On 03/08/2017 06:06 PM, free...@netnerdz.se wrote:
Hi all!
I'm trying to upgrade my ipa-server to the version in subject and
hitting some bug that seems similar to
https://bugzilla.redhat.com/show_bug.cgi?id=1404910
It is unlikely that it is this bug because the version of IPA with it
was nev
On 03/13/2017 03:17 PM, Stephen wrote:
Is there read-only replica support in freeipa? The use case is a dmz.
Thanks...
Hello Stephen,
No, FreeIPA doesn't support read only replicas yet.
Could you write your use case in more details in:
https://pagure.io/freeipa/issue/5569
or
https://bugz
Hi!
I was a bit eager to fix this so I installed a new ipa-aerver, executed
ipa migrate-ds and configured the replication afterwards.
Sorry not to be able to troubleshoot this further.
//Robban
On 2017-03-14 16:25, Petr Vobornik wrote:
On 03/08/2017 06:06 PM, free...@netnerdz.se wrote:
Hi al
Hi,
please can you point me to right direction with this issue ?
Scenario:
Site A, Site B, IPA in Site A is already installed with DNS, CA and i want to
create replica to Site B.
OS: RHEL 7.3, IPA 4.4
Site A - 192.168.0.0/24
IPA_A server interfaces:
eth0: 192.168.0.10 -- access for clien
I just updated my FreeIPA server and now the LDAP instance crashes daily
at 9:15 PM.
I have a lot of these in my logs :
Mar 14 08:40:20 freeipa-sea ns-slapd: [14/Mar/2017:08:40:20.781100512
-0700] NSMMReplicationPlugin - CleanAllRUV Task (rid 9): Replica is not
cleaned yet (agmt="cn=meTobellevuen
On 14.03.2017 17:05, Jan Karásek wrote:
> Hi,
> please can you point me to right direction with this issue ?
> Scenario:
> Site A, Site B, IPA in Site A is already installed with DNS, CA and i want
> to create replica to Site B.
> OS: RHEL 7.3, IPA 4.4
>
>
> Site A - 192.168.0.0/24
> IPA_A ser
Matt . wrote:
> Hi Rob,
>
> Thanks for the update, the same error happens when I add a new host,
> so I'm lost, the same for the Foreman devs.
>
> What can I check/test further ?
See what 389-ds is logging in its access log.
You may need to enable ACI summary debugging. See the 389-ds FAQ for
i
I have users in an AD Domain, my FreeIPA server is set up with an
interforest trust, and users can log in using SSH or virtual terminals on
any system joined to the IPA domain, and I have Samba authenticating
against these users on another server... Things are good...
Until I try logging in to the
On ti, 14 maalis 2017, Tyrell Jentink wrote:
I have users in an AD Domain, my FreeIPA server is set up with an
interforest trust, and users can log in using SSH or virtual terminals on
any system joined to the IPA domain, and I have Samba authenticating
against these users on another server... Th
Hi Rob,
I have this solved, I think it was an issue in the foreman-proxy.
The reason why there are two users in the role was to test other
usernames, as you cannot use foreman-proxy for this for an example.
I need to update the Foreman ticket about it.
Thanks for helping out.
Cheers,
Matt
20
On 01/30/2017 01:38 AM, Jakub Hrozek wrote:
> On Fri, Jan 27, 2017 at 02:15:16PM -0700, Orion Poplawski wrote:
>> EL7.3
>> Users are in active directory via AD trust with IPA server
>>
>> sudo is configured via files - users in our default "nwra" group can run
>> certain sudo commands, e.g.:
>>
>>
Oh, you are quite right... It's even identified in the project scope of the
original proposal to switch from KDM: "Fix the bugs affecting log in: PAM
stack integration and LDAP user lists" --
https://fedoraproject.org/wiki/Changes/SDDMinsteadOfKDM
I'm just going to switch back to KDM... Should
Greetings,
I have been working on an issue with smart card logins on a Fedora 25
system. For a short time smart card logins have been working well, but
suddenly the login process has suddenly stopped working. I have
verified that all appropriate certificates are installed, checked my
dconf
Hi,
this is simply because network design and we are probably not able to change
that at the moment. So IPA clients are restricted to IPA servers in its own
site and only IPA servers are able to do inter site communication.
The plan is to add more IPA server into each site so clients will have
Hello,
To add to previous mail, I have noticed this:
I had two IPA, hydrogen and lithium. lithium died and will be resetting
another soon after I find why the setup isn't redundant with one IPA. But
this line seem to be a lead
Working:
ipa_server = _srv_, hydrogen.eng.example.com
Failing:
ip
15 matches
Mail list logo