Re: [Freeipa-users] DNS views: request for comments

the data for particular name from all record groups and then apply overrides for particular instance. It means a lot of bookkeeping after each change ... Proposal - variant 0 Do not implement it in bind-dyndb-ldap and wait if Martin Basti succeeds with his

Re: [Freeipa-users] DNS records not removed

Hi, which version of IPA do you use? It looks like a bug. On 08/07/14 13:36, Stephen Benjamin wrote: Hi, When trying to delete a host with updatedns=true, it's not working - it can't find the records, but they do exist. Any ideas what's wrong? The records exist... [root@ipa01 httpd]# ipa

Re: [Freeipa-users] DNS records not removed

On 09/07/14 11:27, Stephen Benjamin wrote: - Original Message - From: Martin Basti mba...@redhat.com To: Stephen Benjamin step...@redhat.com, freeipa-users@redhat.com Sent: Tuesday, July 8, 2014 3:50:22 PM Subject: Re: [Freeipa-users] DNS records not removed Hi, which version of IPA

Re: [Freeipa-users] [SOLVED] DNS records not removed

On 09/07/14 12:41, Stephen Benjamin wrote: On Wed, Jul 09, 2014 at 12:05:04PM +0200, Martin Basti wrote: On 09/07/14 11:27, Stephen Benjamin wrote: - Original Message - From: Martin Basti mba...@redhat.com To: Stephen Benjamin step...@redhat.com, freeipa-users@redhat.com Sent: Tuesday

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

- I'm assuming the port (53) is correct for DNS here as well. Thank you very much, -m -- Red Hat Reference Architectures Follow Us:https://twitter.com/RedHatRefArch Plus Us:https://plus.google.com/u/0/b/114152126783830728030/ Like Us:https://www.facebook.com/rhrefarch -- Martin Basti

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

Reference Architectures Follow Us:https://twitter.com/RedHatRefArch Plus Us:https://plus.google.com/u/0/b/114152126783830728030/ Like Us:https://www.facebook.com/rhrefarch -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo

Re: [Freeipa-users] Correct *usage* for round-robin DNS srv records

) is correct for DNS here as well. What are you trying to achieve? The port number refers to port used by your application, not to DNS. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http

Re: [Freeipa-users] ipa-replica-prepare failed - could not create forward DNS zone

-- Have you any idea about that? Or , is it an error? 10.1.1.183 is rep.ipa.grp (replica) 101.1.173 is srv.ipa.grp (IPA server) Hello, can you resolve the srv.ipa.grp. address? $ dig A srv.ipa.grp. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https

Re: [Freeipa-users] Error cretaing Replica

notify the sender and delete it from your system. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] F20 Problem upgrading to 4.1

On 27/10/14 18:53, John Obaterspok wrote: 2014-10-27 12:19 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 26/10/14 21:39, John Obaterspok wrote: Hi, I enabled mkosek-freeipa repo for F20 and updated freeipa-server from 3.3.5 to 4.1. The yum update

Re: [Freeipa-users] F20 Problem upgrading to 4.1

GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 27/10/14 18:53, John Obaterspok wrote: 2014-10-27 12:19 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 26/10/14 21:39, John Obaterspok wrote: Hi, I enabled

Re: [Freeipa-users] F20 Problem upgrading to 4.1

or not? are all services running? (ipactl status) are tokens created in /var/lib/ipa/dnssec/tokens can you dig records from IPA DNS? Martin^2 I haven't verified that it works, but I feel confident :) -- john 2014-10-27 20:09 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 27/10

Re: [Freeipa-users] F20 Problem upgrading to 4.1

Martin, -- john You are welcome :-) 2014-10-27 20:40 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 27/10/14 20:34, John Obaterspok wrote: hmm... Could not connect to the Directory Server So I started it with start-dirsrv since systemctl start ipa failed

Re: [Freeipa-users] F20 Problem upgrading to 4.1

: This entry already exists Hello Michael, can you send me which entries do you have in cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com, it looks like directory server doesn't generate uniqueID for keys. Do you have upgraded IPA or fresh installed? Martin^2 -- Martin Basti -- Manage your

Re: [Freeipa-users] F20 Problem upgrading to 4.1

/28/14, 3:21 AM, Martin Basti wrote: On 28/10/14 06:14, Michael Lasevich wrote: Running into same thing, but running ipa-dnsinstall does not complete: = Configuring DNS (named) [1/8]: generating rndc key file WARNING: Your system is running out of entropy, you may

Re: [Freeipa-users] dns stops working after upgrade

.fc20.x86_64.rpm from fedora 20 updates repo after the update its 6.0-5.fc20.x86_64.rpm from copr repo Regards Rob 2014-10-28 17:58 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com

Re: [Freeipa-users] dns stops working after upgrade

On 29/10/14 15:56, Martin Basti wrote: On 29/10/14 15:46, Rob Verduijn wrote: You're right duh I should read more carefully and not try to do to many things at once. when using the dns principal and keytab the entries are not found. How do i fix the access controll instructions ? I can

Re: [Freeipa-users] dns stops working after upgrade

On 29/10/14 16:13, Martin Basti wrote: On 29/10/14 15:56, Martin Basti wrote: On 29/10/14 15:46, Rob Verduijn wrote: You're right duh I should read more carefully and not try to do to many things at once. when using the dns principal and keytab the entries are not found. How do i fix

Re: [Freeipa-users] dns stops working after upgrade

with some debug options if you like so you can pinpoint what goes wrong with the update script if you like. Rob We know where the problem is, and we though we fixed it, but obviously some parts of problem persist. Thank you for your patience :-) 2014-10-29 16:13 GMT+01:00 Martin Basti mba

Re: [Freeipa-users] F20 Problem upgrading to 4.1

,dc=my,dc=domain,dc=com entry, and run ipa-ldap-updater --upgrade, then reinstall DNS (rerun ipa-dns-install) Let me know if it works. On 10/29/14, 3:03 AM, Martin Basti wrote: On 28/10/14 20:54, Michael Lasevich wrote: I have a pair of servers that were both installed on clean Fedora20 4.0.1

Re: [Freeipa-users] Errors upgrading 4.0.1 to 4.1

) == 0) failed Any help would be appreciated -M -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Errors upgrading 4.0.1 to 4.1

On 30/10/14 19:18, Michael Lasevich wrote: Makes sense. What is the solution here? I have the latest 389-ds installed but still getting allowWeakCipher error - how to I get around that? -M Sorry I don't know, I CCied Ludwig, he is DS guru. Martin^2 On 10/30/14, 11:12 AM, Martin Basti

Re: [Freeipa-users] dns stops working after upgrade

in upgrade process right now so there is not much to test except package dependencies. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https

Re: [Freeipa-users] dns stops working after upgrade

,dc=thuis member: cn=Smart Proxy Host Management,cn=privileges,cn=pbac,dc=tjako,dc=thuis # search result search: 4 result: 0 Success # numResponses: 2 # numEntries: 1 2014-11-05 16:31 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: Hello, can you send content

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

, dirserv was really slow. Can you send journalctl -b -u named log when dig doesn't work?? -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

[Freeipa-users] Fwd: Re: dns stops working after upgrade

Forward message back to list Original Message Subject:Re: [Freeipa-users] dns stops working after upgrade Date: Thu, 6 Nov 2014 21:42:55 +0100 From: Rob Verduijn rob.verdu...@gmail.com To: Martin Basti mba...@redhat.com Hi again, I tried the update to 4.1.1

Re: [Freeipa-users] DS failed after upgrade

Changed subject. Rob CCed On 07/11/14 09:52, Martin Basti wrote: Forward message back to list Original Message Subject:Re: [Freeipa-users] dns stops working after upgrade Date: Thu, 6 Nov 2014 21:42:55 +0100 From: Rob Verduijn rob.verdu...@gmail.com

Re: [Freeipa-users] DNS stops working after upgrade (was DS failed after upgrade)

it. The are again only 7 DNS aci objects are still in the ds.( same as before when it failed ) I also noticed that there are also quite a lot lower case dns aci objects. Rob Hi, do you have any errors in /var/log/ipaupgrade.log ? 2014-11-07 10:25 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba

Re: [Freeipa-users] DNS stops working after upgrade (was DS failed after upgrade)

2014-11-07T13:10:03Z DEBUG Live 1, updated 1 2014-11-07T13:10:03Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'desc': 'Operations error'} 2014-11-07T13:10:03Z ERROR Update failed: Operations error: That's it Rob 2014-11-07 13:56 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba

Re: [Freeipa-users] Free ipa Configurations

installation. Are you sure the forwarder is working? Can you resolve root zone using this forwarder? Workaround is to install server without --forwarder option, after installation you can add global forwarder using command dnsconfig-mod --forwarder=a.b.c.d HTH Martin^2 -- Martin Basti -- Manage

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

more generic. Regards, Walter On Thu, Nov 6, 2014 at 5:00 PM, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 06/11/14 14:58, Walter van Lille wrote: Hi, I need some assistance please. I've taken over an IPA server to manage a few months ago

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

/Nov/2014:13:57:08 +0200] - slapd_poll(78) timed out* * * * * * * On Tue, Nov 11, 2014 at 1:19 PM, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: IMHO It's DS bug, can you share DS error log? pspacek CCed to examine named logs. Martin^2 On 11/11/14 12:13, Walter

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

On 11/11/14 15:58, Rich Megginson wrote: On 11/11/2014 06:20 AM, Ludwig Krispenz wrote: On 11/11/2014 02:14 PM, Martin Basti wrote: Ludiwg (CCed) this seems like old (fixed?) DS bug. hmm, it says limit is 2097152, so it already has the new setting, but the error message says the packet

Re: [Freeipa-users] DNS configuration

systemctl status named (respectively journalctl -u named) -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] some problems after migrating from 3.0 to 3.3

.localdomain.local Address: 192.168.1.92 IMO the behavior is expected, deleting old replica 'infra', should remove the DNS record of replica as well try following command to detect if there is the infra replica record in LDAP $ ipa dnsrecord-find localdomain.local -- Martin Basti -- Manage your

Re: [Freeipa-users] JSON error enrolling host (Fedora 21 / IPA 4.1.2)

persist, please send journalctl -u named-pkcs11 log. Martin^2 -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] JSON error enrolling host (Fedora 21 / IPA 4.1.2)

On 02/02/15 16:07, Martin Basti wrote: On 02/02/15 14:13, Gerardo Cuppari wrote: Hello! I am trying to enroll one host to my IPA server (4.1.2) and I am having one problem: the ipa-client-install script keeps giving me errors at the forwarding ping to json server step. My configuration

Re: [Freeipa-users] basic question on DNS configuration

'internal.example.com' will be resolved. If I understand correctly, it is internal network, so you do not need public resolvable domain names. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org

Re: [Freeipa-users] JSON error enrolling host (Fedora 21 / IPA 4.1.2)

2015-02-02 12:17 GMT-03:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 02/02/15 16:07, Martin Basti wrote: On 02/02/15 14:13, Gerardo Cuppari wrote: Hello! I am trying to enroll one host to my IPA server (4.1.2) and I am having one problem: the ipa-client-install

Re: [Freeipa-users] basic question on DNS configuration

February 2015 at 10:34, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 03/02/15 16:52, Craig White wrote: *From:*freeipa-users-boun...@redhat.com mailto:freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Roberto

Re: [Freeipa-users] Having trouble running FreeIPA with SRV records on externally managed DNS

the TXT record changed. Unfortunately I can't do it myself, so can't check this instantly, but I will see what happens... Thanks, Rob Hello, remove the trailing dot in TXT record, it could cause problems. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https

Re: [Freeipa-users] join error [solved]

ipaclient-install.log. rob For record: Mohammad had his own compiled curl, which doesn't work with IPA. It works with the original one. Martin^2 *From:* Martin Basti mba...@redhat.com *To:* mohammad sereshki

Re: [Freeipa-users] Typo on Troubleshooting page

and replica. Thanks, Dave Thank you, fixed. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] bug with ipa-replica and external dns?

-276-5468 poste 135 Fax : 514-276-5465 7275 Saint Urbain Bureau 200 Montréal, QC, H2R 2Y5 Hello, configure A/ and reverse records for srv-idm7-02.hq.company.com on your external DNS Then run just ipa-replica-prepare srv-idm7-02.hq.company.com It should work. HTH -- Martin Basti

Re: [Freeipa-users] bug with ipa-replica and external dns? [SOLVED]

for you. - Mail original - De: Nicolas Zin nicolas@savoirfairelinux.com À: Martin Basti mba...@redhat.com Cc: freeipa-users@redhat.com Envoyé: Mardi 10 Février 2015 14:14:13 Objet: Re: [Freeipa-users] bug with ipa-replica and external dns? - Mail original - De: Martin Basti mba

Re: [Freeipa-users] join error

On 16/02/15 11:02, mohammad sereshki wrote: * Server auth using Basic with user '' Hello, It looks like anonymous user. Which version of IPA do you use? Did you specified right user with ability to enroll client? Martin^2 -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] DNS forwarders

=8.8.4.4 --forwarder=8.8.8.8 ... or using webUI This setting will override configuration of forwarders in named.conf. I don't know if there are some historical reasons to configure forwarders only in named.conf during installation, do you know Petr? -- Martin Basti -- Manage your subscription

Re: [Freeipa-users] IPA 4.1.0 in RHEL 7.1

server do you have in /etc/resolv.conf? IPA DNS server + configured DNS forward zone or do you have there AD IP address directly? Martin Basti (CCed) recently found an issue with this check and DNS forwarders IIRC. Hello, IPA tests forwarders, if they are able to return signed root zone

Re: [Freeipa-users] Errors while adding DNS Zone

`: bad zone Hello, do you have proper NS delegation in example.com. zone? ipa dnsrecord-add example.com. xyz.example.com. --ns-rec=server2.xyz.example.com Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS

. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] Forward first not working

are configured (name, delegation)? Default forwarding policy is first, IMO both of your examples with forwarding enabled are forwarding first policy. Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http

Re: [Freeipa-users] Forward first not working

. Hall of Innovation Inductee/ https://www.youtube.com/user/BlackDuckSoftware On Feb 25, 2015, at 12:42 PM, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 25/02/15 17:59, Shaun Martin wrote: Hi, I am having an issue with the forward first not appear to be working. I have two

Re: [Freeipa-users] freeipa-server on Raspberry Pi 2

, Winfried Hello, you can try: https://www.redhat.com/archives/freeipa-users/2015-April/msg00076.html -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] DNS lookups after replica(master) added

on replicas? journalctl -u named or journalctl -u named-pkcs11 (depends on IPA version) Is /etc/resolv.conf configured properly on client? What kind of anonymous connections do you mind to DNS server? Standard DNS queries? nsupdate? Martin -- Martin Basti -- Manage your subscription for the Freeipa

Re: [Freeipa-users] Fw: Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

://freeipa.org for more info on the project -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] FreeIPA SAML and Google Apps

On 28/04/15 08:53, Andrew Holway wrote: Hi, Is it yet possible to use FreeIPA as an identity provider to Google Apps via SAML. I understand there was some project afoot Thanks, Andrew Maybe this would help. https://fedorahosted.org/ipsilon/ -- Martin Basti -- Manage your

Re: [Freeipa-users] Using CNAME to point to different domain name

be set on that external server, IPA cannot help in this case. Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Using CNAME to point to different domain name [SOLVED]

On 07/05/15 18:30, Andrey Ptashnik wrote: Hi Martin, Thank you for a catch! I just noticed that I was missing the dot you mentioned! Regards, Andrey From: Martin Basti mba...@redhat.com mailto:mba...@redhat.com Date: Thursday, May 7, 2015 at 2:37 AM To: Andrey Ptashnik aptash...@cccis.com

Re: [Freeipa-users] Configuration of CA failed

On 14/05/15 13:54, Remigio Moncayo Serrano wrote: I fail to see the problem in the logs so I’m attaching the file here *De:*Martin Basti [mailto:mba...@redhat.com] *Enviado el:* jueves, 14 de mayo de 2015 13:05 *Para:* Remigio Moncayo Serrano; freeipa-users@redhat.com *Asunto:* Re: [Freeipa

Re: [Freeipa-users] Configuration of CA failed

Hello, can you please check error logs of DS? /var/log/dirsrv/slapd-*/errors And please post here an error why DS restart failed. Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http

Re: [Freeipa-users] Problems with failed upgrade: groups are not created

-install.log more details about this error? ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure attribute cn not allowed Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http

Re: [Freeipa-users] Antwort: Re: Upgrade fail 3.3.3 (rhel7) to 4.1 (rhel7.1)

there, it should not be bz1180325. But send the errors from DS log if there are any. Greetz Christoph Kaminski Von: Martin Basti mba...@redhat.com An: Christoph Kaminski christoph.kamin...@biotronik.com, freeipa-users@redhat.com Datum: 02.04.2015 17:25 Betreff: Re: [Freeipa-users] Upgrade fail

Re: [Freeipa-users] freeipa-server on Raspberry Pi 2

error occurs: CA did not start in 300.0s I might try to hack the services.py script but anyone got another suggestion? Kind regards, Winfried Op 02-04-15 om 13:38 schreef Martin Basti: On 02/04/15 12:53, Winfried de Heiden wrote: Hi all, Because I can try I gave a shot on installing freeipa

Re: [Freeipa-users] Replication failed

or telephone and immediately and permanently delete the message and any attachments. Thank you Hello, do you have synchronized time on both servers? Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go

Re: [Freeipa-users] Replication failed

seqnum=1 From which log is this? Regards Sanju Abraham Linux Admin From: Martin Basti mba...@redhat.com To: Sanju A sanj...@tcs.com, freeipa-users@redhat.com Date: 07-04-2015 16:53 Subject: Re: [Freeipa-users] Replication failed

Re: [Freeipa-users] pks error??

of this message? Which log? Can you send the log? Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] freeipa server upgrade from fedora 20 to fedora 22 glitches

fail, because /var/lib/pki/pki-tomcat/conf/ca/CS.cfg had the wrong owner (root). I saw this issue in containers as well, when upgrading from Fedora 21 to 22. Do we have a bugzilla / ticket filed? Do we need one? I don't think so, please file a ticket. -- Martin Basti -- Manage your subscription

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

was able to find all zones with new user on IPA 4.1. I just add the 'DNS administrators' privilege for the new user. Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

On 09/06/15 12:58, Martin Basti wrote: On 08/06/15 20:59, nat...@nathanpeters.com wrote: I am trying my best to figure out why any FreeIPA internal 'administrators' that I create cannot search DNS entries. The builtin admin user can search and get results for DNS entries just fine, but we

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

On 09/06/15 13:05, Martin Basti wrote: On 09/06/15 12:58, Martin Basti wrote: On 08/06/15 20:59, nat...@nathanpeters.com wrote: I am trying my best to figure out why any FreeIPA internal 'administrators' that I create cannot search DNS entries. The builtin admin user can search and get

Re: [Freeipa-users] Host don't update DNS

dynamic updates for the particular zone? What is your IPA version? Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] freeipa server upgrade from fedora 20 to fedora 22 glitches

. (Probably there will be old in 99user.ldif) Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ubuntu dns discovery

, this is weird, DNS record not found: EmptyLabel, this error returns python-dns when empty label is used in domain name. And here is empty label - _ldap._tcp..pp (two dots). But that doubled dot is not on line above and the error is the same, interesting. -- Martin Basti -- Manage your subscription

Re: [Freeipa-users] FreeIPA certificate for Outlook

On 08/18/2015 01:02 PM, Günther J. Niederwimmer wrote: Hello, is it possible to export a CA / certificate for a windows client outlook when yes, can any tell me the correct file? Thanks for a answer -- mit freundlichen Grüssen / best regards, Günther J. Niederwimmer Hi, IPA CA

Re: [Freeipa-users] Dns SOA MNAME not resolving from LDAP data

On 08/20/2015 01:48 PM, David Dejaeghere wrote: Hi, I noticed that changing the authoritarive nameserver in FreeIPA reflects correctly to its directory data but bind will not resolve the soa record with the updated mname details. For example I add a zone test.be http://test.be and change

Re: [Freeipa-users] Dns SOA MNAME not resolving from LDAP data

On 08/20/2015 02:22 PM, Martin Basti wrote: On 08/20/2015 01:48 PM, David Dejaeghere wrote: Hi, I noticed that changing the authoritarive nameserver in FreeIPA reflects correctly to its directory data but bind will not resolve the soa record with the updated mname details. For example I

Re: [Freeipa-users] Dns SOA MNAME not resolving from LDAP data

://fedorahosted.org/freeipa/ticket/5241 2015-08-20 15:09 GMT+02:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 08/20/2015 02:46 PM, David Dejaeghere wrote: confirmed working. Does this default value make any sense if this value is changeable in the UI and using

Re: [Freeipa-users] ipa-dnskeysyncd exited on failure state

-dnskeysyncd are stored in journalctl -u ipa-dnskeysyncd This error, or LDAP error may appear during restart, but it should not be often. Is your KDC working well? If you do not use DNSSEC you may safely ignore this error. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list

Re: [Freeipa-users] PTR record not adding to IPA DNS

...@gmail.com | Web: www.initd.in http://www.initd.in/ / / / /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/ https://www.fb.com/yks http://in.linkedin.com/in/yks https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus On Fri, Aug 14, 2015 at 3:45 PM, Martin Basti mba

Re: [Freeipa-users] PTR record not adding to IPA DNS

, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 08/14/2015 12:57 PM, Yogesh Sharma wrote: Forward zone: initd.int http://initd.int Reverse: 32.16.172.in-addr.arpa. https://ipa-inf-prd-ng2-01.klikpay.int/ipa/ui/#32.16.172.in-addr.arpa. CIDR of our DHCP

Re: [Freeipa-users] reverse DNS lookup does not work

On 08/11/2015 04:47 PM, Nikola Kržalić wrote: reverse DNS lookup stopped working after I broke some replication agreements (perhaps unrelated, but worth mentioning). Regular A records resolve fine. The records can be seen in LDAP (using ldapsearch with GSSAPI after kinit -t /etc/named.keytab):

Re: [Freeipa-users] IPA Client Unattended Registration Issue

On 08/14/2015 10:54 AM, Martin Basti wrote: On 08/14/2015 10:12 AM, Yogesh Sharma wrote: Hi, We use Chef to perform the basic system setup once we launch new server. We are updating our cookbook to include ipa-client-install once we run our base cookbook via chef-client. For unattended

Re: [Freeipa-users] IPA Client Unattended Registration Issue

On 08/14/2015 10:12 AM, Yogesh Sharma wrote: Hi, We use Chef to perform the basic system setup once we launch new server. We are updating our cookbook to include ipa-client-install once we run our base cookbook via chef-client. For unattended ipa-client installation, we are passing below

Re: [Freeipa-users] IPA Client Unattended Registration Issue

Please provide feedback if this (and which) solution works for you, this may help for other users too. Martin On 08/14/2015 11:02 AM, Martin Basti wrote: On 08/14/2015 10:54 AM, Martin Basti wrote: On 08/14/2015 10:12 AM, Yogesh Sharma wrote: Hi, We use Chef to perform the basic system

Re: [Freeipa-users] IPA Client Unattended Registration Issue [SOLVED]

://www.initd.in/ / / / /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/ https://www.fb.com/yks http://in.linkedin.com/in/yks https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus On Fri, Aug 14, 2015 at 5:20 PM, Martin Basti mba...@redhat.com mailto:mba

Re: [Freeipa-users] PTR record not adding to IPA DNS [SOLVED]

, RACKSPACE CLOUD U Certified/ https://www.fb.com/yks http://in.linkedin.com/in/yks https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus On Fri, Aug 14, 2015 at 4:52 PM, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 08/14/2015 01:13 PM

Re: [Freeipa-users] PTR record not adding to IPA DNS

On 08/14/2015 12:07 PM, Yogesh Sharma wrote: Hi, Upon client registration , PTR records are not getting added to reverse Zone in IPA DNS. /Best Regards,/ /__ / /Yogesh Sharma / /Email: yks0...@gmail.com mailto:yks0...@gmail.com | Web: www.initd.in

Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

in zones where the particular A/ records are? SSSD is able to update records. Please check if dyndns_update is set to true in sssd.conf. (man sssd-ipa) -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go

Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; You must use option --all ipa dnszone-show mydom.com --all Martin On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti

Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti mba...@redhat.com wrote: On 12/07/15 10:05, Sina Owolabi wrote: Hi I

Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

. On Tue, Jul 14, 2015 at 2:20 PM, Martin Basti mba...@redhat.com wrote: On 13/07/15 19:58, Sina Owolabi wrote: Hi Martin Yes all my sssd configs are set ipa_dyndns_update = True I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them. I've tried to set it in the very first zone

Re: [Freeipa-users] Reverse DNS and Forwarding

On 15/07/15 15:07, Nevada Sanchez wrote: On Wednesday, July 15, 2015, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 14/07/15 19:12, Nevada Sanchez wrote: I have FreeIPA setup as our primary DNS on an AWS VPC. I setup global forwarding ('Forward First') so

Re: [Freeipa-users] krb5kdc will not start (kerberos authentication error)

On 10.11.2015 15:53, Gronde, Christopher (Contractor) wrote: Ran into an error trying to set that # ldapmodify -a -D "cn=directory manager" -W Enter LDAP Password: dn: cn=config changetype: modify replace: nsslapd-acesslog-level nsslapd-acesslog-level: 260 it is nsslapd-accesslog-level

Re: [Freeipa-users] 389DS segfaults after upgrade FC 21 -> 22

On 11.11.2015 11:57, Torsten Harenberg wrote: Dear all, on our secondary IPA server (running 4.1.4) we did an upgrade of FC from 21 to 22, as 21 is running out of support. The upgrade process itself went smoothly, however, 386DS segfaults now: ns-slapd[1427]: segfault at 7fffe301413e ip

Re: [Freeipa-users] IPA Replication not working for User and DNS

On 30.10.2015 11:54, Yogesh Sharma wrote: Additionally, On Replica UI, I am getting below Error Message: IPA Error 4301: CertificateOperationError Certificate operation cannot be completed: Unable to communicate with CMS (Not Found) Hello, can you check /var/log/httpd/error_log

Re: [Freeipa-users] IPA Replication not working for User and DNS

On 02.11.2015 08:01, Yogesh Sharma wrote: Listening: [root@ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 636 Trying 172.16.32.10... Connected to ipa-inf-prd-ng2-01.klikpay.int . Escape character

Re: [Freeipa-users] Searching for things in the UI no longer seems to work, neither does ipa host-find or hostgroup-find after schema upgrade to dogtag 10

On 10/07/2015 09:49 AM, Alex Williams wrote: Hi guys, yesterday I finally managed to get our IPA3.0.0 servers in a state that I could upgrade the schema to dogtag 10, using the migration script and launched a new RHEL7.1 IPA4.1 server as a replica. Unfortunately, in both the new RHEL7.1

Re: [Freeipa-users] Upgrade of schema has broken permissions and now no one can authenticate if they have certain permissions

On 10/08/2015 03:23 PM, Alex Williams wrote: Hi folks, this one is becoming a bit of a major issue now. We upgraded one of our IPA3.0.0 servers to use the new dogtag schema over the last few days, then created an IPA4 replica from it successfully, upgraded the schema on a few more of the

Re: [Freeipa-users] Searching for things in the UI no longer seems to work, neither does ipa host-find or hostgroup-find after schema upgrade to dogtag 10

On 10/07/2015 12:28 PM, Martin Basti wrote: On 10/07/2015 12:10 PM, Alex Williams wrote: On 07/10/15 10:57, Martin Basti wrote: On 10/07/2015 11:23 AM, Alex Williams wrote: On 07/10/15 09:53, Martin Basti wrote: On 10/07/2015 09:49 AM, Alex Williams wrote: Hi guys, yesterday I

Re: [Freeipa-users] Searching for things in the UI no longer seems to work, neither does ipa host-find or hostgroup-find after schema upgrade to dogtag 10

On 10/07/2015 01:26 PM, Alex Williams wrote: On 07/10/15 11:31, Martin Basti wrote: On 10/07/2015 12:28 PM, Martin Basti wrote: On 10/07/2015 12:10 PM, Alex Williams wrote: On 07/10/15 10:57, Martin Basti wrote: On 10/07/2015 11:23 AM, Alex Williams wrote: On 07/10/15 09:53, Martin

  1   2   3   4   >