Hello,
If I uninstall the ipa client with ipa-client-install --uninstall then
reinstall it to the same ipa master then most functions work fine.
However, if I attempt to ssh from the client to the master then I get.
@@@
@WARNING: REMOTE
/USER/.ssh/known_hosts delete
the IP line.
On Wed, Jun 10, 2015 at 5:33 AM, Bob Hinton b...@jackland.demon.co.uk
mailto:b...@jackland.demon.co.uk wrote:
Hello,
If I uninstall the ipa client with ipa-client-install
--uninstall then
reinstall it to the same ipa master
On 10/06/2015 14:37, Lukas Slebodnik wrote:
On (10/06/15 11:33), Bob Hinton wrote:
Hello,
If I uninstall the ipa client with ipa-client-install --uninstall then
reinstall it to the same ipa master then most functions work fine.
However, if I attempt to ssh from the client to the master
/ssh_host_ecdsa_key.pub keyfix.sh
echo -n ',' keyfix.sh
sudo cat /etc/ssh/ssh_host_ed25519_key.pub keyfix.sh
echo ' keyfix.sh
vi keyfix.sh (keep pressing J to join everything into one long line)
sh keyfix.sh
On 10/06/2015 17:09, Bob Hinton wrote:
On 10/06/2015 14:37, Lukas Slebodnik wrote
On 01/06/2015 11:01, Petr Vobornik wrote:
On 06/01/2015 11:36 AM, Bob Hinton wrote:
On 01/06/2015 09:55, Petr Vobornik wrote:
On 05/31/2015 12:21 PM, Bob Hinton wrote:
Hello,
I've written a Ruby script to add IPA users from CSV files. This works
fine when specifying a username and password
Hello,
I've written a Ruby script to add IPA users from CSV files. This works
fine when specifying a username and password. However, using a keytab
produces an error (see below). This seems to happen whatever I put in
the keytab file.
Any suggestions ?
The VM in question has had its database
is enabled on the target VMs, but
presumably this isn't an issue.
Many thanks
Bob Hinton
trying https://ipa001.jackland.co.uk/ipa/json
Forwarding 'ping' to json server 'https://ipa001.jackland.co.uk/ipa/json'
Cannot connect to the server due to generic error: cannot connect to
'https://ipa001
Hello,
I've been trying to rebuild an ipamaster by using ipa-backup, destroying
and recreating the ipamaster VM then using ipa-restore on the rebuilt
master.
Most functions of the newly built master work. Logging-in via ssh with
keys works but using passwords produces Permission denied, please
wo
replicas running IPA v4.2.0 on RHEL 7.2.
Do I need to make the same change to all three servers ? Can I leave the
replicas connected or do I need to break the replication and
re-establish it? Do I need the "ipa permission-mod" if so then how do I
avoid it freezing ?
Many thanks
Bo
Hi Martin,
On 27/05/2016 14:01, Martin Kosek wrote:
> On 05/25/2016 09:51 PM, Bob Hinton wrote:
>> Hello,
>>
>> We are trying to get Zenoss login authentication to use freeipa over
>> LDAP. Group mappings don't currently work and we think this is because
>> Zenos
On 09/03/2016 22:14, Rob Crittenden wrote:
> Bob Hinton wrote:
>> Hi,
>>
>> I've been trying to add a password policy for an existing user group
>> called "services" in IPA version 4.2.0.
>>
>> ipa pwpolicy-add services
>> ipa: ERROR: entry
he named issue or is it much simpler to
disconnect the replica, uninstall it and start again ?
Thanks
Bob Hinton
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 03/08/2016 07:15, Petr Spacek wrote:
> On 3.8.2016 00:58, Bob Hinton wrote:
>> Hi,
>>
>> Something went wrong when trying to restore some preserved users so I
>> deleted them and then tried to recreate them. This failed with -
>>
>> ipa: ERROR: Unable
Hi,
Something went wrong when trying to restore some preserved users so I
deleted them and then tried to recreate them. This failed with -
ipa: ERROR: Unable to create private group. A group 'X' already exists.
Trying to delete this group produces -
ipa: ERROR: Unable to create private
he named issue or is it much simpler to
disconnect the replica, uninstall it and start again ?
Thanks
Bob Hinton
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 14/07/2016 08:39, Martin Babinsky wrote:
> On 07/13/2016 09:56 PM, Bob Hinton wrote:
>> Hi,
>>
>> We are trying to create a new replica on RHEL 7.2
>>
>> This completes but named-pkcs11 fails to start -
>>
>> systemctl status named-pkcs11.service
dapsearch (see below), but this seems to give numbers
that don't match the replica IDs. Do I need to translate the search
results in some fashion or use a different search ?
Many Thanks
Bob Hinton
-sh-4.2$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)
-sh-4.2$ ipa --ve
On 03/08/2016 14:13, Rob Crittenden wrote:
> Bob Hinton wrote:
>> On 03/08/2016 07:15, Petr Spacek wrote:
>>> On 3.8.2016 00:58, Bob Hinton wrote:
>>>> Hi,
>>>>
>>>> Something went wrong when trying to restore some preserved users so I
>>
so that Rundeck sees a valid SSL certificate. This means
that the authentication fails if that particular IPA master is down.
Is it possible to create a single SSL certificate that would support a
LDAPS connection to any of the IPA masters and, if so then how is this
done ?
Many thanks
Bob Hinton
Hi,
The pki-tomcatd services on our IPA servers seem to have stopped working.
This seems to be related to the expiry of several certificates -
[root@ipa001 ~]# getcert list | more
Number of certificates and requests being tracked: 8.
Request ID '20161230150048':
status: MONITORING
true
>
> 5. systemctl start pki-tomcatd@pki-tomcat.service
>
> Now tomcat should run correctly and you should be able to resubmit expired
> certs and you can start to experiment with switch dogtag back to TLS auth.
> Hope this helps you.
>
> Regards, Adam
>
>
Hi,
The pki-tomcatd services on our IPA servers seem to have stopped working.
This seems to be related to the expiry of several certificates -
[root@ipa001 ~]# getcert list | more
Number of certificates and requests being tracked: 8.
Request ID '20161230150048':
status: MONITORING
On 11/01/2017 13:55, Petr Vobornik wrote:
> On 01/10/2017 09:31 PM, Bob Hinton wrote:
>> Hi,
>>
>> The pki-tomcatd services on our IPA servers seem to have stopped working.
>>
>> This seems to be related to the expiry of several certificates -
>>
>> [
?
Is there a way to change the default nisdomain ? Rebuilding all the new
IPA masters and migrating all the data again would be a lot of work.
Many thanks
Bob Hinton
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http
On 17/03/2017 14:01, Lukas Slebodnik wrote:
> On (17/03/17 13:52), Bob Hinton wrote:
>> On 17/03/2017 12:48, Lukas Slebodnik wrote:
>>> On (17/03/17 10:40), Bob Hinton wrote:
>>>> On 17/03/2017 08:41, Jakub Hrozek wrote:
>>>>> On Fri, Mar 1
On 17/03/2017 14:01, Lukas Slebodnik wrote:
> On (17/03/17 13:52), Bob Hinton wrote:
>> On 17/03/2017 12:48, Lukas Slebodnik wrote:
>>> On (17/03/17 10:40), Bob Hinton wrote:
>>>> On 17/03/2017 08:41, Jakub Hrozek wrote:
>>>>> On Fri, Mar 1
On 18/03/2017 17:03, Alexander Bokovoy wrote:
> On la, 18 maalis 2017, Bob Hinton wrote:
>> Hi,
>>
>> The first IPA master we built was ipa001.local.lan. We have since
>> created a number of subdomains of local.lan and have created a number of
>> replicas.
On 18/03/2017 19:09, Alexander Bokovoy wrote:
> On la, 18 maalis 2017, Bob Hinton wrote:
>> On 18/03/2017 17:03, Alexander Bokovoy wrote:
>>> On la, 18 maalis 2017, Bob Hinton wrote:
>>>> Hi,
>>>>
>>>> The first IPA master we built was
On 20/03/2017 08:29, Jakub Hrozek wrote:
> On Fri, Mar 17, 2017 at 01:52:17PM +0000, Bob Hinton wrote:
>> On 17/03/2017 12:48, Lukas Slebodnik wrote:
>>> On (17/03/17 10:40), Bob Hinton wrote:
>>>> On 17/03/2017 08:41, Jakub Hrozek wrote:
>>>>> On Fri,
Morning,
We have a collection of hosts within prod1.local.lan. However, the
domain section of the shadow netgroups for the hosts is
mgmt.prod.local.lan. This seems to prevent sudo rules working on these
hosts unless they specify all hosts -
-sh-4.2$ getent netgroup oepp_hosts
oepp_hosts
Hi Lachlan,
This is probably a complete hack, but the way I've changed
nsslapd-cachememsize in the past is -
On each ipa replica in turn -
1. ipactl stop
2. vim /etc/dirsrv/slapd-DOMAIN/dse.ldif- (where DOMAIN is your
server's domain/realm - not sure which) find and change the value
On 17/03/2017 08:41, Jakub Hrozek wrote:
> On Fri, Mar 17, 2017 at 06:50:34AM +0000, Bob Hinton wrote:
>> Morning,
>>
>> We have a collection of hosts within prod1.local.lan. However, the
>> domain section of the shadow netgroups for the hosts is
>> mgmt.prod.loca
On 17/03/2017 12:48, Lukas Slebodnik wrote:
> On (17/03/17 10:40), Bob Hinton wrote:
>> On 17/03/2017 08:41, Jakub Hrozek wrote:
>>> On Fri, Mar 17, 2017 at 06:50:34AM +, Bob Hinton wrote:
>>>> Morning,
>>>>
>>>> We have a collection of
33 matches
Mail list logo