Re: [Freeipa-users] DNS views: request for comments

2013-10-22 Thread Martin Basti
the data for particular name from all record groups and then apply overrides for particular instance. It means a lot of bookkeeping after each change ... Proposal - variant 0 Do not implement it in bind-dyndb-ldap and wait if Martin Basti succeeds with his

Re: [Freeipa-users] DNS records not removed

2014-07-08 Thread Martin Basti
Hi, which version of IPA do you use? It looks like a bug. On 08/07/14 13:36, Stephen Benjamin wrote: Hi, When trying to delete a host with updatedns=true, it's not working - it can't find the records, but they do exist. Any ideas what's wrong? The records exist... [root@ipa01 httpd]# ipa

Re: [Freeipa-users] DNS records not removed

2014-07-09 Thread Martin Basti
On 09/07/14 11:27, Stephen Benjamin wrote: - Original Message - From: Martin Basti mba...@redhat.com To: Stephen Benjamin step...@redhat.com, freeipa-users@redhat.com Sent: Tuesday, July 8, 2014 3:50:22 PM Subject: Re: [Freeipa-users] DNS records not removed Hi, which version of IPA

Re: [Freeipa-users] [SOLVED] DNS records not removed

2014-07-09 Thread Martin Basti
On 09/07/14 12:41, Stephen Benjamin wrote: On Wed, Jul 09, 2014 at 12:05:04PM +0200, Martin Basti wrote: On 09/07/14 11:27, Stephen Benjamin wrote: - Original Message - From: Martin Basti mba...@redhat.com To: Stephen Benjamin step...@redhat.com, freeipa-users@redhat.com Sent: Tuesday

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Martin Basti
- I'm assuming the port (53) is correct for DNS here as well. Thank you very much, -m -- Red Hat Reference Architectures Follow Us:https://twitter.com/RedHatRefArch Plus Us:https://plus.google.com/u/0/b/114152126783830728030/ Like Us:https://www.facebook.com/rhrefarch -- Martin Basti

Re: [Freeipa-users] Correct syntax for round-robin DNS srv records

2014-07-22 Thread Martin Basti
Reference Architectures Follow Us:https://twitter.com/RedHatRefArch Plus Us:https://plus.google.com/u/0/b/114152126783830728030/ Like Us:https://www.facebook.com/rhrefarch -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo

Re: [Freeipa-users] Correct *usage* for round-robin DNS srv records

2014-07-23 Thread Martin Basti
) is correct for DNS here as well. What are you trying to achieve? The port number refers to port used by your application, not to DNS. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http

Re: [Freeipa-users] ipa-replica-prepare failed - could not create forward DNS zone

2014-09-09 Thread Martin Basti
-- Have you any idea about that? Or , is it an error? 10.1.1.183 is rep.ipa.grp (replica) 101.1.173 is srv.ipa.grp (IPA server) Hello, can you resolve the srv.ipa.grp. address? $ dig A srv.ipa.grp. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https

Re: [Freeipa-users] Error cretaing Replica

2014-09-09 Thread Martin Basti
not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go

Re: [Freeipa-users] Error cretaing Replica

2014-09-09 Thread Martin Basti
notify the sender and delete it from your system. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-27 Thread Martin Basti
On 27/10/14 18:53, John Obaterspok wrote: 2014-10-27 12:19 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 26/10/14 21:39, John Obaterspok wrote: Hi, I enabled mkosek-freeipa repo for F20 and updated freeipa-server from 3.3.5 to 4.1. The yum update

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-27 Thread Martin Basti
GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 27/10/14 18:53, John Obaterspok wrote: 2014-10-27 12:19 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 26/10/14 21:39, John Obaterspok wrote: Hi, I enabled

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-27 Thread Martin Basti
or not? are all services running? (ipactl status) are tokens created in /var/lib/ipa/dnssec/tokens can you dig records from IPA DNS? Martin^2 I haven't verified that it works, but I feel confident :) -- john 2014-10-27 20:09 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 27/10

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-27 Thread Martin Basti
Martin, -- john You are welcome :-) 2014-10-27 20:40 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 27/10/14 20:34, John Obaterspok wrote: hmm... Could not connect to the Directory Server So I started it with start-dirsrv since systemctl start ipa failed

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-28 Thread Martin Basti
: This entry already exists Hello Michael, can you send me which entries do you have in cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com, it looks like directory server doesn't generate uniqueID for keys. Do you have upgraded IPA or fresh installed? Martin^2 -- Martin Basti -- Manage your

Re: [Freeipa-users] dns stops working after upgrade

2014-10-28 Thread Martin Basti
to be running so if it isn't up, then it will fail to start too. rob Hello, Please which version of bind-dyndb-ldap do you have installed? -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-29 Thread Martin Basti
/28/14, 3:21 AM, Martin Basti wrote: On 28/10/14 06:14, Michael Lasevich wrote: Running into same thing, but running ipa-dnsinstall does not complete: = Configuring DNS (named) [1/8]: generating rndc key file WARNING: Your system is running out of entropy, you may

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Martin Basti
.fc20.x86_64.rpm from fedora 20 updates repo after the update its 6.0-5.fc20.x86_64.rpm from copr repo Regards Rob 2014-10-28 17:58 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Martin Basti
On 29/10/14 15:56, Martin Basti wrote: On 29/10/14 15:46, Rob Verduijn wrote: You're right duh I should read more carefully and not try to do to many things at once. when using the dns principal and keytab the entries are not found. How do i fix the access controll instructions ? I can

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Martin Basti
On 29/10/14 16:13, Martin Basti wrote: On 29/10/14 15:56, Martin Basti wrote: On 29/10/14 15:46, Rob Verduijn wrote: You're right duh I should read more carefully and not try to do to many things at once. when using the dns principal and keytab the entries are not found. How do i fix

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Martin Basti
with some debug options if you like so you can pinpoint what goes wrong with the update script if you like. Rob We know where the problem is, and we though we fixed it, but obviously some parts of problem persist. Thank you for your patience :-) 2014-10-29 16:13 GMT+01:00 Martin Basti mba

Re: [Freeipa-users] F20 Problem upgrading to 4.1

2014-10-30 Thread Martin Basti
,dc=my,dc=domain,dc=com entry, and run ipa-ldap-updater --upgrade, then reinstall DNS (rerun ipa-dns-install) Let me know if it works. On 10/29/14, 3:03 AM, Martin Basti wrote: On 28/10/14 20:54, Michael Lasevich wrote: I have a pair of servers that were both installed on clean Fedora20 4.0.1

Re: [Freeipa-users] Errors upgrading 4.0.1 to 4.1

2014-10-30 Thread Martin Basti
) == 0) failed Any help would be appreciated -M -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Errors upgrading 4.0.1 to 4.1

2014-10-30 Thread Martin Basti
On 30/10/14 19:18, Michael Lasevich wrote: Makes sense. What is the solution here? I have the latest 389-ds installed but still getting allowWeakCipher error - how to I get around that? -M Sorry I don't know, I CCied Ludwig, he is DS guru. Martin^2 On 10/30/14, 11:12 AM, Martin Basti

Re: [Freeipa-users] dns stops working after upgrade

2014-11-05 Thread Martin Basti
in upgrade process right now so there is not much to test except package dependencies. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https

Re: [Freeipa-users] dns stops working after upgrade

2014-11-05 Thread Martin Basti
,dc=thuis member: cn=Smart Proxy Host Management,cn=privileges,cn=pbac,dc=tjako,dc=thuis # search result search: 4 result: 0 Success # numResponses: 2 # numEntries: 1 2014-11-05 16:31 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: Hello, can you send content

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

2014-11-06 Thread Martin Basti
, dirserv was really slow. Can you send journalctl -b -u named log when dig doesn't work?? -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

[Freeipa-users] Fwd: Re: dns stops working after upgrade

2014-11-07 Thread Martin Basti
Forward message back to list Original Message Subject:Re: [Freeipa-users] dns stops working after upgrade Date: Thu, 6 Nov 2014 21:42:55 +0100 From: Rob Verduijn rob.verdu...@gmail.com To: Martin Basti mba...@redhat.com Hi again, I tried the update to 4.1.1

Re: [Freeipa-users] DS failed after upgrade

2014-11-07 Thread Martin Basti
Changed subject. Rob CCed On 07/11/14 09:52, Martin Basti wrote: Forward message back to list Original Message Subject:Re: [Freeipa-users] dns stops working after upgrade Date: Thu, 6 Nov 2014 21:42:55 +0100 From: Rob Verduijn rob.verdu...@gmail.com

Re: [Freeipa-users] DNS stops working after upgrade (was DS failed after upgrade)

2014-11-07 Thread Martin Basti
it. The are again only 7 DNS aci objects are still in the ds.( same as before when it failed ) I also noticed that there are also quite a lot lower case dns aci objects. Rob Hi, do you have any errors in /var/log/ipaupgrade.log ? 2014-11-07 10:25 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba

Re: [Freeipa-users] DNS stops working after upgrade (was DS failed after upgrade)

2014-11-07 Thread Martin Basti
2014-11-07T13:10:03Z DEBUG Live 1, updated 1 2014-11-07T13:10:03Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'desc': 'Operations error'} 2014-11-07T13:10:03Z ERROR Update failed: Operations error: That's it Rob 2014-11-07 13:56 GMT+01:00 Martin Basti mba...@redhat.com mailto:mba

Re: [Freeipa-users] Free ipa Configurations

2014-11-10 Thread Martin Basti
installation. Are you sure the forwarder is working? Can you resolve root zone using this forwarder? Workaround is to install server without --forwarder option, after installation you can add global forwarder using command dnsconfig-mod --forwarder=a.b.c.d HTH Martin^2 -- Martin Basti -- Manage

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

2014-11-11 Thread Martin Basti
more generic. Regards, Walter On Thu, Nov 6, 2014 at 5:00 PM, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 06/11/14 14:58, Walter van Lille wrote: Hi, I need some assistance please. I've taken over an IPA server to manage a few months ago

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

2014-11-11 Thread Martin Basti
/Nov/2014:13:57:08 +0200] - slapd_poll(78) timed out* * * * * * * On Tue, Nov 11, 2014 at 1:19 PM, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: IMHO It's DS bug, can you share DS error log? pspacek CCed to examine named logs. Martin^2 On 11/11/14 12:13, Walter

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

2014-11-11 Thread Martin Basti
On 11/11/14 15:58, Rich Megginson wrote: On 11/11/2014 06:20 AM, Ludwig Krispenz wrote: On 11/11/2014 02:14 PM, Martin Basti wrote: Ludiwg (CCed) this seems like old (fixed?) DS bug. hmm, it says limit is 2097152, so it already has the new setting, but the error message says the packet

Re: [Freeipa-users] DNS configuration

2014-12-02 Thread Martin Basti
systemctl status named (respectively journalctl -u named) -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] some problems after migrating from 3.0 to 3.3

2014-12-12 Thread Martin Basti
.localdomain.local Address: 192.168.1.92 IMO the behavior is expected, deleting old replica 'infra', should remove the DNS record of replica as well try following command to detect if there is the infra replica record in LDAP $ ipa dnsrecord-find localdomain.local -- Martin Basti -- Manage your

Re: [Freeipa-users] JSON error enrolling host (Fedora 21 / IPA 4.1.2)

2015-02-02 Thread Martin Basti
persist, please send journalctl -u named-pkcs11 log. Martin^2 -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] JSON error enrolling host (Fedora 21 / IPA 4.1.2)

2015-02-02 Thread Martin Basti
On 02/02/15 16:07, Martin Basti wrote: On 02/02/15 14:13, Gerardo Cuppari wrote: Hello! I am trying to enroll one host to my IPA server (4.1.2) and I am having one problem: the ipa-client-install script keeps giving me errors at the forwarding ping to json server step. My configuration

Re: [Freeipa-users] basic question on DNS configuration

2015-02-04 Thread Martin Basti
'internal.example.com' will be resolved. If I understand correctly, it is internal network, so you do not need public resolvable domain names. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org

Re: [Freeipa-users] JSON error enrolling host (Fedora 21 / IPA 4.1.2)

2015-02-04 Thread Martin Basti
2015-02-02 12:17 GMT-03:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 02/02/15 16:07, Martin Basti wrote: On 02/02/15 14:13, Gerardo Cuppari wrote: Hello! I am trying to enroll one host to my IPA server (4.1.2) and I am having one problem: the ipa-client-install

Re: [Freeipa-users] basic question on DNS configuration

2015-02-04 Thread Martin Basti
February 2015 at 10:34, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 03/02/15 16:52, Craig White wrote: *From:*freeipa-users-boun...@redhat.com mailto:freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Roberto

Re: [Freeipa-users] Having trouble running FreeIPA with SRV records on externally managed DNS

2015-01-20 Thread Martin Basti
the TXT record changed. Unfortunately I can't do it myself, so can't check this instantly, but I will see what happens... Thanks, Rob Hello, remove the trailing dot in TXT record, it could cause problems. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https

Re: [Freeipa-users] join error [solved]

2015-02-16 Thread Martin Basti
ipaclient-install.log. rob For record: Mohammad had his own compiled curl, which doesn't work with IPA. It works with the original one. Martin^2 *From:* Martin Basti mba...@redhat.com *To:* mohammad sereshki

Re: [Freeipa-users] Typo on Troubleshooting page

2015-02-16 Thread Martin Basti
and replica. Thanks, Dave Thank you, fixed. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] bug with ipa-replica and external dns?

2015-02-10 Thread Martin Basti
-276-5468 poste 135 Fax : 514-276-5465 7275 Saint Urbain Bureau 200 Montréal, QC, H2R 2Y5 Hello, configure A/ and reverse records for srv-idm7-02.hq.company.com on your external DNS Then run just ipa-replica-prepare srv-idm7-02.hq.company.com It should work. HTH -- Martin Basti

Re: [Freeipa-users] bug with ipa-replica and external dns? [SOLVED]

2015-02-10 Thread Martin Basti
for you. - Mail original - De: Nicolas Zin nicolas@savoirfairelinux.com À: Martin Basti mba...@redhat.com Cc: freeipa-users@redhat.com Envoyé: Mardi 10 Février 2015 14:14:13 Objet: Re: [Freeipa-users] bug with ipa-replica and external dns? - Mail original - De: Martin Basti mba

Re: [Freeipa-users] join error

2015-02-16 Thread Martin Basti
On 16/02/15 11:02, mohammad sereshki wrote: * Server auth using Basic with user '' Hello, It looks like anonymous user. Which version of IPA do you use? Did you specified right user with ability to enroll client? Martin^2 -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Configure also-notify for freeipa DNS zones

2015-01-08 Thread Martin Basti
the BIND also-notify option. How can I make my IPA DNS servers send notify's to my non-IPA slave servers so that zone transfers occur immediately after IPA zone updates? Thanks, Josh Maybe this will help. https://www.redhat.com/archives/freeipa-users/2014-September/msg00049.html -- Martin

Re: [Freeipa-users] DNS forwarders

2015-03-17 Thread Martin Basti
=8.8.4.4 --forwarder=8.8.8.8 ... or using webUI This setting will override configuration of forwarders in named.conf. I don't know if there are some historical reasons to configure forwarders only in named.conf during installation, do you know Petr? -- Martin Basti -- Manage your subscription

Re: [Freeipa-users] IPA 4.1.0 in RHEL 7.1

2015-03-12 Thread Martin Basti
server do you have in /etc/resolv.conf? IPA DNS server + configured DNS forward zone or do you have there AD IP address directly? Martin Basti (CCed) recently found an issue with this check and DNS forwarders IIRC. Hello, IPA tests forwarders, if they are able to return signed root zone

Re: [Freeipa-users] Errors while adding DNS Zone

2015-03-10 Thread Martin Basti
`: bad zone Hello, do you have proper NS delegation in example.com. zone? ipa dnsrecord-add example.com. xyz.example.com. --ns-rec=server2.xyz.example.com Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS

2015-03-30 Thread Martin Basti
. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] ipa-client-install failure

2015-03-23 Thread Martin Basti
for more info on the project -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Forward first not working

2015-02-25 Thread Martin Basti
are configured (name, delegation)? Default forwarding policy is first, IMO both of your examples with forwarding enabled are forwarding first policy. Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http

Re: [Freeipa-users] Forward first not working

2015-02-25 Thread Martin Basti
. Hall of Innovation Inductee/ https://www.youtube.com/user/BlackDuckSoftware On Feb 25, 2015, at 12:42 PM, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 25/02/15 17:59, Shaun Martin wrote: Hi, I am having an issue with the forward first not appear to be working. I have two

Re: [Freeipa-users] freeipa-server on Raspberry Pi 2

2015-04-02 Thread Martin Basti
, Winfried Hello, you can try: https://www.redhat.com/archives/freeipa-users/2015-April/msg00076.html -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] DNS lookups after replica(master) added

2015-04-22 Thread Martin Basti
on replicas? journalctl -u named or journalctl -u named-pkcs11 (depends on IPA version) Is /etc/resolv.conf configured properly on client? What kind of anonymous connections do you mind to DNS server? Standard DNS queries? nsupdate? Martin -- Martin Basti -- Manage your subscription for the Freeipa

Re: [Freeipa-users] Fw: Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

2015-04-27 Thread Martin Basti
://freeipa.org for more info on the project -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] FreeIPA SAML and Google Apps

2015-04-28 Thread Martin Basti
On 28/04/15 08:53, Andrew Holway wrote: Hi, Is it yet possible to use FreeIPA as an identity provider to Google Apps via SAML. I understand there was some project afoot Thanks, Andrew Maybe this would help. https://fedorahosted.org/ipsilon/ -- Martin Basti -- Manage your

Re: [Freeipa-users] Using CNAME to point to different domain name

2015-05-07 Thread Martin Basti
be set on that external server, IPA cannot help in this case. Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Using CNAME to point to different domain name [SOLVED]

2015-05-07 Thread Martin Basti
On 07/05/15 18:30, Andrey Ptashnik wrote: Hi Martin, Thank you for a catch! I just noticed that I was missing the dot you mentioned! Regards, Andrey From: Martin Basti mba...@redhat.com mailto:mba...@redhat.com Date: Thursday, May 7, 2015 at 2:37 AM To: Andrey Ptashnik aptash...@cccis.com

Re: [Freeipa-users] Configuration of CA failed

2015-05-14 Thread Martin Basti
On 14/05/15 13:54, Remigio Moncayo Serrano wrote: I fail to see the problem in the logs so I’m attaching the file here *De:*Martin Basti [mailto:mba...@redhat.com] *Enviado el:* jueves, 14 de mayo de 2015 13:05 *Para:* Remigio Moncayo Serrano; freeipa-users@redhat.com *Asunto:* Re: [Freeipa

Re: [Freeipa-users] Configuration of CA failed

2015-05-14 Thread Martin Basti
Hello, can you please check error logs of DS? /var/log/dirsrv/slapd-*/errors And please post here an error why DS restart failed. Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http

Re: [Freeipa-users] Problems with failed upgrade: groups are not created

2015-05-14 Thread Martin Basti
-install.log more details about this error? ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure attribute cn not allowed Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http

Re: [Freeipa-users] Antwort: Re: Upgrade fail 3.3.3 (rhel7) to 4.1 (rhel7.1)

2015-04-07 Thread Martin Basti
there, it should not be bz1180325. But send the errors from DS log if there are any. Greetz Christoph Kaminski Von: Martin Basti mba...@redhat.com An: Christoph Kaminski christoph.kamin...@biotronik.com, freeipa-users@redhat.com Datum: 02.04.2015 17:25 Betreff: Re: [Freeipa-users] Upgrade fail

Re: [Freeipa-users] freeipa-server on Raspberry Pi 2

2015-04-07 Thread Martin Basti
error occurs: CA did not start in 300.0s I might try to hack the services.py script but anyone got another suggestion? Kind regards, Winfried Op 02-04-15 om 13:38 schreef Martin Basti: On 02/04/15 12:53, Winfried de Heiden wrote: Hi all, Because I can try I gave a shot on installing freeipa

Re: [Freeipa-users] Replication failed

2015-04-07 Thread Martin Basti
or telephone and immediately and permanently delete the message and any attachments. Thank you Hello, do you have synchronized time on both servers? Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go

Re: [Freeipa-users] Replication failed

2015-04-07 Thread Martin Basti
seqnum=1 From which log is this? Regards Sanju Abraham Linux Admin From: Martin Basti mba...@redhat.com To: Sanju A sanj...@tcs.com, freeipa-users@redhat.com Date: 07-04-2015 16:53 Subject: Re: [Freeipa-users] Replication failed

Re: [Freeipa-users] pks error??

2015-04-02 Thread Martin Basti
of this message? Which log? Can you send the log? Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Upgrade fail 3.3.3 (rhel7) to 4.1 (rhel7.1)

2015-04-02 Thread Martin Basti
/slapd-INSTANCE/schema/01core389.ldif grep -i nsSchemaPolicy /etc/dirsrv/schema/01core389.ldif Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] freeipa server upgrade from fedora 20 to fedora 22 glitches

2015-06-02 Thread Martin Basti
fail, because /var/lib/pki/pki-tomcat/conf/ca/CS.cfg had the wrong owner (root). I saw this issue in containers as well, when upgrading from Fedora 21 to 22. Do we have a bugzilla / ticket filed? Do we need one? I don't think so, please file a ticket. -- Martin Basti -- Manage your subscription

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

2015-06-09 Thread Martin Basti
was able to find all zones with new user on IPA 4.1. I just add the 'DNS administrators' privilege for the new user. Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

2015-06-09 Thread Martin Basti
On 09/06/15 12:58, Martin Basti wrote: On 08/06/15 20:59, nat...@nathanpeters.com wrote: I am trying my best to figure out why any FreeIPA internal 'administrators' that I create cannot search DNS entries. The builtin admin user can search and get results for DNS entries just fine, but we

Re: [Freeipa-users] Internal FreeIPA Administrators cannot search DNS records

2015-06-09 Thread Martin Basti
On 09/06/15 13:05, Martin Basti wrote: On 09/06/15 12:58, Martin Basti wrote: On 08/06/15 20:59, nat...@nathanpeters.com wrote: I am trying my best to figure out why any FreeIPA internal 'administrators' that I create cannot search DNS entries. The builtin admin user can search and get

Re: [Freeipa-users] Host don't update DNS

2015-06-16 Thread Martin Basti
dynamic updates for the particular zone? What is your IPA version? Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] freeipa server upgrade from fedora 20 to fedora 22 glitches

2015-06-01 Thread Martin Basti
. (Probably there will be old in 99user.ldif) Martin -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ubuntu dns discovery

2015-05-22 Thread Martin Basti
, this is weird, DNS record not found: EmptyLabel, this error returns python-dns when empty label is used in domain name. And here is empty label - _ldap._tcp..pp (two dots). But that doubled dot is not on line above and the error is the same, interesting. -- Martin Basti -- Manage your subscription

Re: [Freeipa-users] FreeIPA certificate for Outlook

2015-08-18 Thread Martin Basti
On 08/18/2015 01:02 PM, Günther J. Niederwimmer wrote: Hello, is it possible to export a CA / certificate for a windows client outlook when yes, can any tell me the correct file? Thanks for a answer -- mit freundlichen Grüssen / best regards, Günther J. Niederwimmer Hi, IPA CA

Re: [Freeipa-users] Dns SOA MNAME not resolving from LDAP data

2015-08-20 Thread Martin Basti
On 08/20/2015 01:48 PM, David Dejaeghere wrote: Hi, I noticed that changing the authoritarive nameserver in FreeIPA reflects correctly to its directory data but bind will not resolve the soa record with the updated mname details. For example I add a zone test.be http://test.be and change

Re: [Freeipa-users] Dns SOA MNAME not resolving from LDAP data

2015-08-20 Thread Martin Basti
On 08/20/2015 02:22 PM, Martin Basti wrote: On 08/20/2015 01:48 PM, David Dejaeghere wrote: Hi, I noticed that changing the authoritarive nameserver in FreeIPA reflects correctly to its directory data but bind will not resolve the soa record with the updated mname details. For example I

Re: [Freeipa-users] Dns SOA MNAME not resolving from LDAP data

2015-08-20 Thread Martin Basti
://fedorahosted.org/freeipa/ticket/5241 2015-08-20 15:09 GMT+02:00 Martin Basti mba...@redhat.com mailto:mba...@redhat.com: On 08/20/2015 02:46 PM, David Dejaeghere wrote: confirmed working. Does this default value make any sense if this value is changeable in the UI and using

Re: [Freeipa-users] ipa-dnskeysyncd exited on failure state

2015-07-30 Thread Martin Basti
-dnskeysyncd are stored in journalctl -u ipa-dnskeysyncd This error, or LDAP error may appear during restart, but it should not be often. Is your KDC working well? If you do not use DNSSEC you may safely ignore this error. -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list

Re: [Freeipa-users] PTR record not adding to IPA DNS

2015-08-14 Thread Martin Basti
...@gmail.com | Web: www.initd.in http://www.initd.in/ / / / /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/ https://www.fb.com/yks http://in.linkedin.com/in/yks https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus On Fri, Aug 14, 2015 at 3:45 PM, Martin Basti mba

Re: [Freeipa-users] PTR record not adding to IPA DNS

2015-08-14 Thread Martin Basti
, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 08/14/2015 12:57 PM, Yogesh Sharma wrote: Forward zone: initd.int http://initd.int Reverse: 32.16.172.in-addr.arpa. https://ipa-inf-prd-ng2-01.klikpay.int/ipa/ui/#32.16.172.in-addr.arpa. CIDR of our DHCP

Re: [Freeipa-users] reverse DNS lookup does not work

2015-08-14 Thread Martin Basti
On 08/11/2015 04:47 PM, Nikola Kržalić wrote: reverse DNS lookup stopped working after I broke some replication agreements (perhaps unrelated, but worth mentioning). Regular A records resolve fine. The records can be seen in LDAP (using ldapsearch with GSSAPI after kinit -t /etc/named.keytab):

Re: [Freeipa-users] IPA Client Unattended Registration Issue

2015-08-14 Thread Martin Basti
On 08/14/2015 10:54 AM, Martin Basti wrote: On 08/14/2015 10:12 AM, Yogesh Sharma wrote: Hi, We use Chef to perform the basic system setup once we launch new server. We are updating our cookbook to include ipa-client-install once we run our base cookbook via chef-client. For unattended

Re: [Freeipa-users] IPA Client Unattended Registration Issue

2015-08-14 Thread Martin Basti
On 08/14/2015 10:12 AM, Yogesh Sharma wrote: Hi, We use Chef to perform the basic system setup once we launch new server. We are updating our cookbook to include ipa-client-install once we run our base cookbook via chef-client. For unattended ipa-client installation, we are passing below

Re: [Freeipa-users] IPA Client Unattended Registration Issue

2015-08-14 Thread Martin Basti
Please provide feedback if this (and which) solution works for you, this may help for other users too. Martin On 08/14/2015 11:02 AM, Martin Basti wrote: On 08/14/2015 10:54 AM, Martin Basti wrote: On 08/14/2015 10:12 AM, Yogesh Sharma wrote: Hi, We use Chef to perform the basic system

Re: [Freeipa-users] IPA Client Unattended Registration Issue [SOLVED]

2015-08-14 Thread Martin Basti
://www.initd.in/ / / / /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/ https://www.fb.com/yks http://in.linkedin.com/in/yks https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus On Fri, Aug 14, 2015 at 5:20 PM, Martin Basti mba...@redhat.com mailto:mba

Re: [Freeipa-users] PTR record not adding to IPA DNS [SOLVED]

2015-08-14 Thread Martin Basti
, RACKSPACE CLOUD U Certified/ https://www.fb.com/yks http://in.linkedin.com/in/yks https://twitter.com/checkwithyogesh http://google.com/+YogeshSharmaOnGooglePlus On Fri, Aug 14, 2015 at 4:52 PM, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 08/14/2015 01:13 PM

Re: [Freeipa-users] PTR record not adding to IPA DNS

2015-08-14 Thread Martin Basti
On 08/14/2015 12:07 PM, Yogesh Sharma wrote: Hi, Upon client registration , PTR records are not getting added to reverse Zone in IPA DNS. /Best Regards,/ /__ / /Yogesh Sharma / /Email: yks0...@gmail.com mailto:yks0...@gmail.com | Web: www.initd.in

Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

2015-07-13 Thread Martin Basti
in zones where the particular A/ records are? SSSD is able to update records. Please check if dyndns_update is set to true in sssd.conf. (man sssd-ipa) -- Martin Basti -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go

Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

2015-07-14 Thread Martin Basti
address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; You must use option --all ipa dnszone-show mydom.com --all Martin On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti

Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

2015-07-14 Thread Martin Basti
address: hostmaster.mydom.com. SOA serial: 1436799166 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; On Mon, Jul 13, 2015 at 11:20 AM, Martin Basti mba...@redhat.com wrote: On 12/07/15 10:05, Sina Owolabi wrote: Hi I

Re: [Freeipa-users] Force IPA client Reverse Zone Dynamic Updates

2015-07-14 Thread Martin Basti
. On Tue, Jul 14, 2015 at 2:20 PM, Martin Basti mba...@redhat.com wrote: On 13/07/15 19:58, Sina Owolabi wrote: Hi Martin Yes all my sssd configs are set ipa_dyndns_update = True I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them. I've tried to set it in the very first zone

Re: [Freeipa-users] Reverse DNS and Forwarding

2015-07-15 Thread Martin Basti
-Founder, ASIC Design Team Lead http://www.butterflynetinc.com/ tel: 203.689.5650 x314 | mobile: 775.863.8726 Come join us http://www.4combinator.com/#opportunities and put a dent in the universe! Hello, do you have any reverse zones configured on IPA DNS? (with suffix 10.in-addr.arpa)? -- Martin

Re: [Freeipa-users] Reverse DNS and Forwarding

2015-07-15 Thread Martin Basti
On 15/07/15 15:07, Nevada Sanchez wrote: On Wednesday, July 15, 2015, Martin Basti mba...@redhat.com mailto:mba...@redhat.com wrote: On 14/07/15 19:12, Nevada Sanchez wrote: I have FreeIPA setup as our primary DNS on an AWS VPC. I setup global forwarding ('Forward First') so

Re: [Freeipa-users] krb5kdc will not start (kerberos authentication error)

2015-11-10 Thread Martin Basti
On 10.11.2015 15:53, Gronde, Christopher (Contractor) wrote: Ran into an error trying to set that # ldapmodify -a -D "cn=directory manager" -W Enter LDAP Password: dn: cn=config changetype: modify replace: nsslapd-acesslog-level nsslapd-acesslog-level: 260 it is nsslapd-accesslog-level

Re: [Freeipa-users] 389DS segfaults after upgrade FC 21 -> 22

2015-11-11 Thread Martin Basti
On 11.11.2015 11:57, Torsten Harenberg wrote: Dear all, on our secondary IPA server (running 4.1.4) we did an upgrade of FC from 21 to 22, as 21 is running out of support. The upgrade process itself went smoothly, however, 386DS segfaults now: ns-slapd[1427]: segfault at 7fffe301413e ip

  1   2   3   4   >