Hello,
I just did a 'yum update' from CentOS 6.5 -> 6.6 on my freeipa system
(master and 2 replicas) and I seen to have run into the following bug,
https://bugzilla.redhat.com/show_bug.cgi?id=953653
On Master:
[root@srv-1 slapd-CN-LOCAL]# rpm -qa|grep ipa
ipa-client-3.0.0-42.el6.centos.x86_64
l
On 2013-01-14, at 8:11 PM, Dmitri Pal wrote:
> On 01/14/2013 05:59 PM, William Muriithi wrote:
>> Hello
>>
>> When I restart IPA through ipactl, I get the following message. All
>> seem to be working despite the message. I think it is pki-ca that is
>> running on tomcat
>>
>> Starting httpd:
Hello,
Named stopped on one of my IPA servers over the weekend, this was the last
message in the log file:
ldap_helper.c:627: fatal error:
RUNTIME_CHECK(((pthread_mutex_destroy(((&ldap_conn->lock))) == 0) ? 0 : 34) ==
0) failed
exiting (due to fatal error in library)
Any ideas?
All other IPA
Hello,
I tried to login (ssh) to one (of three) freeipa systems running on CentOS
yesterday without success.
Running 'ssh root@service-2', the server would reply with a password prompt and
then hang. I went to the system console to discover many of the following
messages on screen:
Jun 30 s
Hello,
The log files are empty in /var/log/sssd, and the filesystems checked clean
after the hard boot.
Thanks,
Mike
On 2013-07-03, at 10:38 AM, Sumit Bose wrote:
> On Wed, Jul 03, 2013 at 10:17:19AM -0400, Michael Mercier wrote:
>> Hello,
>>
>> I tried to login (
Hello,
A few details to begin:
The IPA system consists of 3 servers running on fully patched CentOS 6.5
(updated Monday night). DNS is integrated with the IPA system.
ipa-*-3.0.0-37.
mod_nss-1.0.8-19
openssl-1.0.1e-16
The system was upgraded from 2.2
Yesterday, I revoked a certificate for
On Dec 5, 2013, at 3:20 PM, Rob Crittenden wrote:
> Michael Mercier wrote:
>> Hello,
>>
>> A few details to begin:
>>
>> The IPA system consists of 3 servers running on fully patched CentOS 6.5
>> (updated Monday night). DNS is integrated wit
Hello,
When using IPA 2.2.0 with DNS setup (--setup-dns), is there any issues with
adding slaves to the named.conf file?
example on ipaserver1:
zone "myzone.tld" {
type slave;
file "slave/myzone.db"
masters { u.x.y.z; w.x.y.z; };
allow-notify { u.x.y.z; w.x.y.z
slave this data from
ipaserver1.
Thanks,
Mike
On 13-Jul-12, at 5:11 PM, KodaK wrote:
On Fri, Jul 13, 2012 at 3:13 PM, Michael Mercier
wrote:
Hello,
When using IPA 2.2.0 with DNS setup (--setup-dns), is there any
issues with adding slaves to the named.conf file?
example on ipaserver
her system. Also, the number of entries in the zone is large and
there are a many updates per day and I was uncertain of the type of
performance I could expect.
Thanks,
Mike
On 13-Jul-12, at 7:10 PM, Dmitri Pal wrote:
On 07/13/2012 07:04 PM, Michael Mercier wrote:
Hello,
I am by no means
Hello,
On 2012-07-13, at 9:39 PM, Simo Sorce wrote:
>>
>
> Unfortunately slaving is not supported at the moment, but just out of
> curiosity what is the ballpark number for "many updates" ?
>
Doing a quick check on the system, anywhere between 600 and 1000 record updates
per minute.
Thanks,
Hello,
I am attempting to install the IPA 3.x beta on Fedora 17 and running into some
difficulty.
I performed the following steps attempting the install (following setup
instructions for FreeIPA 2.2):
1. Download Fedora 17
2. Install Fedora 17 with VMWare
3. add hostname to /etc/hosts - 172.1
Hello,
I have installed FreeIPA 3.0 beta 1 on Fedora 17, and added a Fedora 17 client.
I do not have anything under the Identity -> DNS tab (i.e. no DNS zones)
I did the following when installing:
On the server:
[root@ipaserver ~]#ipa-server-install
-- oops forgot to include DNS
[root@ipaserve
Hello,
Hmm... please ignore this...
A reboot of the ipaserver seems to have resolved the issue.
Thanks,
Mike
On 2012-07-26, at 9:28 AM, Rob Crittenden wrote:
> Michael Mercier wrote:
>> Hello,
>>
>> I have installed FreeIPA 3.0 beta 1 on Fedora 17, and added a Fedora 17
Hello,
I was wondering what the security implications would be setting up a
server to be a freeipa client at one site, and have it join a freeipa
system over the internet at another site.
ipaclient (siteA) <-- internet --> ipaserver (siteB)
Is there an IPA document that describes this situ
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com
] on behalf of Michael Mercier [mmerc...@gmail.com]
Sent: Friday, 17 August 2012 1:14 p.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] IPA over the Internet - Security
Hello,
In Aug 2010, someone posted a message to this list about integrating tacacs+
with freeipa
https://www.redhat.com/archives/freeipa-users/2010-August/msg00058.html
At the time, it was mentioned that this was not on the roadmap, has this
changed?
If RedHat has no plans to do this, where ca
On 2012-08-22, at 4:12 PM, Rob Crittenden wrote:
> Michael Mercier wrote:
>> Hello,
>>
>> In Aug 2010, someone posted a message to this list about integrating
>> tacacs+ with freeipa
>> https://www.redhat.com/archives/freeipa-users/2010-August/msg00058.html
>
Hello,
I seem to be having a problem with the HBAC test:
Versions:
[root@ipaserver ipatest]# rpm -qa|grep ^ipa
ipa-server-2.2.0-16.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-python-2.2.0-16.el6.x86_64
ipa-admintools-2.2.0-16.el6.x86_64
ipa-server-se
Hello,
I have experienced some odd connectivity issues using MMR with FreeIPA (all
systems CentOS 6.3). I have 2 ipa servers (ipaserver / ipaserver2) setup using
MMR.
[root@ipaserver ~]#ipa-replica-manage list
ipaserver.mpls.local: master
ipaserver2.mpls.local: master
[root@ipaserver ~]# rpm -
On 2012-09-07, at 12:14 PM, Dmitri Pal wrote:
> On 09/06/2012 10:40 AM, Michael Mercier wrote:
>> Hello,
>>
>> I have experienced some odd connectivity issues using MMR with FreeIPA (all
>> systems CentOS 6.3). I have 2 ipa servers (ipaserver / ipaserver2) setup
On 2012-09-07, at 2:47 PM, Dmitri Pal wrote:
> On 09/07/2012 12:42 PM, Michael Mercier wrote:
>> On 2012-09-07, at 12:14 PM, Dmitri Pal wrote:
>>
>>> On 09/06/2012 10:40 AM, Michael Mercier wrote:
>>>> Hello,
>>>>
>>>> I have exp
On 2012-09-08, at 11:08 AM, Dmitri Pal wrote:
> On 08/31/2012 09:33 AM, Michael Mercier wrote:
>> Hello,
>>
>> I seem to be having a problem with the HBAC test:
>>
>> Versions:
>> [root@ipaserver ipatest]# rpm -qa|grep ^ipa
>> ipa-server-2.2.0-16.e
On 2012-09-07, at 4:50 PM, Rob Crittenden wrote:
> Michael Mercier wrote:
>>
>> On 2012-09-07, at 2:47 PM, Dmitri Pal wrote:
>>
>>> On 09/07/2012 12:42 PM, Michael Mercier wrote:
>>>> On 2012-09-07, at 12:14 PM, Dmitri Pal wrote:
>>>>
On 2012-09-08, at 11:03 AM, Dmitri Pal wrote:
> On 09/07/2012 04:50 PM, Rob Crittenden wrote:
>> Michael Mercier wrote:
>>>
>>> On 2012-09-07, at 2:47 PM, Dmitri Pal wrote:
>>>
>>>> On 09/07/2012 12:42 PM, Michael Mercier wrote:
&g
On 2012-09-10, at 4:35 AM, Petr Spacek wrote:
> On 09/08/2012 05:03 PM, Dmitri Pal wrote:
>> On 09/07/2012 04:50 PM, Rob Crittenden wrote:
>>> Michael Mercier wrote:
>>>>
>>>> On 2012-09-07, at 2:47 PM, Dmitri Pal wrote:
>>>>
>>>&
On 2012-09-17, at 10:33 AM, Rob Crittenden wrote:
> Michael Mercier wrote:
>> On 2012-09-08, at 11:08 AM, Dmitri Pal wrote:
>>
>>> On 08/31/2012 09:33 AM, Michael Mercier wrote:
>>>> Hello,
>>>>
>>>> I seem to be having a problem w
On 2012-09-17, at 11:27 AM, Dmitri Pal wrote:
> On 09/17/2012 10:14 AM, Michael Mercier wrote:
>> On 2012-09-07, at 4:50 PM, Rob Crittenden wrote:
>>
>>> Michael Mercier wrote:
>>>> On 2012-09-07, at 2:47 PM, Dmitri Pal wrote:
>>>>
>>>&g
On 2012-09-17, at 2:54 PM, Dmitri Pal wrote:
> On 09/17/2012 02:18 PM, Michael Mercier wrote:
>> On 2012-09-17, at 11:27 AM, Dmitri Pal wrote:
>>
>>> On 09/17/2012 10:14 AM, Michael Mercier wrote:
>>>> On 2012-09-07, at 4:50 PM, Rob Crittenden wrote:
>>
On 2012-09-18, at 4:03 AM, Jakub Hrozek wrote:
> On Mon, Sep 17, 2012 at 11:17:47AM -0400, Dmitri Pal wrote:
>>> [root@ipaserver2 ~]ifdown eth0 # NOTE: ipaserver2 is 172.16.112.8
>>>
>>> [root@ipaclient ~]# SSSD_KRB5_LOCATOR_DEBUG=1 kinit mike
>>> [sssd_krb5_locator] sssd_krb5_locator_init cal
On 2012-09-18, at 4:03 PM, Jakub Hrozek wrote:
> On Tue, Sep 18, 2012 at 02:38:13PM -0400, Michael Mercier wrote:
>>
>> On 2012-09-18, at 4:03 AM, Jakub Hrozek wrote:
>>
>>> On Mon, Sep 17, 2012 at 11:17:47AM -0400, Dmitri Pal wrote:
>>>>> [root@ipa
Hello,
A couple of questions regarding DNS / Allow PTR sync.
1. If you have a zone 'example.com' and you enable "Allow PTR sync", should
you also enable the option in the reverse zone (e.g. 168.192.in-addr-arpa.)?
2. Do you have to wait a specified amount of time for the PTR record to be
remo
Hello,
I missed the reply all button. See my response to Dmitri inline below.
Thanks,
Mike
Begin forwarded message:
From: Michael Mercier
Date: November 5, 2012 8:10:53 PM GMT-05:00
To: d...@redhat.com
Subject: Re: [Freeipa-users] DNS / Allow PTR sync
Hello,
On 5-Nov-12, at 7:12 PM
33 matches
Mail list logo