Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Crittenden
Rob Verduijn wrote: > Hello, > > For some reason my ipa server no longer boots. > It keeps trying to start pki-tomcat service. > > Does anybody know where I should start looking to get this fixed ? > > Rob Verduijn > > ipactl -d start gives this output: > ipa: DEBUG: The CA status is: check

Re: [Freeipa-users] No ad users in web gui

2016-12-01 Thread Alexander Bokovoy
On to, 01 joulu 2016, Denis Müller wrote: Hello Ipa-users, i established successful trust to an domain controller and able to get ssh working. AD users are able to log into ipa-domain via ssh. But fortunately i can't see those users in the web gui. What im i doing wrong? The only thing you are

Re: [Freeipa-users] No ad users in web gui

2016-12-01 Thread Alexander Bokovoy
On to, 01 joulu 2016, Alexander Bokovoy wrote: On to, 01 joulu 2016, Denis Müller wrote: Hello Ipa-users, i established successful trust to an domain controller and able to get ssh working. AD users are able to log into ipa-domain via ssh. But fortunately i can't see those users in the web

Re: [Freeipa-users] No ad users in web gui

2016-12-01 Thread Alexander Bokovoy
Please keep freeipa-users@ in CC: On to, 01 joulu 2016, Denis Müller wrote: Sorry, but i still do not understand how can i apply a single HAC-Rule to a single user. Editing a HBAC-Rule, there is no option to select an ad_user. As I said, there wouldn't any. The concept is that you need to have

Re: [Freeipa-users] Loss of initial master in multi master setup

2016-12-01 Thread Rob Crittenden
Martin Babinsky wrote: > On 12/01/2016 01:28 PM, Neal Harrington | i-Neda Ltd wrote: >> Hi IPA Gurus, >> >> >> I had a 3 site multi master IPA replication setup (1 office and 2 >> datacentres) with 2 IPA servers at each site. Each server was >> replicating successfully to 3 other servers (the

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn
2016-12-01 15:41 GMT+01:00 Rob Crittenden : > Rob Verduijn wrote: > > Hello, > > > > For some reason my ipa server no longer boots. > > It keeps trying to start pki-tomcat service. > > > > Does anybody know where I should start looking to get this fixed ? > > > > Rob Verduijn

Re: [Freeipa-users] No ad users in web gui

2016-12-01 Thread Alexander Bokovoy
On to, 01 joulu 2016, Denis Müller wrote: Hello Alexander, thank you for reply. As i understand, working with ad users/groups works this way: ad_users => ad_users_external_group => ipa_users_group So i can manage ipa_users_group to provide Sudo Rules etc. But how can i provide rules to a

[Freeipa-users] new IPA Servers

2016-12-01 Thread Outback Dingo
trying to deploy new ipa servers so i can take down the old ones prior to a move however the install is failing with. zone optimcloud.com. already exists in DNS and is handled by server(s): ipa.optimcloud.com., ipa2.optimcloud.com. so how can i get around this... note the old servers are going

Re: [Freeipa-users] Freeipa on ARM (raspberry pi) - OpenJDK vs. Oracle JDK

2016-12-01 Thread Nordgren, Bryce L -FS
My guess aligns with this response: http://stackoverflow.com/questions/31153584/why-is-there-such-a-performance-difference-on-raspberry-pi-between-open-and-orac Bryce From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Winfried de Heiden Sent:

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Crittenden
Rob Verduijn wrote: > > > 2016-12-01 15:41 GMT+01:00 Rob Crittenden >: > > Rob Verduijn wrote: > > Hello, > > > > For some reason my ipa server no longer boots. > > It keeps trying to start pki-tomcat service. > > >

Re: [Freeipa-users] Loss of initial master in multi master setup

2016-12-01 Thread Neal Harrington | i-Neda Ltd
> > Hi IPA Gurus, > > > > > > I had a 3 site multi master IPA replication setup (1 office and 2 > > datacentres) with 2 IPA servers at each site. Each server was > > replicating successfully to 3 other servers (the other local site > > server and one server at each of the two remote sites).

[Freeipa-users] FreeIPA, Ipsilon, Duo Security integration

2016-12-01 Thread Mike Jacobacci
Hi, As of now, we have FreeIPA/FreeRadius with OTP and Ipsilon working perfectly. Now, I am looking at possibly integrating Duo security instead of FreeIPA's 2FA. I am concerned about how it will fit in with Ipsilon and FreeIPA... Has anyone else tried this before? If so, are there any

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn
2016-12-01 17:20 GMT+01:00 Rob Crittenden : > Rob Verduijn wrote: > > > > > > 2016-12-01 15:41 GMT+01:00 Rob Crittenden > >: > > > > Rob Verduijn wrote: > > > Hello, > > > > > > For some reason my ipa server

Re: [Freeipa-users] FreeIPA, Ipsilon, Duo Security integration

2016-12-01 Thread Simo Sorce
On Thu, 2016-12-01 at 11:37 -0800, Mike Jacobacci wrote: > Hi, > > As of now, we have FreeIPA/FreeRadius with OTP and Ipsilon working > perfectly. Now, I am looking at possibly integrating Duo security instead > of FreeIPA's 2FA. I am concerned about how it will fit in with Ipsilon and >

Re: [Freeipa-users] Add 4.4 replica to 4.3 server fails

2016-12-01 Thread Jochen Hein
Jochen Hein writes: > I'm running a single IPA master 4.3 on an up-to-date Fedora 24. That > server has been updated from earlier Fedoras and runs DNS and CA. > I've updated domainlevel to 1 manually. > > Now I'd like to switch to a CentOS install, so I installed CentOS 7.2 >

Re: [Freeipa-users] new IPA Servers

2016-12-01 Thread Martin Babinsky
On 12/01/2016 05:50 PM, Outback Dingo wrote: trying to deploy new ipa servers so i can take down the old ones prior to a move however the install is failing with. zone optimcloud.com. already exists in DNS and is handled by server(s): ipa.optimcloud.com., ipa2.optimcloud.com. so how can i get

Re: [Freeipa-users] ACIerrors is httpd log

2016-12-01 Thread Rob Crittenden
Jim Richard wrote: > I think I know what the issue is. > > I had 2 IPA servers, both with CA’s > > I dropped one and rebuilt without the CA but a bunch of clients are > still pointing at this one server that now is without a CA. > > Will rebuild that one with a CA and almost sure that will fix.

Re: [Freeipa-users] ACIerrors is httpd log

2016-12-01 Thread Jim Richard
I think I know what the issue is. I had 2 IPA servers, both with CA’s I dropped one and rebuilt without the CA but a bunch of clients are still pointing at this one server that now is without a CA. Will rebuild that one with a CA and almost sure that will fix.

[Freeipa-users] Freeipa on ARM (raspberry pi) - OpenJDK vs. Oracle JDK

2016-12-01 Thread Winfried de Heiden
Hi all, Started as "just because it's possible" running FreeIPA on a BananaPI or Raspberry PI turned to out to be rather succesfull and for more than a year I use FreeIPA at home. OK, running on small boards like Raspberry PI it never

Re: [Freeipa-users] Freeipa on ARM (raspberry pi) - OpenJDK vs. Oracle JDK

2016-12-01 Thread Petr Spacek
On 1.12.2016 09:07, Winfried de Heiden wrote: > Hi all, > > Started as "just because it's possible" running FreeIPA on a BananaPI or > Raspberry PI turned to out to be rather succesfull and for more than a year I > use FreeIPA at home. > > OK, running on small boards like Raspberry PI it never

[Freeipa-users] Loss of initial master in multi master setup

2016-12-01 Thread Neal Harrington | i-Neda Ltd
Hi IPA Gurus, I had a 3 site multi master IPA replication setup (1 office and 2 datacentres) with 2 IPA servers at each site. Each server was replicating successfully to 3 other servers (the other local site server and one server at each of the two remote sites). Everything is running on the

Re: [Freeipa-users] Freeipa on ARM (raspberry pi) - OpenJDK vs. Oracle JDK

2016-12-01 Thread Winfried de Heiden
Hi all, Bugzilla created: https://bugzilla.redhat.com/show_bug.cgi?id=1400462 Winfried Op 01-12-16 om 09:19 schreef Petr Spacek: On 1.12.2016 09:07, Winfried de Heiden wrote: Hi all, Started as

[Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn
Hello, For some reason my ipa server no longer boots. It keeps trying to start pki-tomcat service. Does anybody know where I should start looking to get this fixed ? Rob Verduijn ipactl -d start gives this output: ipa: DEBUG: The CA status is: check interrupted due to error: Command

Re: [Freeipa-users] Loss of initial master in multi master setup

2016-12-01 Thread Martin Babinsky
On 12/01/2016 01:28 PM, Neal Harrington | i-Neda Ltd wrote: Hi IPA Gurus, I had a 3 site multi master IPA replication setup (1 office and 2 datacentres) with 2 IPA servers at each site. Each server was replicating successfully to 3 other servers (the other local site server and one server at