Re: [Freeipa-users] Padding Scheme used in Fedora Dogtag

2017-03-09 Thread Kaamel Periora
its for the encryption process. On Tue, Mar 7, 2017 at 7:55 PM, Simo Sorce wrote: > On Tue, 2017-03-07 at 12:38 +0530, Kaamel Periora wrote: > > Dear All, > > > > It is required to identify the padding scheme used by the Fedora dogtag > > system. Appreciate of someone could

[Freeipa-users] Question about ipa user accounts and the compat container

2017-03-09 Thread Robert Johnson
Hello, I am running into an odd issue haven't been able to find any information through searching on this issue online. Environment: We are currently have a IPA master running ipa-server-4.4.0-14.el7_3.4.x86_64 on a RHEL 7.3 server. We have a mix of RHEL 6.8, RHEL 7.x and Solaris 10 clients. We

[Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

2017-03-09 Thread Matt .
I'm trying to add a host using Foreman to the FreeIPA realm but this doesn't work, all things seem to be fine and some other tests from people are working: The issue is reported here: http://projects.theforeman.org/issues/18850 My settings are like this: [root@ipa-01 ~]# ipa role-find

Re: [Freeipa-users] Question about ipa user accounts and the compat container

2017-03-09 Thread Alexander Bokovoy
On to, 09 maalis 2017, Robert Johnson wrote: Hello, I am running into an odd issue haven't been able to find any information through searching on this issue online. Environment: We are currently have a IPA master running ipa-server-4.4.0-14.el7_3.4.x86_64 on a RHEL 7.3 server. We have a mix

Re: [Freeipa-users] Question about ipa user accounts and the compat container

2017-03-09 Thread Robert Johnson
On Thu, Mar 9, 2017 at 4:06 PM, Alexander Bokovoy wrote: > On to, 09 maalis 2017, Robert Johnson wrote: > >> Hello, >> >> I am running into an odd issue haven't been able to find any information >> through searching on this issue online. >> >> Environment: We are currently

Re: [Freeipa-users] Padding Scheme used in Fedora Dogtag

2017-03-09 Thread Simo Sorce
On Fri, 2017-03-10 at 10:50 +0530, Kaamel Periora wrote: > its for the encryption process. Which process ? What protocol ? For data at rest or for secure channels ? Please be very specific, we use crypto in a multitude of places within freeIPA. Simo. > On Tue, Mar 7, 2017 at 7:55 PM, Simo

Re: [Freeipa-users] Question about ipa user accounts and the compat container

2017-03-09 Thread Alexander Bokovoy
On to, 09 maalis 2017, Robert Johnson wrote: On Thu, Mar 9, 2017 at 4:06 PM, Alexander Bokovoy wrote: On to, 09 maalis 2017, Robert Johnson wrote: Hello, I am running into an odd issue haven't been able to find any information through searching on this issue online.

Re: [Freeipa-users] Padding Scheme used in Fedora Dogtag

2017-03-09 Thread Alexander Bokovoy
On pe, 10 maalis 2017, Kaamel Periora wrote: its for the encryption process. Sorry, but you need to be more detailed in what you want to achieve. Crypto libraries support multiple algorithms. What do you need to do? On Tue, Mar 7, 2017 at 7:55 PM, Simo Sorce wrote: On

[Freeipa-users] Potential problems when using a loadbalancer

2017-03-09 Thread Wimmer Ronald (BCC.B.SO)
Hi, what kind of challenges will I run into when I want to use a loadbalancer in front of my two IPA servers? - LDAP: Should not be a problem - Kerberos: will definitely be a challenge. Is this link the solution or am I still missing something:

[Freeipa-users] What is the next free IP address for a DNS record

2017-03-09 Thread Kees Bakker
Hey, Is there an easy way to find out what the next free IP address is when adding a new DNS A record? The web interface sorts the records alphabetically on "Record name", even in-arpa zones. For the latter it would be more convenient to sort numerically. Anyway, what methods are there to

Re: [Freeipa-users] What is the next free IP address for a DNS record

2017-03-09 Thread Martin Basti
Comments inline On 09.03.2017 11:12, Kees Bakker wrote: > Hey, > > Is there an easy way to find out what the next free IP address is when adding > a new > DNS A record? The web interface sorts the records alphabetically on "Record > name", > even in-arpa zones. For the latter it would be more

[Freeipa-users] Create Replica fail any idea?? thz

2017-03-09 Thread barrykfl
No expire cer prompt out ., All service ipa status oK. and 9444 port can telent Creating SSL certificate for the Directory Server preparation of replica failed: cannot connect to ' https://central.ABC.com:9444/ca/ee/ca/profileSubmitSSLClient': (PR_END_OF_FILE_ERROR) Encountered end of file.

Re: [Freeipa-users] SSSD bug found? FreeIPA vs SSSD

2017-03-09 Thread Jakub Hrozek
On Thu, Mar 09, 2017 at 11:32:35AM +0200, Alexander Bokovoy wrote: > On to, 09 maalis 2017, Jakub Hrozek wrote: > > On Thu, Mar 09, 2017 at 01:37:46PM +1100, Lachlan Musicman wrote: > > > Hola, > > > > > > On CentOS 7.3, using FreeIPA VERSION: 4.4.0, API_VERSION: 2.213 and sssd > > > (via COPR)

Re: [Freeipa-users] ipa-client-install generates bad sssd.conf

2017-03-09 Thread Harald Dunkel
On 03/05/17 11:47, Timo Aaltonen wrote: > > pam-auth-update configures pam, there's nothing else to be configured.. > I just ran ipa-client-install on Ubuntu zesty with freeipa-client > 4.4.3-3ubuntu1, and services on the newly created sssd.conf look fine: > > services = nss, sudo, pam, ssh > >

Re: [Freeipa-users] External DNS and replication

2017-03-09 Thread Martin Basti
On 09.03.2017 09:04, Wimmer Ronald (BCC.B.SO) wrote: > > *From:*Martin Basti [mailto:mba...@redhat.com] > *Sent:* Mittwoch, 08. März 2017 14:54 > *To:* Wimmer Ronald (BCC.B.SO) ; > freeipa-users@redhat.com > *Subject:* Re: [Freeipa-users] External DNS and replication > >

Re: [Freeipa-users] Potential problems when using a loadbalancer

2017-03-09 Thread Martin Basti
On 09.03.2017 11:04, Wimmer Ronald (BCC.B.SO) wrote: > > Hi, > > > > what kind of challenges will I run into when I want to use a > loadbalancer in front of my two IPA servers? > > > > - LDAP: Should not be a problem > > - Kerberos: will definitely be a challenge. > Is this

Re: [Freeipa-users] SSSD bug found? FreeIPA vs SSSD

2017-03-09 Thread Alexander Bokovoy
On to, 09 maalis 2017, Jakub Hrozek wrote: On Thu, Mar 09, 2017 at 01:37:46PM +1100, Lachlan Musicman wrote: Hola, On CentOS 7.3, using FreeIPA VERSION: 4.4.0, API_VERSION: 2.213 and sssd (via COPR) 1.15.1, which has a one way trust to an AD domain. unix.name.org -> name.org I've seen some

Re: [Freeipa-users] External DNS and replication

2017-03-09 Thread Wimmer Ronald (BCC.B.SO)
From: Martin Basti [mailto:mba...@redhat.com] Sent: Mittwoch, 08. März 2017 14:54 To: Wimmer Ronald (BCC.B.SO) ; freeipa-users@redhat.com Subject: Re: [Freeipa-users] External DNS and replication On 08.03.2017 14:05, Wimmer Ronald (BCC.B.SO) wrote: Hi, I am using

Re: [Freeipa-users] SSSD bug found? FreeIPA vs SSSD

2017-03-09 Thread Jakub Hrozek
On Thu, Mar 09, 2017 at 01:37:46PM +1100, Lachlan Musicman wrote: > Hola, > > On CentOS 7.3, using FreeIPA VERSION: 4.4.0, API_VERSION: 2.213 and sssd > (via COPR) 1.15.1, which has a one way trust to an AD domain. unix.name.org > -> name.org > > I've seen some interesting behaviour. > > Being

Re: [Freeipa-users] What is the next free IP address for a DNS record

2017-03-09 Thread Simo Sorce
On Thu, 2017-03-09 at 13:33 +0100, Kees Bakker wrote: > On 09-03-17 13:26, Tomas Krizek wrote: > > On 03/09/2017 01:19 PM, Kees Bakker wrote: > > > On 09-03-17 12:08, Martin Basti wrote: > > > > On 09.03.2017 11:12, Kees Bakker wrote: > > > > > Hey, > > > > > > > > > > Is there an easy way to

Re: [Freeipa-users] What is the next free IP address for a DNS record

2017-03-09 Thread Tomas Krizek
On 03/09/2017 01:19 PM, Kees Bakker wrote: > On 09-03-17 12:08, Martin Basti wrote: >> Comments inline >> >> >> On 09.03.2017 11:12, Kees Bakker wrote: >>> Hey, >>> >>> Is there an easy way to find out what the next free IP address is when >>> adding a new >>> DNS A record? The web interface

Re: [Freeipa-users] What is the next free IP address for a DNS record

2017-03-09 Thread Kees Bakker
On 09-03-17 13:26, Tomas Krizek wrote: > On 03/09/2017 01:19 PM, Kees Bakker wrote: >> On 09-03-17 12:08, Martin Basti wrote: >>> On 09.03.2017 11:12, Kees Bakker wrote: Hey, Is there an easy way to find out what the next free IP address is when adding a new DNS A record?

Re: [Freeipa-users] What is the next free IP address for a DNS record

2017-03-09 Thread Martin Basti
On 09.03.2017 13:19, Kees Bakker wrote: > On 09-03-17 12:08, Martin Basti wrote: >> Comments inline >> >> >> On 09.03.2017 11:12, Kees Bakker wrote: >>> Hey, >>> >>> Is there an easy way to find out what the next free IP address is when >>> adding a new >>> DNS A record? The web interface sorts

Re: [Freeipa-users] What is the next free IP address for a DNS record

2017-03-09 Thread Kees Bakker
On 09-03-17 12:08, Martin Basti wrote: > Comments inline > > > On 09.03.2017 11:12, Kees Bakker wrote: >> Hey, >> >> Is there an easy way to find out what the next free IP address is when >> adding a new >> DNS A record? The web interface sorts the records alphabetically on "Record >> name", >>

Re: [Freeipa-users] What is the next free IP address for a DNS record

2017-03-09 Thread Kees Bakker
On 09-03-17 14:07, Simo Sorce wrote: > On Thu, 2017-03-09 at 13:33 +0100, Kees Bakker wrote: >> On 09-03-17 13:26, Tomas Krizek wrote: >>> On 03/09/2017 01:19 PM, Kees Bakker wrote: On 09-03-17 12:08, Martin Basti wrote: > On 09.03.2017 11:12, Kees Bakker wrote: >> Hey, >> >>