install..
Synchronizing time with KDC...
Password for service_...@eaz.ebayc3.com:
Successfully retrieved
Hello Alexandre.
FreeIPA is the open source project, or as Red Hat calls it the upstream
project, that fuels Red Hat IDM [1].
As to IDM, there are many large corporations that use it on production and
mission critical environments.
Due to non-disclosure agreements I cannot give you fine details
On (03/05/16 18:25), Hosakote Nagesh, Pawan wrote:
>Currently this is the error I m stuck with. There isn’t enough material online
>to proceed further. Failure starts with bus error..
>
>Logs during ipa-client-install..
>
>
>Synchronizing time with KDC...
>Passw
Hello Alexandre,
Red Hat does not strictly track Idm[1] usage across the customer base so
we do not have complete stats, but we can say we have thousands of
deployments, which range from 1 to more than 20 servers and from a few
dozen to tens of thousands of clients attached to those servers, per
d
On (03/05/16 15:09), Alexandre de Verteuil wrote:
>Hello all,
>
>I've deployed FreeIPA in my home lab and I'm happy to have single
>sign-on for all my Archlinux virtual machines and Fedora laptops :)
>
>It took me lots of research and conversations before hearing about
>FreeIPA for the first time w
Our apps are running in a docker image based on Ubuntu 14.04 that cannot be
changed to redhat. We want to install freeipa-clietn within this docker so that
our app
Uses freeipa ldap as against default ldap.
The freeipa-client gets successfully installed in Ubuntu 14.04 plain machine,
that why i
Hi :
How to in place upgrade ipa-server-3.0.0-26.el6_4.4.x86_64
to ipa-server-3.0.0-37.el6.x86_64
This is minor version upgrade , can it just type update command?
Regards
Barry
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-us
Can speicific ninor version?
2016年5月4日 下午1:15 於 "Devin Acosta" 寫道:
> Barry,
>
> Yes you should be able to just do a: "yum update ipa-server" and you
> should be good to go.
>
>
> --
> Devin Acosta, RHCE, LFCE
> Linux Certified Engineer
> e: de...@linuxguru.co
>
>
> On May 3, 2016 at 9:10:04 PM, b
Barry,
Yes you should be able to just do a: "yum update ipa-server" and you should be
good to go.
--
Devin Acosta, RHCE, LFCE
Linux Certified Engineer
e: de...@linuxguru.co
On May 3, 2016 at 9:10:04 PM, barry...@gmail.com (barry...@gmail.com) wrote:
Hi :
How to in place upgrade ipa-server-
25 matches
Mail list logo
