[Freeipa-users] ns-slapd segfault

2016-11-28 Thread Giulio Casella
Hello, I have a setup with two ipa server in replica, based on CentOS 7. On one server (since a couple of days) ipa cannot start, the failing service is dirsrv@.service. In journal I have: ns-slapd[4617]: segfault at 7fb53b1ce515 ip 7fb50126e1a6sp 7ffc0b80d6c8 error 4 in

[Freeipa-users] mailing list SPAM

2016-11-28 Thread William Muriithi
Hello, This is just a FYI. Whenever I post an email here, I get lot of emails from this address - kimirachel4...@cczaa.com. Think there is someone in the list who is harvesting email addresses. That wouldn't be too bad because if he try to send a fresh mail, the spam system at google would

Re: [Freeipa-users] FreeIPA behind Apache Reverse Proxy and Load Balancer

2016-11-28 Thread Simo Sorce
On Sat, 2016-11-26 at 23:18 +0530, deepak dimri wrote: > Hi All, > > I want to configure Apache reverse proxy to load balance/failover between > two IPA servers. I have referred > *https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name >

[Freeipa-users] OTP Algorithm

2016-11-28 Thread Callum Guy
Hi All, I wanted to ask a quick question - perhaps a more experienced user will be able to help or point me to the correct documentation. Basically we have implemented password+OTP type authentication which works great. When adding a OTP code using the admin login you can choose an algorithm.

Re: [Freeipa-users] IPA rewrite conf

2016-11-28 Thread Deepak Dimri
Hi Jan, Thanks for your reply. Sorry for the typo its AWS ELB. I have seen the link you shared below. My issue is that i want my IPA servers in Failover/Load Balancing mode and when i add another IPA server using Proxy balancer i believe ProxyPassReverseCookieDomain and RequestHeader edit

Re: [Freeipa-users] IPA rewrite conf

2016-11-28 Thread Jan Pazdziora
On Mon, Nov 28, 2016 at 11:25:30AM +, Deepak Dimri wrote: > Hi Jan, Thanks for your reply. Sorry for the typo its AWS ELB. > > > I have seen the link you shared below. My issue is that i want my IPA > servers in Failover/Load Balancing mode and when i add another IPA server > using Proxy

Re: [Freeipa-users] SSH using putty to IPA client

2016-11-28 Thread Alexander Bokovoy
On ma, 28 marras 2016, Troels Hansen wrote: Hi all Just wanted to follow up on my recent findings in regards to IPA - AD trust and kerberos delegations, sa we gave up on this, and just lived with it not working. In the end we ended up discovering that for kerberos trust delegation to work

Re: [Freeipa-users] SSH using putty to IPA client

2016-11-28 Thread Troels Hansen
Hi all Just wanted to follow up on my recent findings in regards to IPA - AD trust and kerberos delegations, sa we gave up on this, and just lived with it not working. In the end we ended up discovering that for kerberos trust delegation to work ldap/udp ingoing HAVE to be open on the IPA

Re: [Freeipa-users] ns-slapd segfault

2016-11-28 Thread Giulio Casella
Il 28/11/2016 15:25, Lukas Slebodnik ha scritto: On (28/11/16 12:39), Giulio Casella wrote: Hello, I have a setup with two ipa server in replica, based on CentOS 7. On one server (since a couple of days) ipa cannot start, the failing service is dirsrv@.service. In journal I have:

Re: [Freeipa-users] ns-slapd segfault

2016-11-28 Thread Lukas Slebodnik
On (28/11/16 12:39), Giulio Casella wrote: >Hello, > >I have a setup with two ipa server in replica, based on CentOS 7. >On one server (since a couple of days) ipa cannot start, the failing service >is dirsrv@.service. >In journal I have: > >ns-slapd[4617]: segfault at 7fb53b1ce515 ip

Re: [Freeipa-users] IPA rewrite conf

2016-11-28 Thread Deepak Dimri
Hi Jan, sorry to ask but where exactly i can modify the referer with RequestHeader on IPA Server? Many Thanks, Deepak From: Jan Pazdziora Sent: Monday, November 28, 2016 8:09 AM To: Deepak Dimri Cc: deepak dimri;

[Freeipa-users] new install on Fedora 24 kinit: Generic preauthentication failure while getting initial credentials

2016-11-28 Thread Robert Kudyba
There seems to be a problem either with Kerberos and/or using a self signed certificate vs. Let’s Encrypt. I tried to run the set up script from https://github.com/freeipa/freeipa-letsencrypt and below are some errors and logs. Within the

Re: [Freeipa-users] Valid Sender ? - Re: Add 4.4 replica to 4.3 server fails

2016-11-28 Thread Jochen Hein
Martin Babinsky writes: >>> 2016-11-27T21:07:26Z ERROR The ipa-replica-install command failed. See >>> /var/log/ipareplica-install.log for more information >>> >>> Any idea what's wrong? > can you please check the version of python-cryptography on master and > replica? I

[Freeipa-users] Clonning VM

2016-11-28 Thread Esdras La-Roque
Hi Guys, What's the safe method to clone an virtual machine that is in IPA ? I tried do this already, but I had many troubles related with IPA to fix. -- *Esdras La-Roque* Analista e Desenvolvedor de Sistemas Mestrando em Ciência da Computação LPI-1 | Linux Professional Institute - Nível 1

Re: [Freeipa-users] ns-slapd segfault

2016-11-28 Thread Mark Reynolds
On 11/28/2016 10:22 AM, Giulio Casella wrote: > Il 28/11/2016 15:25, Lukas Slebodnik ha scritto: >> On (28/11/16 12:39), Giulio Casella wrote: >>> Hello, >>> >>> I have a setup with two ipa server in replica, based on CentOS 7. >>> On one server (since a couple of days) ipa cannot start, the

[Freeipa-users] httpd error logs

2016-11-28 Thread Jim Richard
I’ve got one master and one replica, IPA version is 3.0/CentOS 6.8. About 1000 hosts. Problem is, my httpd error logs are filling on super fast. I have no idea what these errors mean. Can someone point me in the right direction please. Thanks ! On the master: [28/Nov/2016:19:21:27 +]

Re: [Freeipa-users] ACIerrors is httpd log

2016-11-28 Thread Rob Crittenden
Jim Richard wrote: > Honestly I’m not even sure if something is not working correctly :) > > All I know is that my httpd, access and krb5 logs are filling up all my > disk space extremely quickly and I have no idea why. > > Centos 6.8 + IPA 3.0 > > One master and one replica. > > Are these

Re: [Freeipa-users] Fedora 25 install error PR_ADDRESS_NOT_SUPPORTED_ERROR Network address type not supported

2016-11-28 Thread Robert Kudyba
OK that’s because I got this error: Apache is already configured with a listener on port 443: *:443 ourdomain (/etc/httpd/conf.d/ssl.conf:56) What’s the best practice here? Comment out line 56? > On Nov 28, 2016, at 3:43 PM, Rob Crittenden wrote: > >

Re: [Freeipa-users] Fedora 25 install error PR_ADDRESS_NOT_SUPPORTED_ERROR Network address type not supported

2016-11-28 Thread Rob Crittenden
Robert Kudyba wrote: > This is a new installation attempt. Apache was running but I commented > out #IncludeOptional conf.d/*.conf in the httpd.conf file. We also have > DNS running outside this server. Any reasons for this? Known work > around? This is what the end of the install script shows:

Re: [Freeipa-users] Clonning VM

2016-11-28 Thread Simo Sorce
On Mon, 2016-11-28 at 13:10 -0300, Esdras La-Roque wrote: > Hi Guys, > > What's the safe method to clone an virtual machine that is in IPA ? > > I tried do this already, but I had many troubles related with IPA to fix. Unjoin the client before you clone (ipa-client-install --uninstall) and then

[Freeipa-users] Fedora 25 install error PR_ADDRESS_NOT_SUPPORTED_ERROR Network address type not supported

2016-11-28 Thread Robert Kudyba
This is a new installation attempt. Apache was running but I commented out #IncludeOptional conf.d/*.conf in the httpd.conf file. We also have DNS running outside this server. Any reasons for this? Known work around? This is what the end of the install script shows: trying

Re: [Freeipa-users] Fedora 25 install error PR_ADDRESS_NOT_SUPPORTED_ERROR Network address type not supported

2016-11-28 Thread Rob Crittenden
Robert Kudyba wrote: > OK that’s because I got this error: > > > Apache is already configured with a listener on port 443: > *:443 ourdomain (/etc/httpd/conf.d/ssl.conf:56) > > > What’s the best practice here? Comment out line 56? Only one SSL provider can own a given port.

Re: [Freeipa-users] Clonning VM

2016-11-28 Thread Lukas Slebodnik
On (28/11/16 13:10), Esdras La-Roque wrote: >Hi Guys, > >What's the safe method to clone an virtual machine that is in IPA ? > >I tried do this already, but I had many troubles related with IPA to fix. > Why do you need to create clone? IMHO, It's much simpler to create replica of IPA (including

Re: [Freeipa-users] Clonning VM

2016-11-28 Thread Esdras La-Roque
I don't need clone of IPA Server.. I need for an client. 2016-11-28 14:52 GMT-03:00 Lukas Slebodnik : > On (28/11/16 13:10), Esdras La-Roque wrote: > >Hi Guys, > > > >What's the safe method to clone an virtual machine that is in IPA ? > > > >I tried do this already, but I

Re: [Freeipa-users] Clonning VM

2016-11-28 Thread Rob Crittenden
Esdras La-Roque wrote: > I don't need clone of IPA Server.. I need for an client. It won't work for either client or server. IPA provides an identity to a machine based on it's hostname. If you clone a machine and give it a new hostname then things won't line up and simply won't work. rob > >

[Freeipa-users] Host with Multiple hostnames

2016-11-28 Thread Mike Jacobacci
Hello, I am sorry for the simple question, but I am using FreeIPA as our DNS server and I am trying to figure out how to map a second hostname to a host... I am unsure how the best way to go do it. I am just trying to give a server a user friendly name for access and I don't want to change the

Re: [Freeipa-users] Configure HPUX 11i V3 as IPA Client

2016-11-28 Thread Rob Crittenden
Rajveer Singh wrote: > Hi All, > > I am referring > http://www.freeipa.org/page/ConfiguringUnixClients#Configuring_Client_Authentication_3 > to configure HP UX 11i V3 as IPA client but it has no reference for > 11iV3 but only 11i V0, 1 & 2. > > Though I tried to follow the steps mentioned in

Re: [Freeipa-users] Host with Multiple hostnames

2016-11-28 Thread Michael Plemmons
The error is telling you that a DNS entry already exists for the hostname you want the CNAME. A DNS record can only have one record type. Meaning is you have 1.2.3.4 points to test.example.com you cannot have test.example.com also be a CNAME for foo.example.com. *Mike Plemmons | Senior DevOps

Re: [Freeipa-users] Clonning VM

2016-11-28 Thread Esdras La-Roque
This will be help me. Thanks Simo. 2016-11-28 18:17 GMT-03:00 Simo Sorce : > On Mon, 2016-11-28 at 13:10 -0300, Esdras La-Roque wrote: > > Hi Guys, > > > > What's the safe method to clone an virtual machine that is in IPA ? > > > > I tried do this already, but I had many

[Freeipa-users] DNS search timeouts and incomplete results

2016-11-28 Thread Mike Driscoll
I'm running: # rpm -qa | grep ipa-server ipa-server-4.4.0-12.0.1.el7.x86_64 ipa-server-dns-4.4.0-12.0.1.el7.noarch ipa-server-common-4.4.0-12.0.1.el7.noarch Searching DNS for all hostnames containing "qa" times out in the GUI. Setting aside the option to change server defaults, this cli command

[Freeipa-users] How to enable anonymous pkinit on FreeIPA 4.3.1 on Ubuntu ?

2016-11-28 Thread Diogenes S. Jesus
I've got one freeipa instance for testing purposes and I'm trying to enable anonymous pkinit support on it[1], as Simon mentioned being possible :) [2] For debug purposes, I have done: /etc/kdc.conf --- [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 restrict_anonymous_to_tgt =

Re: [Freeipa-users] SPAM, please ban this user

2016-11-28 Thread Martin Basti
On 28.11.2016 08:10, Denis Müller wrote: kimirachel1...@tmtis.com spamming all the time. Please help. It is not registered user, it is spambot that is mining public archives, it is not sent from RH servers, we can't help here, sorry. -- Manage your

Re: [Freeipa-users] Add 4.4 replica to 4.3 server fails

2016-11-28 Thread Martin Babinsky
On 11/27/2016 11:38 PM, Jochen Hein wrote: Jochen Hein writes: 2016-11-27T21:07:26Z DEBUG The ipa-replica-install command failed, exception: HTTPError: 406 Client Error: Failed to validate message: No recipient matched the provided key["Failed: [ValueError('Multibackend

Re: [Freeipa-users] mount lookup failure getautomntent_r

2016-11-28 Thread Jakub Hrozek
On Sun, Nov 27, 2016 at 05:34:20PM -0500, William Muriithi wrote: > Jakub, > > Thanks for response > On 27 November 2016 at 15:43, Jakub Hrozek wrote: > > > >> > >> I have noticed an error that pop up as the final line after running > > >> lookup_read_map: lookup(sss):

Re: [Freeipa-users] URL is changing on the browser

2016-11-28 Thread Jan Pazdziora
On Mon, Nov 28, 2016 at 01:15:17AM +, Deepak Dimri wrote: > Adding Jan into the email thread. Hopefully Jan can help too I'm sorry but there seem to be different people chiming into this thread with their use-cases and we really need to be talking ont setup at a time. What is the setup that