Re: [Freeipa-users] IPA and UIDS 500

2012-07-19 Thread Innes, Duncan
On Thu, 2012-07-19 at 07:36 -0400, Stephen Gallagher wrote: On Thu, 2012-07-19 at 00:53 +, Steven Jones wrote: Actually its pamunless IPA is as well. Which makes sense then to have an application run 500 so inherently it cannot be logged into via ssh Well, it's

[Freeipa-users] Specifying load balancing to SSSD clients

2012-08-20 Thread Innes, Duncan
Folks, Hopefully this isn't a dumb question, but I'm constrained by a few things on my estate and would be looking to deploy something like the following: 2 Datacentres 2 IPA servers at each datacentre ipa1.domain.com \_ datacentre A ipa2.domain.com / ipa3.domain.com \_ datacentre B

Re: [Freeipa-users] Specifying load balancing to SSSD clients

2012-08-20 Thread Innes, Duncan
this functionallity be of use to freeIPA in general? (my view = yes) Cheers Duncan Innes | Linux Architect From: Mark St. Laurent [mailto:mstla...@redhat.com] Sent: 20 August 2012 15:15 To: Innes, Duncan Cc: freeipa-users@redhat.com

Re: [Freeipa-users] Specifying load balancing to SSSD clients

2012-08-21 Thread Innes, Duncan
will raise a ticket. Thanks Duncan Innes | Linux Architect -Original Message- From: Simo Sorce [mailto:sso...@redhat.com] Sent: 21 August 2012 08:04 To: Innes, Duncan Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Specifying load balancing to SSSD clients

Re: [Freeipa-users] Specifying load balancing to SSSD clients

2012-08-21 Thread Innes, Duncan
the noisy servers hitting ipa1, for example! It'll do for now though. Duncan Thanks Duncan Innes | Linux Architect -Original Message- From: Simo Sorce [mailto:sso...@redhat.com] Sent: 21 August 2012 08:04 To: Innes, Duncan Cc: freeipa-users@redhat.com

Re: [Freeipa-users] Specifying load balancing to SSSD clients

2012-08-21 Thread Innes, Duncan
:48:30PM +0100, Innes, Duncan wrote: Folks, Hopefully this isn't a dumb question, but I'm constrained by a few things on my estate and would be looking to deploy something like the following: 2 Datacentres 2 IPA servers at each datacentre ipa1.domain.com \_ datacentre A ipa2

Re: [Freeipa-users] Desperate help requested.

2012-08-28 Thread Innes, Duncan
-Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of KodaK Sent: 26 August 2012 05:06 To: freeipa-users@redhat.com Subject: [Freeipa-users] Desperate help requested. I've just been informed by my boss's boss's boss that,

Re: [Freeipa-users] Backup and Restore procedures for IPA 2.2.0?

2012-12-19 Thread Innes, Duncan
Are there any results you can even talk about at this stage? If not, I'd suggest turning up the heat a notch or two to get it on the boil :-) I know this is FreeIPA, but RedHat shipping Identity Management as a supported feature without any backup/restore mechanism is a pretty big hole in

[Freeipa-users] Automated Kickstart Enrollment

2013-09-03 Thread Innes, Duncan
Hi folks, I've got a question about kickstart enrollment with a one-time password. Namely, is there any way that it can be done *without* the one-time password. We're comfortable with the pre-creation of the host in IPA, but just wonder if there's a way to enrol without the one-time password.

[Freeipa-users] Force IPA to accept password?

2013-09-26 Thread Innes, Duncan
Hi, Can I force IPA to accept a new password that I have chosen? Today I've had to change my password in 2x AD domains and other places according to policy. I've done this. But coming to IPA, I find that I've chosen a BAD PASSWORD. Without getting into the merits of the AD password policy and

Re: [Freeipa-users] Force IPA to accept password?

2013-09-26 Thread Innes, Duncan
Sorry, -Original Message- From: Martin Kosek [mailto:mko...@redhat.com] Sent: 26 September 2013 14:29 To: Innes, Duncan Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Force IPA to accept password? On 09/26/2013 01:05 PM, Innes, Duncan wrote: Hi, Can I force

Re: [Freeipa-users] Force IPA to accept password?

2013-09-27 Thread Innes, Duncan
+0100, Innes, Duncan wrote: Sorry, -Original Message- From: Martin Kosek [mailto:mko...@redhat.com] Sent: 26 September 2013 14:29 To: Innes, Duncan Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Force IPA to accept password? On 09/26/2013 01:05 PM

Re: [Freeipa-users] Force IPA to accept password?

2013-09-27 Thread Innes, Duncan
From: Martin Kosek [mailto:mko...@redhat.com] Sent: 27 September 2013 09:28 To: Innes, Duncan Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Force IPA to accept password? On 09/27/2013 09:31 AM, Innes, Duncan wrote: From: freeipa-users-boun...@redhat.com

Re: [Freeipa-users] Force IPA to accept password?

2013-09-27 Thread Innes, Duncan
-Original Message- From: Martin Kosek [mailto:mko...@redhat.com] Sent: 27 September 2013 10:17 To: Innes, Duncan Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Force IPA to accept password? On 09/27/2013 11:03 AM, Innes, Duncan wrote: From: Martin Kosek

[Freeipa-users] SUDOers config with cleartext password?

2013-09-30 Thread Innes, Duncan
Hi folks, Just wondering if it's really the case that I have to use a cleartext bindpw in my /etc/sudo-ldap.conf file in order to get sudoers looking at my FreeIPA servers? It's the first time I've looked into this side of things in FreeIPA and it just seems a bit more clunky than other areas

Re: [Freeipa-users] SUDOers config with cleartext password?

2013-09-30 Thread Innes, Duncan
Thanks, I'll try and speed up my migration to RHEL 6.4 then :) Duncan -Original Message- From: Alexander Bokovoy [mailto:aboko...@redhat.com] Sent: 30 September 2013 17:26 To: Innes, Duncan Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] SUDOers config with cleartext

[Freeipa-users] Replication issue

2014-03-04 Thread Innes, Duncan
Hi, I'm testing an upgrade of my prod IPA servers in a dev cluster at the moment. Finally completed the upgrade, so I tested some user adds via the WebUI. Added user aardvark on ipa01 - replicated to ipa02 Added user beaver on ipa02 - NOT replicated to ipa01 Added user banana on ipa02 -

Re: [Freeipa-users] Replication issue

2014-03-05 Thread Innes, Duncan
From: freeipa-users-boun...@redhat.com freeipa-users-boun...@redhat.com on behalf of Innes, Duncan duncan.in...@virginmoney.com Sent: Wednesday, 5 March 2014 9:22 a.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] Replication issue

Re: [Freeipa-users] Replication issue

2014-03-05 Thread Innes, Duncan
To: Innes, Duncan; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Replication issue On 03/04/2014 01:22 PM, Innes, Duncan wrote: Hi, I'm testing an upgrade of my prod IPA servers in a dev cluster

Re: [Freeipa-users] Backup / Restore

2014-03-27 Thread Innes, Duncan
Martin, Did the backup/restore scripts reach more than experimental status? Looks like they were released in FreeIPA 3.2. It's a problem for me that this kind of functionallity hasn't yet moved into RHEL. Backup/restore from some corporate use perspectives, cannot rely on system snapshotting.

Re: [Freeipa-users] Setting up IPA to log remotely

2014-06-03 Thread Innes, Duncan
I'm starting to log IPA to a central point too. I'd hoped the A part of IPA would have arrived, but other functionality has pushed it down the priority list. Would be good to see it arrive as something integrated with systemd/journald with fully separated log fields instead of a simple log text

Re: [Freeipa-users] Setting up IPA to log remotely

2014-06-03 Thread Innes, Duncan
. application specific logs). Cheers Duncan -Original Message- From: Josh [mailto:joka...@gmail.com] Sent: 03 June 2014 11:54 To: Innes, Duncan Cc: freeipa-users Subject: Re: [Freeipa-users] Setting up IPA to log remotely On Jun 3, 2014, at 4:37 AM, Innes, Duncan duncan.in

Re: [Freeipa-users] FreeIPA public demo available

2014-06-06 Thread Innes, Duncan
This is good to see - sometimes difficult to be allowed to pop up another dev IPA server in a corporate network. Is it possible to determine the current running version of IPA from the Web interface? Never had to do this as I've always had console access to my servers, but I can't find anywhere

Re: [Freeipa-users] FreeIPA public demo available

2014-06-06 Thread Innes, Duncan
I've already seen some screenshots - it's a *big* improvement! -Original Message- From: Martin Kosek [mailto:mko...@redhat.com] Sent: 06 June 2014 09:08 To: Innes, Duncan; freeipa-users@redhat.com Subject: Re: [Freeipa-users] FreeIPA public demo available Good question. Note

[Freeipa-users] Standard Logging

2014-06-17 Thread Innes, Duncan
Hi folks, Is there any movement towards getting FreeIPA to use more standard logging tools? Journald or rsyslog. Wondering because at the moment, the rotation of logs is non standard compared to most of the rest of our estate. It would be a boost for us to know that rsyslog/journald are

Re: [Freeipa-users] Standard Logging

2014-06-17 Thread Innes, Duncan
Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: 17 June 2014 17:07 To: Innes, Duncan; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Standard Logging Innes, Duncan wrote: Hi folks, Is there any movement towards getting FreeIPA to use more standard logging

[Freeipa-users] FreeIPA 4.0 Demo

2014-07-10 Thread Innes, Duncan
I may be jumping the gun slightly, but I'm wondering when the demo site will be upgraded to FreeIPA 4.0? Cheers D This message has been checked for viruses and spam by the Virgin Money email scanning system powered by Messagelabs. This e-mail is intended to be confidential to the recipient.

[Freeipa-users] PatternFly questions

2014-07-18 Thread Innes, Duncan
Just poking around the new 4.0 demo page and very much liking what I see. This will make a big difference in use on large estates. A couple PatternFly related questions though: 1. The tables don't sort by column if I click on a column header. Is this not available in PatternFly yet, or have

Re: [Freeipa-users] PatternFly questions

2014-07-18 Thread Innes, Duncan
Hi Petr, On 18/07/2014 11:24, Petr Vobornik wrote: Hello Duncan, thank you for the input. If you or somebody else have any Web UI ideas/RFEs, feel free to write them down. I would like to know what people don't like or would like to have. On 18.7.2014 10:21, Innes, Duncan wrote: Just

Re: [Freeipa-users] PatternFly questions

2014-07-31 Thread Innes, Duncan
/18/2014 09:23 AM, Martin Kosek wrote: On 07/18/2014 03:12 PM, Dmitri Pal wrote: On 07/18/2014 08:17 AM, Innes, Duncan wrote: Hi Petr, On 18/07/2014 11:24, Petr Vobornik wrote: Hello Duncan, thank you for the input. If you or somebody else have any Web UI ideas/RFEs, feel free to write

Re: [Freeipa-users] PatternFly questions

2014-08-18 Thread Innes, Duncan
Bump Back to work now - do you want RFE's written up for this stuff, or do you have it in hand? D -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Innes, Duncan Sent: 31 July 2014 21:47 To: d...@redhat.com; Martin Kosek

Re: [Freeipa-users] Test connectivity before joining domain

2014-10-27 Thread Innes, Duncan
: 27 October 2014 13:45 To: Innes, Duncan Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Test connectivity before joining domain On Mon, 27 Oct 2014 12:13:46 - Innes, Duncan duncan.in...@virginmoney.com wrote: Hi, Have been using `ping` to test connectivity from our clients

[Freeipa-users] Logging: IPA to Rsyslog to Logstash

2014-12-19 Thread Innes, Duncan
Earlier this year I said I'd feed back how my IPA to Rsyslog to Logstash experiments went. They went badly. And I didn't get much time. Today, however, I managed to get over my imaginary finishing line: All systems are RHEL 6.6. Rsyslog (rsyslog7-7.4.10) is configured to import logs from some

Re: [Freeipa-users] Minimum Disk Size

2015-02-04 Thread Innes, Duncan
Our standard RHEL6 OS install worked perfectly well for testing IPA with larger user/host numbers: part /boot --fstype=ext4 --size=256 --ondisk=sda --fsoptions noatime part pv.01 --size=1000 --grow --ondisk=sda volgroup vg_root pv.01 logvol / --vgname=vg_root --name=lv_root

Re: [Freeipa-users] Real-time replication status (RFE)?

2015-02-05 Thread Innes, Duncan
The screen mockup in that ticket is based on a Perl script that I stuck in cgi-bin to pull just those stats off each IPA server I have and display them. Can share the code if you're interested. D -Original Message- From: freeipa-users-boun...@redhat.com

Re: [Freeipa-users] Real-time replication status (RFE)?

2015-02-06 Thread Innes, Duncan
- it's a while ago that I sorted it out. HTH Duncan -Original Message- From: Baird, Josh [mailto:jba...@follett.com] Sent: 05 February 2015 17:08 To: Innes, Duncan; Rob Crittenden; freeipa-users@redhat.com Subject: RE: [Freeipa-users] Real-time replication status (RFE)? That would

Re: [Freeipa-users] Logging: IPA to Rsyslog to Logstash

2015-01-05 Thread Innes, Duncan
-Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal Sent: 20 December 2014 03:37 To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Logging: IPA to Rsyslog to Logstash On 12/19/2014 11:35 AM, Innes

Re: [Freeipa-users] Logging: IPA to Rsyslog to Logstash

2015-01-05 Thread Innes, Duncan
Sure - efforts so far at: http://www.freeipa.org/page/Centralised_Logging_with_Logstash/ElasticSea rch/Kibana Hope it helps. Cheers Duncan -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek Sent: 05 January

Re: [Freeipa-users] Real-time replication status (RFE)?

2015-02-09 Thread Innes, Duncan
ones back up. This page was of high value at that time. It's still useful for an occasional check of the status. D -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: 06 February 2015 14:06 To: Innes, Duncan; Baird, Josh; freeipa-users@redhat.com Subject: Re

[Freeipa-users] Which client is noisy?

2015-06-01 Thread Innes, Duncan
I've got an IPA installation with 8 servers replicating between each other across various parts of our network. Recently I've started pushing the dirsrv logs to a remote log collector from 4 of these machines and see a huge disparity in the number of entries being sent. ipa01 - ~42,000 logs per

Re: [Freeipa-users] Which client is noisy?

2015-06-01 Thread Innes, Duncan
To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Which client is noisy? On 1.6.2015 10:56, Innes, Duncan wrote: We don't have access to the _SRV_ records as the AD domain controls that, so we had to hard code the main and failover servers on the Side note: It sounds that your FreeIPA

Re: [Freeipa-users] FreeIPA and sudo Defaults

2015-08-04 Thread Innes, Duncan
in the Defaults for the user. Thanks D From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Innes, Duncan Sent: 04 August 2015 10:58 To: freeipa-users@redhat.com Subject: [Freeipa-users] FreeIPA and sudo Defaults Hi

Re: [Freeipa-users] FreeIPA and sudo Defaults

2015-08-04 Thread Innes, Duncan
...@redhat.com] On Behalf Of Innes, Duncan Sent: 04 August 2015 12:10 To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] FreeIPA and sudo Defaults Information: IPA server and client both running on RHEL 6.7 fully patched. IPA server version: ipa-server-3.0.0-47.el6.x86_64 sssd client version

[Freeipa-users] FreeIPA and sudo Defaults

2015-08-04 Thread Innes, Duncan
Hi folks, Struggling with creating a sudo rule in IPA that will allow my foreman-proxy to run specific commands. When I put the following into /etc/sudoers.d/foreman: [root@puppet01 ~]# cat /etc/sudoers.d/foreman foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *, /usr/bin/puppet kick *