[Freeipa-users] ipa group-add mixed case?

2015-02-10 Thread David Dejaeghere
Hi, I recently deployed FreeIPA but I stumbled upon a problem with migrating my groups. The groups in our old system are mixed case. Such as MyGroup. The application that syncs these groups is case sensitive. The problem is that when i create these groups using the webgui or the ipa admin tool

Re: [Freeipa-users] ipa-replica-prepare failing

2015-04-20 Thread David Dejaeghere
but had no luck so far. Honza Dne 17.4.2015 v 15:23 David Dejaeghere napsal(a): Hi, Any more things I can try out? How do we proceed? Kind Regards, D 2015-04-15 11:48 GMT+02:00 David Dejaeghere david.dejaegh...@gmail.com mailto:david.dejaegh...@gmail.com: Hi Honza, That gave

Re: [Freeipa-users] Known issues with IPA on VM?

2015-05-06 Thread David Dejaeghere
Running FreeIPA 4.1 on Fedora 21 on Xenserver 6.2 in HVM mode. No issues. Kind Regards, David 2015-05-06 11:15 GMT+02:00 Alexander Frolushkin alexander.frolush...@megafon.ru: Hello. We have periodically hanging and crashing dirsrv in our ipa servers. All of them running in VM on Vmware.

Re: [Freeipa-users] ipa-replica-prepare failing

2015-04-17 Thread David Dejaeghere
Hi, Any more things I can try out? How do we proceed? Kind Regards, D 2015-04-15 11:48 GMT+02:00 David Dejaeghere david.dejaegh...@gmail.com: Hi Honza, That gave me the exact same output. Any ideas? Regards, D 2015-04-15 7:33 GMT+02:00 Jan Cholasta jchol...@redhat.com: Hi, Dne

Re: [Freeipa-users] ipa-replica-prepare failing

2015-04-13 Thread David Dejaeghere
Hi Rob, So you want to output of the command using pk12 with server cert and key? or with the ca chain in there too? Regards, David 2015-04-13 16:28 GMT+02:00 Rob Crittenden rcrit...@redhat.com: David Dejaeghere wrote: Hi, I get the same error when I use a pk12 with only the server

Re: [Freeipa-users] ipa-replica-prepare failing

2015-04-15 Thread David Dejaeghere
Hi Honza, That gave me the exact same output. Any ideas? Regards, D 2015-04-15 7:33 GMT+02:00 Jan Cholasta jchol...@redhat.com: Hi, Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a): David Dejaeghere wrote: Hi Rob, So you want to output of the command using pk12 with server cert

[Freeipa-users] ipa-replica-prepare failing

2015-04-07 Thread David Dejaeghere
Hello, I am trying to setup a replica for my master which has been setup with an external CA to use our godaddy wildcard certificate. The ipa-replica-prepare is failing with the following debug information. I am using --http-cert and --dirsrv-cert with my pk12 server certificate. What can I

Re: [Freeipa-users] ipa-replica-prepare failing

2015-04-10 Thread David Dejaeghere
Hi, I get the same error when I use a pk12 with only the server certificate (and key) in it. Not sure what else I can try. Regards, D 2015-04-11 0:23 GMT+02:00 Rob Crittenden rcrit...@redhat.com: David Dejaeghere wrote: Hi, I even tried the command using an export from the http service

Re: [Freeipa-users] ipa-replica-prepare failing

2015-04-09 Thread David Dejaeghere
Hi, Does somebody have any pointers for me regarding this issue? Regards, D 2015-04-07 13:34 GMT+02:00 David Dejaeghere david.dejaegh...@gmail.com: Hello, I am trying to setup a replica for my master which has been setup with an external CA to use our godaddy wildcard certificate

Re: [Freeipa-users] ipa-replica-prepare failing

2015-04-09 Thread David Dejaeghere
2015-04-09 16:16 GMT+02:00 Rob Crittenden rcrit...@redhat.com: David Dejaeghere wrote: Hi, Does somebody have any pointers for me regarding this issue? It would help very much if you'd include the version you're working with. Based on line numbers I'll assume IPA 4.1. It's hard to say

[Freeipa-users] Dns SOA MNAME not resolving from LDAP data

2015-08-20 Thread David Dejaeghere
= 1440071001 refresh = 3600 retry = 900 expire = 1209600 minimum = 3600 As you can see the SOA record still shows the original default value. Kind Regards, David Dejaeghere -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com

Re: [Freeipa-users] Dns SOA MNAME not resolving from LDAP data

2015-08-20 Thread David Dejaeghere
that fake_mname is used. Martin 2015-08-20 14:38 GMT+02:00 Martin Basti mba...@redhat.com: On 08/20/2015 02:35 PM, David Dejaeghere wrote: Aha, Correct. But i never set this. This option seems to be set by default. I verified this issue on multiple installs. It seems they all have

Re: [Freeipa-users] ipa-replica-prepare failing

2015-08-06 Thread David Dejaeghere
David Dejaeghere napsal(a): Hi, Let me know how I can assist. In the meantime could I setup a replica using a different certificate? Self signed or anything like that? Regards, D 2015-04-17 15:27 GMT+02:00 Jan Cholasta jchol...@redhat.com mailto:jchol...@redhat.com: Hi, I

[Freeipa-users] SOA Serial changes overnight and is inconsisstent with replica

2015-09-07 Thread David Dejaeghere
Hello, I noticed on the couple of installs that I am running that my zones have different soa serial values on both master and replica. I also noticed that this value is changing without adding or removing a record some time during the night. What exactly is changing this and how come these

Re: [Freeipa-users] SOA Serial changes overnight and is inconsisstent with replica

2015-09-08 Thread David Dejaeghere
increment is comming from. It is indeed logrotate. Kind Regards, David 2015-09-08 13:16 GMT+02:00 Petr Spacek <pspa...@redhat.com>: > On 8.9.2015 13:06, Martin Basti wrote: > > > > > > On 09/07/2015 03:00 PM, David Dejaeghere wrote: > >> Hello, > >> &g

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-11-07 Thread David Dejaeghere
Can somebody help us how to move ahead with this issue? It seems like nobody is picking this up? Kind Regards, David 2016-10-26 13:43 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com>: > Does anybody have a clue on how to continue with this? > > Kind Regards, > > Da

[Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-19 Thread David Dejaeghere
Hello, When installing FreeIPA we used the CA from our Windows servers. This one recently expired and we created a new one. It seems that the new root CA has another subject name and this seems to be an issue when we want to install new certs on our FreeIPA hosts. ipa-cacert-manage install

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-23 Thread David Dejaeghere
Does somebody have an idea how to replace our certificates when the new ROOT ca certificate has a different subject? The UI is down because of this. 2016-10-19 11:42 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com>: > Hello, > > When installing FreeIPA we used the CA f

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-24 Thread David Dejaeghere
a:2d:25:d5:43:b6:a7:75:a1:ef:58:f9:c9:11:e8: 09:1d Exponent: 65537 (0x10001) 2016-10-24 5:49 GMT+02:00 Fil Di Noto <fdin...@gmail.com>: > Hi, > > Can you give an example of what's different between the two subjects? > > On Sun, Oct 23, 20

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-26 Thread David Dejaeghere
Does anybody have a clue on how to continue with this? Kind Regards, David 2016-10-24 10:10 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com>: > These are both the subjects for the old and new root ca cert. > > Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,DC=loca

Re: [Freeipa-users] ipa-replica-install failing, dirsrv not starting properly during install process

2016-11-29 Thread David Dejaeghere
/XPI CN=something-PAPRIKA-CA,DC=something,DC=localCT,C,C SOMETHING.BE IPA CA CT,C,C [root@ns02 ~]# ausearch -m avc -i 2016-11-29 12:09 GMT+01:00 David Kupka <dku...@redhat.com>: > On 29/11/16 11:51, David Dejaegh

[Freeipa-users] ipa-replica-install failing, dirsrv not starting properly during install process

2016-11-29 Thread David Dejaeghere
Hi, I have a setup where i want to add a replica. The first master setup has an externally signed cert for dirsrv and httpd. The replica is prepapred succesfully with ipa-client-install but the replica install then keeps failing. It seems that during install dirserv is not configured correctly

Re: [Freeipa-users] ipa-replica-install failing, dirsrv not starting properly during install process

2016-11-29 Thread David Dejaeghere
:2.02-0.34.fc24.x86_64 kernel-4.5.5-300.fc24.x86_64 kernel-4.8.8-200.fc24.x86_64 lvm2-2.02.150-2.fc24.x86_64 xfsprogs-4.5.0-2.fc24.x86_64 2016-11-29 13:41 GMT+01:00 Petr Vobornik <pvobo...@redhat.com>: > On 11/29/2016 12:43 PM, David Kupka wrote: > > On 29/11/16 12:15, David D

Re: [Freeipa-users] ipa-replica-install failing, dirsrv not starting properly during install process

2016-11-29 Thread David Dejaeghere
Can you give me a couple of test commands? I am not familiar with Dogtag. Groeten, David 2016-11-29 14:57 GMT+01:00 David Kupka <dku...@redhat.com>: > On 29/11/16 13:55, David Dejaeghere wrote: > >> Correct. Same symptoms. >> >> 2016-11-29T10:29:42Z DEBUG

Re: [Freeipa-users] ipa-replica-install failing, dirsrv not starting properly during install process

2016-11-30 Thread David Dejaeghere
Blanc-Renaud <f...@redhat.com>: > On 11/29/2016 03:19 PM, David Dejaeghere wrote: > >> Can you give me a couple of test commands? >> I am not familiar with Dogtag. >> >> Hi, > > To reproduce the issue: > 1. install IPA server > 2. On the replica,