]
There are no messages that relate to the connection in event viewer and
nothing other then [-11 - System error] in any of the freeIPA log files.
Thanks
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa
Hi,
Any ideas on where to look for more information? I have been unable to
make any progress on this.
Thanks
On 22/05/2012 10:18, Matt wrote:
Hi,
I am attempting to run replication between Windows AD (2008R2) and a
FreeIPA (2.2.0) server (fc-17) in a test setup.
I have bound FreeIPA
On 29/05/2012 23:15, Rob Crittenden wrote:
Rob Crittenden wrote:
Matt wrote:
Hi,
Any ideas on where to look for more information? I have been unable to
make any progress on this.
Thanks
On 22/05/2012 10:18, Matt wrote:
Hi,
I am attempting to run replication between Windows AD (2008R2
James,
Is this in RHEL based systems only ? On Ubuntu there seems to be still
issues.
A full printout of the config file(s) would be nice to see as most people
write other things down they have working, but the working ones don't write
their full config down.
Thanks.
Cheers,
Matt
2013/6/14
westill need the user_add (and so on).
Has anyone some sort of sample/howto for this ?
Thanks in advance.
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi Alexander,
That is great!
I hope that someone can find this topic and use it as reference as it tool
us some time to find the other one :)
Thanks!
Cheers,
Matt
2013/7/29 Alexander Bokovoy aboko...@redhat.com
Hi Matt,
On Mon, 29 Jul 2013, Matt . wrote:
Hi all,
Refering
.
Something simple must be wrong I guess.
Thanks so far for the effort!
Cheers,
Matt
2013/7/29 Alexander Bokovoy aboko...@redhat.com
Hi!
On Mon, 29 Jul 2013, Matt . wrote:
Hi Alexander,
That is great!
I hope that someone can find this topic and use it as reference as it tool
us some
exectured from a php script to add a
user with user_add.
More details about that are welcome.
Thanks!
Cheers,
Matt
2013/7/30 Dmitri Pal d...@redhat.com
On 07/29/2013 03:02 PM, Alexander Bokovoy wrote:
Hi!
On Mon, 29 Jul 2013, Matt . wrote:
Hi Alexander,
That is great!
I hope
.
After this you can run a curl script from the commandline with a
add_user and actually add that user to IPA. So that works.
That is what we actually want to do from PHP but testing this with a
HTTP/HTTPD user in IPA doesn't work.
Shouldn't that be possible ?
I hope so!
Cheers,
Matt
2013/7/26
the feeling
I'm missing something here.
I hope someone can help me out!
Thanks!
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi All,
Is a wildcard DNS record supported at the moment ?
If so, how to accomplish this ?
Thanks!
Matt
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi Martin,
I have seen it indeed and discusses on #freeipa
Is it not possible to install bind-dyndb-ldap 4.0 manually on CentOS 6.5 ?
Cheers,
Mattt
2014-05-23 13:57 GMT+02:00 Martin Kosek mko...@redhat.com:
On 05/23/2014 12:15 PM, Matt . wrote:
Hi All,
Is a wildcard DNS record
OK, but I wonder where I can remove that * check in IPA... it must be
somewhere in a template I think.
2014-05-23 15:50 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 23.5.2014 15:46, Martin Kosek wrote:
On 05/23/2014 03:44 PM, Petr Spacek wrote:
On 23.5.2014 13:59, Matt . wrote:
Hi Martin
Indeed!
2014-05-23 20:33 GMT+02:00 Dmitri Pal d...@redhat.com:
On 05/23/2014 09:52 AM, Matt . wrote:
OK, but I wonder where I can remove that * check in IPA... it must be
somewhere in a template I think.
You mean you want to contribute to the IPA code to change the validator to
allow
Hi All,
Is it possible in some way to automount a WebDav share to a Ubuntu
Client when a user logings in on the commandline ?
I'm only able to use WebDav on these machines.
I hope this is solvable.
Cheers,
Matt
___
Freeipa-users mailing list
Hi,
Thanks for that quick search, I wasn't searching on autofs.
I will let you know!
Cheers,
Matt
2014-06-09 12:24 GMT+02:00 Natxo Asenjo natxo.ase...@gmail.com:
On Mon, Jun 9, 2014 at 12:16 PM, Matt . yamakasi@gmail.com wrote:
Hi All,
Is it possible in some way to automount
Hi,
I'm only concerned about how to pass the password in this one... it
seesm to be hardcoded and I would like to have it used by
ldap/freeipa.
Cheers,
Matt
2014-06-09 12:35 GMT+02:00 Matt . yamakasi@gmail.com:
Hi,
Thanks for that quick search, I wasn't searching on autofs.
I will let
Hi,
Yes this is happening, or should with:
share -fstype=davfs,user,rw,dir_mode=0777,file_mode=0666
http://webdavserver//webdav
But it doesn't connect, or I don't see any logs about it.
Ab on IRC tested this and it should work, but I'm missing something I think.
Cheers,
Matt
2014-06-09 13
OK, it seems that GSSAPI is key here, now I need to find out if I need
something extra for GSSAPI on the WebDav Server.
2014-06-10 11:10 GMT+02:00 Matt . yamakasi@gmail.com:
Hi,
Yes this is happening, or should with:
share -fstype=davfs,user,rw,dir_mode=0777,file_mode=0666
http
Anyone some news on this ? I'm kinda stuck with the normal webdav
mount howto's I find.
2014-06-10 22:03 GMT+02:00 Matt . yamakasi@gmail.com:
OK, it seems that GSSAPI is key here, now I need to find out if I need
something extra for GSSAPI on the WebDav Server.
2014-06-10 11:10 GMT+02:00
]
Restarting HTTP Service
Stopping httpd:[ OK ]
Starting httpd:[ OK ]
I hope someone can help me out!
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com
Hi,
I got this solved but the replica doesn't do it's forwards on the
zone's it need to foreward for, the master with the same settings
does.
I have done a new install but the same happens.
WHat could be wrong here ?
Cheers,
Matt
2014-08-04 10:13 GMT+02:00 Martin Kosek mko...@redhat.com
Hi,
Sorry, my fault, there was a FW fule in between.
Thanks for the heads up.
Matt
2014-08-07 14:53 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 5.8.2014 11:24, Matt . wrote:
Hi,
I got this solved but the replica doesn't do it's forwards on the
zone's it need to foreward for, the master
I remove it it
can login again.
Removing uid@sub.domain.local and only having n...@domain.tld doesn't
work either.
Anyone an idea how I can set uid@sub.domain.local bind a primary ?
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman
Hi Dimitri,
What do you mean by how ? Can you be more specific what you want to know ?
2014-11-21 23:42 GMT+01:00 Dmitri Pal d...@redhat.com:
On 11/20/2014 09:15 PM, Matt . wrote:
Hi Guys,
For authenticating a user in Kolab I need uid@sub.domain.local as
emailaddress, but as my user
(__FILE__));
}
?
Does this help you some ?
2014-11-22 0:31 GMT+01:00 Dmitri Pal d...@redhat.com:
On 11/21/2014 06:04 PM, Matt . wrote:
Hi Dimitri,
What do you mean by how ? Can you be more specific what you want to know ?
How Kolab is connecting to IPA?
LDAP ? Kerberos? Direcly
HI,
Yes and that doesn't let me login... that's the issue.
2014-11-22 1:45 GMT+01:00 Dmitri Pal d...@redhat.com:
On 11/21/2014 07:12 PM, Matt . wrote:
HI Dimitri,
Thanks, but it seems following the kolab devs that if kolab cannot
determine the base dn, the other two do not matter.
So
I need to say, saslauth caches it, didn't restart that one actually as
it's kinda late!
2014-11-22 1:55 GMT+01:00 Matt . yamakasi@gmail.com:
HI,
Yes and that doesn't let me login... that's the issue.
2014-11-22 1:45 GMT+01:00 Dmitri Pal d...@redhat.com:
On 11/21/2014 07:12 PM, Matt
/ldap/mydestination.cf
But when I do a postmap check on this cf with domain.tld that gives a
match, as it should...
So that might need some modification ?
2014-11-22 2:14 GMT+01:00 Dmitri Pal d...@redhat.com:
On 11/21/2014 07:57 PM, Matt . wrote:
I need to say, saslauth caches it, didn't
Hi All,
I see it's possible to add an extra field to a user by creating a new
userobjectclass.
The issue is that this field is not yet @ the user, but can we create it here ?
/usr/lib/python2.6/site-packages/ipalib/plugins/user.py
Any direction would be great!
Thanks,
Matt
--
Manage your
Hi Dimitri,
I need to use multiple email adresses, but not under mail, mail needs
to be primary.
I have seen I can add mailAttribute ?
I need to have them as field, and the best would be something like
alias1, alias2, aliasX
Would be doable ?
Cheers,
Matt
2014-11-24 17:51 GMT+01:00 Dmitri
Hi,
I need to make sure I have a primary one which is mail, the other ones
should not matter, but I think it's wiser to have it like I know what
is where.
The reason why I need to is because I'm using Kolab which needs at
least a primary mail attribute.
Cheers,
Matt
2014-11-24 19:22 GMT+01:00
bug in 4.x ?
And can I fix it ?
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
HI,
I'm already doing so without any luck. If you remember something,
would be nice to know!
So it should be possible to do still ?
2015-02-05 14:26 GMT+01:00 Dmitri Pal d...@redhat.com:
On 02/05/2015 07:59 AM, Matt . wrote:
Hi,
OK, but as far as I understand we made some change, using
those days that it seems to be lost or so.
Thanks,
Matt
2015-02-05 13:21 GMT+01:00 Dmitri Pal d...@redhat.com:
On 02/05/2015 05:54 AM, Matt . wrote:
In the past we have done some testsetups with password expiring after
we added a user, at the moment I have difficulties with this on 4.1.2
What
calcuation...
I need the global kerberos calculation time for that, but where is it located ?
That would solve my issue for sure!
On 02/05/2015 08:32 AM, Matt . wrote:
HI,
I'm already doing so without any luck. If you remember something,
would be nice to know!
So it should be possible
OK this works out good, I can login without changing my password directly.
But my expire is still on a day which should be set higer.
min is on 0 everywhere, max is 90 days.
How to accomplish that ?
2015-02-05 17:13 GMT+01:00 Matt . yamakasi@gmail.com:
Yes, when receiving your email I
Yes, when receiving your email I found that indeed. My ldapEditor
doesn't allow me to add that value, so this need to be done using the
commandline ?
2015-02-05 15:03 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
HI,
I'm already doing so without any luck. If you remember
Isn't this documented well (yet) ?
The RH docs are always very detailed about it, but I'm not sure
here... I see solutions but not 100% from A to Z to make sure we do it
the proper way.
2015-03-12 16:59 GMT+01:00 Matt . yamakasi@gmail.com:
Not worried, I need to try.
I think it's
The right way to sequest a SAN, this seems to need some extra config file ?
2015-03-19 15:04 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
Isn't this documented well (yet) ?
Is what documented yet?
rob
The RH docs are always very detailed about it, but I'm not sure
here
Hi,
But as the user is the same, I could use the same keytab for each ipa server ?
I need to use the API indeed, so need to issue the http service.
Any other options ?
2015-03-06 14:24 GMT+01:00 Petr Spacek pspa...@redhat.com:
On 6.3.2015 14:08, Martin Kosek wrote:
I'm figuring out how to
it more clear ?
2015-03-06 15:31 GMT+01:00 Petr Spacek pspa...@redhat.com:
On 6.3.2015 15:13, Matt . wrote:
Hi,
But as the user is the same, I could use the same keytab for each ipa server
?
I need to use the API indeed, so need to issue the http service.
Any other options ?
I do not really
!
Cheers,
Matthijs
2015-03-06 16:16 GMT+01:00 Petr Spacek pspa...@redhat.com:
On 6.3.2015 15:39, Matt . wrote:
I have 2 IPA servers where I kinit to and post to the api using curl/json.
If we are talking purely about scripting, you can use IPA Python API. It will
handle fail over for you even
Hi,
I'm figuring out how to regenerate the webserver certificates so I can
use a loadbalancer in front of my ipa servers.
I see in the docs there is information about this, but not for the
webservice. Does anyone have some directions ?
Thanks.
Matt
--
Manage your subscription for the Freeipa
proceed ? I
added the host like
ldap.domain... where my ldap servers are ldap-01 and ldap-02
Thanks!
Matt
2015-03-06 14:08 GMT+01:00 Martin Kosek mko...@redhat.com:
On 03/06/2015 01:30 PM, Matt . wrote:
Hi,
I'm figuring out how to regenerate the webserver certificates so I can
use
doing these command
from PHP for an example. Building in extra checks in front could be
done but it not ideal as a loadbalancer can handle such things much
better.
Thanks!
Cheers,
Matt
2015-03-06 16:41 GMT+01:00 Dmitri Pal d...@redhat.com:
On 03/06/2015 10:24 AM, Matt . wrote:
Hi,
I'm
Hi,
I will balance with IP persistance so I think there won't be any
mixing as long as that used server is online.
2015-03-06 19:16 GMT+01:00 Dmitri Pal d...@redhat.com:
On 03/06/2015 11:05 AM, Matt . wrote:
OK, understood.
But when a webservice does execute a command (from scripting
?
2015-03-07 10:37 GMT+01:00 Matt . yamakasi@gmail.com:
Hi,
I will balance with IP persistance so I think there won't be any
mixing as long as that used server is online.
2015-03-06 19:16 GMT+01:00 Dmitri Pal d...@redhat.com:
On 03/06/2015 11:05 AM, Matt . wrote:
OK, understood
Hi Guys,
Is Rob able to look at this ? I hope he has some sparetime as I'm
kinda stuck with this issue.
Thanks!
2015-03-08 12:30 GMT+01:00 Matt . yamakasi@gmail.com:
I'm reviewing some things.
When I'm using a loadbalancer, which I prefer in this setup I need to
have the same
When digging around I see this documentation:
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/load-balancing.html
I would except that server.example.com is not going to be accepted by
IPA when you visit the webgui like that ?
2015-03-26 1:57 GMT+01:00 Matt . yamakasi
and curl against
ldap-01.domain and I'm accepted and can execute stuff.
My ssl is OK, ticket also it seems.
Thanks M.
Op 30 mrt. 2015 03:50 schreef Dmitri Pal d...@redhat.com:
On 03/29/2015 04:47 AM, Matt . wrote:
Hi Guys,
Now my Certification issues are solved for using a loadbalancer in
front
...@redhat.com:
On Mon, Mar 30, 2015 at 04:56:11AM +0200, Matt . wrote:
Hi,
I just tot home and typing from my cell so i'm suite short in words
Create keytab for ldap-01.domain
Kinit with that to ldap.domain
Curl against ldap.domain
Get a 301 which I manage from curl (goes well)
Get kerberos
GMT+02:00 Matt . yamakasi@gmail.com:
Hi,
I tried to trace some stuff but this doesn't give me much more info.
What I see at the moment in the /var/log/httpd/acces_log is exactly
what happens but without the info I need to get a better view:
10.10.0.121 - - [30/Mar/2015:22:22:58 +0200
GMT+02:00 Sumit Bose sb...@redhat.com:
On Tue, Mar 31, 2015 at 11:02:24AM +0200, Matt . wrote:
On my client I still see:
03/31/2015 11:00:08 04/01/2015 11:00:07 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
03/31/2015 11:00:09 04/01/2015 11:00:07
HTTP/ldap-01.domain.local@DOMAIN.LOCAL
Should ldap-01
}) 10.10.0.121: ISSUE: authtime 1427794491,
etypes {rep=18 tkt=18 ses=18}, kinituser@DOMAIN.LOCAL for
HTTP/ldap-01.domain.local@DOMAIN.LOCAL
I don't get the preauth needed, does it have anything todo with the
301 redirect which I follow with CURL ?
2015-03-31 11:15 GMT+02:00 Matt . yamakasi
OK, also understood.
Next item why I don't get any logging or it's not working as espected.
I'm actually out of options to be honest.
2015-03-31 11:54 GMT+02:00 Sumit Bose sb...@redhat.com:
On Tue, Mar 31, 2015 at 11:38:30AM +0200, Matt . wrote:
Here some extra logging from the kerberos log
HI Phasant,
Check my mailings about it, it's not easy at least the kerberos part
not, SRV records are used for that normally.
Are you talking about the webgui or the ldap part ?
Cheers,
Matt
2015-03-31 13:56 GMT+02:00 Prashant Bapat prash...@apigee.com:
Hi,
I'm trying to get 2 FreeIPA
script to ldap-01.domain.tld
after it failed my ticket is OK for ldap-01.domain.tld and works.
Is this enough information for you ?
Cheers,
Matt
2015-03-31 14:21 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 31.3.2015 14:02, Matt . wrote:
HI Phasant,
Check my mailings about it, it's not easy
fixing this saves me really much more time than doing the another way.
Thanks!
Matt
2015-03-31 16:24 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 31.3.2015 16:10, Matt . wrote:
HI Petr,
We had a several of reasons why we did that. We wanted to use one
language for that, and also have formatted
it seems... it cannot be hard to make that accepted I would
say.
I'm still looking for solutions :)
Cheers,
Matt
2015-03-31 15:58 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 31.3.2015 15:23, Matt . wrote:
Hi Petr,
We discussed that before indeed, but SRV is not usable in this case.
My
we can get this fixed :)
Thanks!
Matt
2015-03-31 17:41 GMT+02:00 Brendan Kearney bpk...@gmail.com:
On Tue, 2015-03-31 at 11:07 -0400, Dmitri Pal wrote:
On 03/31/2015 10:38 AM, Matt . wrote:
True, but we have some extra later between which does the cli command
not usable (at least
to investigate as that server is running fine).
Get the idea ?
Thanks again!
Matt
2015-03-31 17:58 GMT+02:00 Brendan Kearney bpk...@gmail.com:
On Tue, 2015-03-31 at 17:51 +0200, Matt . wrote:
Hi Brendan,
Yes thanks for your great explanation, I have done that indeed. But in
some strange way
OK, but we need to do this using IPA or (as IPA does some things
different it seems).
Anyone testing this perhaps ? (/me is multitasking atm)
2015-03-31 20:22 GMT+02:00 Rob Crittenden rcrit...@redhat.com:
Brendan Kearney wrote:
On Tue, 2015-03-31 at 13:54 -0400, Simo Sorce wrote:
On Tue,
something more clear.
2015-03-31 19:29 GMT+02:00 Brendan Kearney bpk...@gmail.com:
On Tue, 2015-03-31 at 18:18 +0200, Matt . wrote:
OK, that makes it even more clear.
an ldapwhoami might be an issue. As this client is known on a
different ldap server and I kinit to another ldap server
Simo,
Yes that was where I was thinking of also, so you say faking by DNS ?
@Brendan, cnames are not that nice in networks indeed.
2015-03-31 20:10 GMT+02:00 Brendan Kearney bpk...@gmail.com:
On Tue, 2015-03-31 at 13:54 -0400, Simo Sorce wrote:
On Tue, 2015-03-31 at 13:50 -0400, Simo Sorce
Hi Petr,
We discussed that before indeed, but SRV is not usable in this case.
My clients are just webservers (apache) doing some executes of CURL
commands to ipa/json, actually the same commands as the webgui does
using json, but we curl it.
Do you have a better view now ?
Cheers,
Matt
2015
under the
altnames for HTTP/ldap-01 but there is indeed no ldap-01 as altname
but only on the certificate itself.
2015-03-26 16:48 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
HI Rob,
Yes something is wrong there I guess.
In any case, it doesn't apply to what you're trying to do
Hi Rob,
Thanks for the explanation. I understand your solution, I just thought
that was the dirty way :)
Thanks for your effort!
Cheers,
Matt
2015-03-27 18:57 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
I'm almost there but what happens when I regenerate a certificate
HI Rob,
Yes something is wrong there I guess.
But still, I actually need to add a SAN to the webserver cert, which
is different I think than the services at least.
So the question there is... how ?
Cheers,
Matt
2015-03-26 14:50 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote
Hi Rob,
Thank you very much!
I think this will work out as it's only https traffic.
I will report back!
Thanks a lot!
Matt
2015-03-26 16:48 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
HI Rob,
Yes something is wrong there I guess.
In any case, it doesn't apply to what
day, servers that chedck if they
are registered for SSSD so that it logs it is normal, but I want to
get rid of it I guess.
I'm throwing out I think about 6GB per day of logs, all loglevels are low.
Any idea ?
It's 3.x on CentOS 6.6
Any idea ?
Thanks Matt
--
Manage your subscription
|:443... connected.
ERROR: no certificate subject alternative name matches
requested host name 'ldap-01.domain.tld'.
To connect to ldap-01.domain.tld insecurely, use `--no-check-certificate'.
2015-03-26 20:43 GMT+01:00 Matt . yamakasi@gmail.com:
Hi Rob,
Thank you very much!
I think
OK some new update:
When I do a curl -k https://ldap.domain.tld/ipa/config/ca.crt I get a
301 to https://ldap-01.core.prod.msp.cullie.local/ipa/config/ca.crt
But when I visit the https://ldap.domain.tld/ipa/config/ca.crt with my
browser it just works fine.
2015-03-26 22:11 GMT+01:00 Matt
no clue.
Thanks,
Matt
2015-03-26 23:01 GMT+01:00 Dmitri Pal d...@redhat.com:
On 03/26/2015 05:37 PM, Matt . wrote:
Hi Guys,
I'm facing every day a fast filling log of:
/var/log/krb5kdc.log
/var/log/dirsrv/slapd-DOMAIN/access*
I need to remove the files and restart ipa. The kerberos log
the ca.crt from /etc/ipa/ca.crt and
the one I generated in the same file. I need to have them both in my
curl certificate.
I might be wrong here, but this is where I'm at.
Thanks again for your patience.
Matt
2015-03-20 15:39 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote
Rob,
I just saw your message on IRC from a couple of hours ago... timedifference ;)
Thanks,
Matt
2015-03-28 10:17 GMT+01:00 Matt . yamakasi@gmail.com:
Rob,
As I was responding a little bit late last night, the following come to mind.
As you say I need to request my cert with two names
access ldap-01 directly it complains @ the services
tab on some servicehosts that are in there, and some not.
I think this is not a simple PTR or A record fix, I'm curious how to do.
Cheers,
Matt
2015-03-27 18:57 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
I'm almost there but what
script you also see a ticket coming back from the ipa
server itself.
I have seen some mailings from last year too with no solution... it
seems to be a showstopper on that part :(
2015-04-01 20:41 GMT+02:00 Matt . yamakasi@gmail.com:
Hi,
I'm not gicing up on this, so I'm testing.
I'm
to get some advice here.
Thanks!
Matt
2015-03-31 21:23 GMT+02:00 Matt . yamakasi@gmail.com:
OK, but we need to do this using IPA or (as IPA does some things
different it seems).
Anyone testing this perhaps ? (/me is multitasking atm)
2015-03-31 20:22 GMT+02:00 Rob Crittenden rcrit
[caseIgnoreIA5SubstringsMatch] is not compatible with
the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[ OK ]
So the error on the replica is not that strange, but how to fix this
on the master ?
Matt
2015-06-22 15:59 GMT+02:00 Hendrik Frenzel
and finally go from there.
But what is the best way to set my hostnames back to ipa-01 from
ipa-01-1 (and maybe ipa-02-1) ?
I hope for some good suggestions.
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go
Hi,
Not yet, I'm busy with it right now.
I created a bugreport where I'm checking the reference bugs now, but I
didn't saw a solution that fast.
https://bugzilla.redhat.com/show_bug.cgi?id=1235766
I did do point 3 4.
Matt
2015-06-27 15:27 GMT+02:00 Dmitri Pal d...@redhat.com:
On 06/23/2015
doing somethin wrong ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Anyone some suggestions about this ?
I'm thinking about adding from my second 3.x master where I first need
to split that cluster to make that happen.
2015-06-22 22:57 GMT+02:00 Matt . yamakasi@gmail.com:
OK,
I'm on the go here but I have some issue.
When I install the replica server
might be something if I want to go this way.
Thanks!
Matt
2015-06-29 15:37 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 29.6.2015 14:07, Matt . wrote:
Hi Petr,
Bot servers have zone:
domain.tld
Server1 (192.168.1.1) has:
domain.tld
foo A 192.168.1.10
bar A 192.168.1.20
Server2
an
answer.
I thought this was working but isn't and following your table it should.
What are my options ?
Thanks,
Matt
2015-06-29 11:20 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 27.6.2015 19:06, Matt . wrote:
Hi All,
When I add a forwarder with policy to forward first, there is only
.centos.x86_64
It would also be great if this is possible between IPA 3 and 4.
Thanks for your help so far!
Cheers,
Matt
2015-06-29 13:44 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 29.6.2015 13:16, Matt . wrote:
Hi,
The zones are on both servers, just not all records are, this has a
reason. One
need to be added manually to the non-managed server.
2015-06-29 17:11 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 29.6.2015 16:10, Matt . wrote:
Hi Petr,
Yes I understand why this is not possible. The idea was to have a
managed DNS server from scripting and one for other usage by clients
at
the moment.
Thanks again for the heads up!
Matt
2015-06-29 18:26 GMT+02:00 Petr Spacek pspa...@redhat.com:
On 29.6.2015 18:22, Matt . wrote:
Hi,
Because it can happen that hostnames are used twice, but one for each
network.
This sounds a little bit odd, but it has something todo
as this user the password is
expired or damaged but still says in the GUI it expires in 2035
Actual results:
The password expires it get's currupted or so ?
Expected results:
It should not expire until 2035!
I hope someone has a clue here as I can't get anything logged about it.
Thanks,
Matt
Rob,
Isn't it impossible to install a CA on a replica when it's master died ?
I know there is normally one CA, but this is kinda confusing me so I'm
testing out scenarios.
Thanks,
Matt
2015-07-06 18:10 GMT+02:00 Matt . yamakasi@gmail.com:
Hi Rob,
OK, I had difficulties
installation between 2
servers which only has one CA.
Discussing this with Simo on IRC it seems to be some nice writing to
have in the docs and now I found out... I'm trying to create this
using my tests.
But some unclear things have to be made clear first.
Cheers,
Matt
2015-07-06 19:01 GMT+02
of that I can setup a replica again.
What is my best approach to test this ?
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
DOMAIN\username
as username
So, the IPA way should work.
Any comments here ?
Cheers,
Matt
2015-08-12 19:00 GMT+02:00 Matt . yamakasi@gmail.com:
HI GUys,
I'm testing this out and I think I almost setup, this on a CentOS samba
server.
I'm using the ipa-adtrust way of Youeen but it seems we
~]$ smbclient //smb-01.domain.local/shares
...
Checking NTLMSSP password for MSP\myusername failed: NT_STATUS_WRONG_PASSWORD
...
SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
Maybe I have an issue with encrypted passwords ?
When we have this all working, I think we have a howto :D
Thanks!
Matt
2015-08
,
Matt
2015-08-13 12:02 GMT+02:00 Matt . yamakasi@gmail.com:
Hi Youenn,
OK thanks! this takes me a little but futher now and I see some good
stuff in my logging.
I'm testing on a Windows 10 Machine which is not member of an AD or
so, so that might be my issue for now ?
When testing
HI Guys,
Anyone still a working clue/test here ?
I didn't came further as it seems there need to be some domain join /
match following the freeipa devs.
Thanks!
Matt
2015-08-13 13:09 GMT+02:00 Matt . yamakasi@gmail.com:
Hi,
I might have found somthing which I already seen in the logs
Hi Chris,
Would be great to see!
If I have it working and we have 2-3 testcases I think we can add it
to the IPA docs!
Keep me updated!
Thanks
Matt
2015-08-20 8:49 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Matt
Once I got Samba and FreeIPA integrated (by the good old
NTLMSSP authentication.
It might not be that easy to have a Samba Shares only server.
Any idea here how to accomplish ?
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info
way to go for now, even when this thread is such old ?
Thanks!
Matt
2015-08-01 9:48 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com:
Hi Matt
For a how to of Samba FreeIPA integration using schema extensions, see
this previous thread
https://www.redhat.com/archives/freeipa-users/2015
1 - 100 of 211 matches
Mail list logo