[Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-21 Thread Mark Heslin
Hi All, I had some off-list exchanges with Petr Spacek on this but am still trying to work out the correct syntax. I have 2 hosts: - foo1.example.com - foo2.example.com and would like to create a round-robin DNS srv record for both called foo.example.com I already have DNS entries

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Mark Heslin
: On 22.7.2014 00:13, Mark Heslin wrote: Hi All, I had some off-list exchanges with Petr Spacek on this but am still trying to work out the correct syntax. I have 2 hosts: - foo1.example.com - foo2.example.com and would like to create a round-robin DNS srv record for both called

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Mark Heslin
On 07/22/2014 08:00 AM, Mark Heslin wrote: Martin, Petr, I didn't see that missing dot . - good catch. As always the devil is in the details :-) Two follow up questions: 1. I've set the priority and weighting equally here but I will add a third host so would it make sense to just

[Freeipa-users] Correct *usage* for round-robin DNS srv records

2014-07-23 Thread Mark Heslin
broker (foo1) and second broker (foo2). -m On 07/22/2014 08:06 AM, Mark Heslin wrote: On 07/22/2014 08:00 AM, Mark Heslin wrote: Martin, Petr, I didn't see that missing dot . - good catch. As always the devil is in the details :-) Two follow up questions: 1. I've set the priority

[Freeipa-users] id: cannot find name for group ID

2014-07-24 Thread Mark Heslin
Happy Friday, I'm getting this message on login to an IPA client and not sure why: $ ssh -Y -l *ose-dev1* rhc1.interop.example.com ose-d...@rhc1.interop.example.com's password: Last login: Thu Jul 24 19:46:46 2014 from rhc1.interop.example.com Kickstarted on 2013-12-11 *id: cannot find

Re: [Freeipa-users] id: cannot find name for group ID

2014-07-25 Thread Mark Heslin
alarm. -m On 25/07/14 13:22, Mark Heslin wrote: Happy Friday, I'm getting this message on login to an IPA client and not sure why: $ ssh -Y -l *ose-dev1* rhc1.interop.example.com ose-d...@rhc1.interop.example.com's password: Last login: Thu Jul 24 19:46:46 2014 from rhc1

[Freeipa-users] SSSD startup failures on ipa clients

2014-07-27 Thread Mark Heslin
Folks, I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA admin (tools) client all running RHEL 7.0. All OpenShift hosts, client and IPA client are members of IPA

Re: [Freeipa-users] SSSD startup failures on ipa clients

2014-07-28 Thread Mark Heslin
Hi Jakub, I've added the output of 'sssd -i -d4' below: On 07/28/2014 03:39 AM, Jakub Hrozek wrote: On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin wrote: Folks, I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all running RHEL 6.5

Re: [Freeipa-users] SSSD startup failures on ipa clients

2014-07-28 Thread Mark Heslin
at 08:28:01AM -0400, Mark Heslin wrote: On 07/28/2014 07:33 AM, Jakub Hrozek wrote: On Mon, Jul 28, 2014 at 07:28:22AM -0400, Mark Heslin wrote: Hi Jakub, I've added the output of 'sssd -i -d4' below: On 07/28/2014 03:39 AM, Jakub Hrozek wrote: On Sun, Jul 27, 2014 at 10:42:34PM -0400, Mark Heslin

Re: [Freeipa-users] IPA Replica Issues

2014-07-28 Thread Mark Heslin
On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote: Hello, I'm currently running into some issues with my replica server. I noticed it wasn't getting any updates from the master server so I tried to do a force-sync but it states that it is an invalid password which I know it is not the

Re: [Freeipa-users] IPA Replica Issues

2014-07-28 Thread Mark Heslin
On 07/28/2014 02:12 PM, Mark Heslin wrote: On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote: Hello, I'm currently running into some issues with my replica server. I noticed it wasn't getting any updates from the master server so I tried to do a force-sync but it states

Re: [Freeipa-users] AD Trusts: Should tcp/389/636 be excluded or not?

2014-08-04 Thread Mark Heslin
On 08/04/2014 04:37 PM, Alexander Bokovoy wrote: On Mon, 04 Aug 2014, Mark Heslin wrote: Folks, Does anyone know the current disposition of $subject? The FreeIPA documentation: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Firewall_configuration would seem to indicate

Re: [Freeipa-users] Enabling ntp if not done during ipa-server-install

2014-08-15 Thread Mark Heslin
On 08/15/2014 03:51 PM, Simo Sorce wrote: On Fri, 2014-08-15 at 20:46 +0200, Petr Viktorin wrote: On 08/15/2014 08:11 PM, Lucas Yamanishi wrote: On 08/15/2014 10:33 AM, Redmond, Stacy wrote: I installed my ipa server with –no-ntp but find that I want to enable it on my server, and all my

Re: [Freeipa-users] Fedora Core IPTables or FirewallID?

2014-08-26 Thread Mark Heslin
:22 AM, Mark Heslin mhes...@redhat.com mailto:mhes...@redhat.com wrote: Hi Chris, Take a look at the attached snippet - it will walk you through configuring firewalld with named chains on RHEL 7. You don't have to use named chains but makes managing multiple chains

[Freeipa-users] Services and Keytabs for load-balanced hostnames

2014-09-29 Thread Mark Heslin
Folks, I'm looking for the best approach to take for configuring IdM clients to access web services (HTTP) with keytabs when a front-end load-balanced hostname is in place. I have a distributed OpenShift Enterprise configuration with three broker hosts (broker1, broker2, broker3) with all

Re: [Freeipa-users] Services and Keytabs for load-balanced hostnames

2014-09-29 Thread Mark Heslin
On 09/29/2014 04:25 PM, Alexander Bokovoy wrote: On Mon, 29 Sep 2014, Mark Heslin wrote: Folks, I'm looking for the best approach to take for configuring IdM clients to access web services (HTTP) with keytabs when a front-end load-balanced hostname is in place. I have a distributed

Re: [Freeipa-users] FreeIPA server in Docker container improved

2015-04-08 Thread Mark Heslin
On 04/08/2015 08:42 AM, Jan Pazdziora wrote: Hello world! The ability to run FreeIPA server in a container was recently improved by adding support for storing the server configuration and data in a volume, making it easier to backup the server, upgrade it to newer versions, as well as adding