Re: [Freeipa-users] OS X Yosemite unable to authenticate

2016-06-21 Thread Cal Sawyer
it might related (not, as it turns out) So, would anyone on the IPA team be interested in looking at some packet captures? I'm completely up for working with you, providing whatever is needed and doing testing. It would be fantastic to restore IPA-based auth for newer OSX releases.

Re: [Freeipa-users] OS X Yosemite unable to authenticate

2016-06-21 Thread Cal Sawyer
n get your secondary groups by: In Groups add attribute 'GroupMembership' mapped to 'memberUID' thanks! Cal Sawyer | Systems Engineer | BlueBolt Ltd 15-16 Margaret Street | London W1W 8RW +44 (0)20 7637 5575 | www.blue-bolt.com On 21/06/16 15:07, Joe DiTommasso wrote: I&#x

Re: [Freeipa-users] OS X Yosemite unable to authenticate

2016-06-21 Thread Cal Sawyer
the same: ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64 Any chance i could get a denatured plist from you offline, Joe? cheers Cal Sawyer | Systems Engineer | BlueBolt Ltd 15-16 Margaret Street | London W1W 8RW +44 (0)20 7637 5575 | www.blue-bolt.com On 21/06/16 16:07, Joe DiTommasso wrote: No fidd

[Freeipa-users] Unable to import OpenLDAP users/groups with migrate-ds

2015-11-04 Thread Cal Sawyer
ager naturally exists in ldapdomain.local and i've definitely supplied the correct password (we use the same creds to manage LDAP using phpldapadmin) Hoping that someone has some experience with this and can point me in the right direction? thanks -- Cal Sawyer | Systems Engineer | BlueBo

Re: [Freeipa-users] Unable to import OpenLDAP users/groups with migrate-ds

2015-11-04 Thread Cal Sawyer
Number: 194400 memberUid: admin cn: admins A side question: can i use migrate-ds to bring in automount and sudoer maps from OpenLDAP? thanks again Cal Sawyer | Systems Engineer | BlueBolt Ltd 15-16 Margaret Street | London W1W 8RW +44 (0)20 7637 5575 | www.blue-bolt.com On 04/11/15 1

Re: [Freeipa-users] Unable to import OpenLDAP users/groups with migrate-ds

2015-11-05 Thread Cal Sawyer
? I am "mildly" resenting having to set up EL7, with all of it's uncharming peculiarities, in order to get relatively recent IPA 4.1 thus preserving future upgradability. Thanks very much, Rob and Martin, for your quick and helpful replies cheers Cal Sawyer | Systems Engineer

[Freeipa-users] IPA 4.1.0 UI certificate confusion

2015-11-06 Thread Cal Sawyer
ell. My working environment is CentOS 6.6. The Opera browser on the contrary sees both hosts equally well with zero complaints Is this behaviour by design or ? thanks -- Cal Sawyer | Systems Engineer | BlueBolt Ltd 15-16 Margaret Street | London W1W 8RW +44 (0)20 7637 5575 | www.

Re: [Freeipa-users] IPA 4.1.0 UI certificate confusion

2015-11-06 Thread Cal Sawyer
will block That idea of specifying a different timestamp in Subject when installing secondary instances seems worth trying right now and will report back cheers Cal Sawyer | Systems Engineer | BlueBolt Ltd On 06/11/15 17:03, Martin Kosek wrote: On 11/06/2015 05:16 PM, Cal Sawyer wrote: Hel

Re: [Freeipa-users] IPA 4.1.0 UI certificate confusion

2015-11-06 Thread Cal Sawyer
Confirming that inclusion of a timestamped subject works well, Martin. Can open both instances in separate tabs the same Firefox session. Same is possible in Chrome, which dislikes the certs and does its red-cross thing many thanks for this fix! Cal Sawyer | Systems Engineer | BlueBolt Ltd

Re: [Freeipa-users] IPA, autofs, kerberos

2015-12-11 Thread Cal Sawyer
? autofs_ldap_auth.conf is currently - cal sawyer On 11/12/15 13:25, Cal Sawyer wrote: Hi After getting autofs working using automountmaps in IPA, i've discovered that upon rebooting a client i have no automounts. If i ssh into the client and obtain a ticket as admin, after resta

[Freeipa-users] IPA, autofs, kerberos

2015-12-13 Thread Cal Sawyer
user logins which depend on network home mount consistently fail Question is, how can this be made automatic on reboot? thanks - cal sawyer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info o

[Freeipa-users] OS X Yosemite unable to authenticate

2015-12-20 Thread Cal Sawyer
rectory Utility setup. Hoping someone here has some contemporary experience with OSX and IPA and for whom this issue rings a bell? many thanks Cal Sawyer | Systems Engineer | BlueBolt Ltd 15-16 Margaret Street | London W1W 8RW +44 (0)20 7637 5575 | www.blue-bolt.com -- Manage

Re: [Freeipa-users] OS X Yosemite unable to authenticate

2015-12-21 Thread Cal Sawyer
nyone think of something i may have missed? It's a real shame that the documentation on this stops around 5 years ago. IPA devs: is there anything i should be on the lookout for in the dirsrv or krb5 logs on the IPA master? I've disabled the secondary to prevent replication from clouding

[Freeipa-users] Replica without CA: implications?

2016-03-09 Thread Cal Sawyer
CA to the replica without destroying and reprovisioning with --setup-ca this time? thanks - cal sawyer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Replica without CA: implications?

2016-06-02 Thread Cal Sawyer
aserver/install/ca.py", line 49, in install_check sys.exit("CA is already installed.\n") ipa : DEBUGThe ipa-ca-install command failed, exception: SystemExit: CA is already installed. >> CA is already installed. thanks - cal sawyer On 09/03/16 16:13,

Re: [Freeipa-users] Replica without CA: implications?

2016-06-07 Thread Cal Sawyer
tting these Mac clients to play nicely with IPA ... thanks for the help and advice - cal On 02/06/16 22:27, Rob Crittenden wrote: Cal Sawyer wrote: Apologies for the lengthy pause in getting back onto this. I ended up destroying the replica and reprovisioning frmm scratch, but the replica still li

[Freeipa-users] How to get FreeIPA feature requests ack'd?

2016-06-07 Thread Cal Sawyer
yle" ordering of IP addresses (1, 10 100, 2) - record and subtree cloning would be a terrific feature when working with automount maps and sudo objects that are fiddly to edit in the UI. Essentially, what phpldapadmin allows thank you, - cal sawyer -- Manage your subscription for the F

Re: [Freeipa-users] Replica without CA: implications?

2016-06-08 Thread Cal Sawyer
On 08/06/16 09:23, Martin Kosek wrote: On 06/07/2016 04:10 PM, Cal Sawyer wrote: ... I found that installing a replica with firewalld enabled would consistently fail during initial replication. Disabling firewalld always allowed replication and later stages to complete [24/38

Re: [Freeipa-users] Replica without CA: implications?

2016-06-08 Thread Cal Sawyer
In /var/log/dirsrv/slapd-LOCALDOMAIN-LOCAL/errors on all IPA master/replicas:, there's a multitude of these messages. There are no other error messages and replication, from viewing access log, appears to be working [08/Jun/2016:10:06:08 +0100] attrlist_replace - attr_replace (nsslapd-referr

Re: [Freeipa-users] Replica without CA: implications?

2016-06-08 Thread Cal Sawyer
Thanks very much for this, Petr. [08/Jun/2016:12:28:42 +0100] NSMMReplicationPlugin - CleanAllRUV Task (rid 8): Successfully cleaned rid(8). on master and all replicas. Voila - all error logs are now quiet Cal Sawyer | Systems Engineer | BlueBolt Ltd 15-16 Margaret Street | London W1W 8RW