On Tue, 13 Jan 2015, Petr Spacek wrote:
On 13.1.2015 14:52, Mike wrote:
Hi - FreeIPA newbie here trying to enable ddns updates from dhcpd to IPA. I
don't know if this is an IPA or dhcpd issue but thought I'd ask here. I'm also
not sure if TSIG the best, or only way to go.
All machines
Just a note to anyone else who may be interested. This may be obvious but
it wasn't to me at first, The ipa dnszone-mod ... --update-policy=...
command wipes out the existing BIND update policy. So what would seem to
me to be the correct procedure is to do ipa dnszone-show --all first to
to 52:54:00:4a:44:f7
(nas2) via eth0
Jan 12 20:15:02 ds01 dhcpd: Unable to add forward map from nas2.inside.lan to
10.16.1.203: REFUSED
-- Thanks, Mike
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org
On Tue, 13 Jan 2015, Dmitri Pal wrote:
On 01/13/2015 12:35 PM, Mike wrote:
Just a note to anyone else who may be interested. This may be obvious but
it wasn't to me at first, The ipa dnszone-mod ... --update-policy=...
command wipes out the existing BIND update policy. So what would seem
c() calls fo_get_service(),
which returns EOK. I'm not familiar yet with the variables at play,
would adding debug statements here reveal faults that may cause this?
Any pointers are very much appreciated.
Mike
[sssd[be[unix.foo.local]]] [ipa_srv_ad_acct_lookup_step] (0x0400):
Looking up AD acco
ps. I guess the main fault was incorrect log handling.
Multiple logins caused overlooking the real error and only showed the
mentions of offline AD backends and subdomains.
I am not sure why these Posix groups had no objectSIDString while others
did.
Thank you,
Mike
--
Manage your subscr
Hi Bret,
I tried this once in the past with no success. If I recall correctly (I
can't find the reference anymore), Cisco (at least in IOS 12.4 that I
tested) only supports the DES-CBC-CRC enctype. This enctype disabled by
default in FreeIPA.
Thanks,
Mike
On Fri, Dec 21, 2012 at 10:35 AM
Newbie
I see a lot about DNS built into freeIPA.
Im installing via yum on centos6.4
Do I just ignore the DNS part since we have our own DNS servers? Or does
freeIPA still need local DNS entries?
Also, im not sure I follow clients I see it explains that you can add clients
so services and use
Yes.. thanks !!
I just saw that myself..
So I need to install the ipa-client.x86_64 package on the client I take it..
Thanks for the quick response !!!
Mike
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, October 15, 2013 3:52 PM
To: Mike Calautti
...@redhat.com] On Behalf Of Mike Calautti
Sent: Tuesday, October 15, 2013 3:54 PM
To: Rob Crittenden; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] stupid question
Yes.. thanks !!
I just saw that myself..
So I need to install the ipa-client.x86_64 package on the client I take it..
Thanks
in case of failure.
Proceed with fixed values and no DNS discovery? [no]:
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Mike Calautti
Sent: Tuesday, October 15, 2013 4:25 PM
To: Rob Crittenden; freeipa-users@redhat.com
Hi,
We have our own in house CA.
I ran ipa-server-install -a secret12 -r EXAMPLE.COM -P password -p secret12 -n
ipaserver.example.com --external-ca
It generated ipa.csr as expected..
I used opsenssl to sign it on our internal CA. I got the .crt file..
I assume I need the private KEY that the
You can use this.
http://www.rsyslog.com/doc/imfile.html
On 8/21/14, 9:54 AM, Rich Megginson rmegg...@redhat.com wrote:
On 08/21/2014 06:59 AM, Rob Crittenden wrote:
barry...@gmail.com wrote:
Hi:
I m not avaibable to test the pipe setting as the servers are live now
and need
-prepare' with a CA-less configuration?
Thanks all,
--
Mike Oliver
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
on client using default
keytab: Cannot contact any KDC for realm
So I don¹t think I can promote another master/replica ?
Thanks,
Mike
smime.p7s
Description: S/MIME cryptographic signature
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo
renewal section but its an odd situation where we have
to renew and reconfigure
Mike
On 8/28/15, 7:45 PM, Rob Crittenden rcrit...@redhat.com wrote:
Mike LoSapio wrote:
Hey there -
I¹m working a FreeIPA box (ipa-server-3.0.0-42) - Our original PKI
³master² was nuked a while ago and I have
im FreeIPA into...
Thanks.
--
Mike Kelly
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On Thu, Feb 11, 2016 at 3:21 AM Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On Wed, 10 Feb 2016, Mike Kelly wrote:
> >On Wed, Feb 10, 2016 at 3:19 AM Alexander Bokovoy <aboko...@redhat.com>
> >wrote:
> >
> >> On Wed, 10 Feb 2016, Mike Kelly wrote:
&g
On Wed, Feb 10, 2016 at 3:19 AM Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On Wed, 10 Feb 2016, Mike Kelly wrote:
>
> >Is there some extra logging I can turn on to see why this ID View isn't
> >being applied like I would expect? Or perhaps some extra bit of
&
is there possibly some
config field I can use to force the view name? I feel like the code that's
supposed to detect the view name isn't triggering correctly in my case, and
that's what is triggering the issue...
On Tue, Feb 16, 2016 at 11:23 AM Mike Kelly <pi...@pioto.org> wrote:
&g
of the work for an
AD trust... is it possible for me to make my FreeIPA server into an AD
controller for the one Windows box in my house? Some searching I did before
indicated no, in part because Samba required Heimdal instead of MIT
Kerberos... is that still true?
On Thu, Feb 18, 2016 at 12:21 PM Mike
sss_cache -E` isn't clearing? Or some
other reason it didn't properly fetch the "admins" group until I looked up
the "admin" user?
On Fri, Feb 19, 2016 at 7:20 AM Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On Fri, 19 Feb 2016, Mike Kelly wrote:
> >Ahha! I seem
ww.freeipa.org/page/V4/Notification_system
> (but it is mostly empty at the moment).
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the proj
attributes
required and more-importantly all the code-glue that puts it all
together...
Figured I'd ask if there if there's anything already out there before
I re-invent the wheel.
TIA,
--Mike
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listin
this would be a slippery slope
because of the depth of groupings/permissions/etc... but a
version-controlled declarative user config gives a nice record for
auditors (When did mike get an account, who granted access to him,
when did he get access, what other access has he had over the last
year... etc..)
Hello,
I have been testing Freeipa since 4.2 and am very impressed overall. A pending
issue I have not been able to resolve is getting HBAC to work consistently. I’m
limited to an AD-trust scenario where AD groups are mapped to Posix groups.
While ‘id user@domain’ will return all groups for
mited capability for
inclusion in a script. But I can’t figure out how to configure an account to
have this capability without being a full admin. How can I create new user
accounts and set initial passwords in a script?
Mike
--
Manage your subscription for the Freeipa-users mailing list:
tries=1
etime=0
When doing an ldapsearch, I can see the group:
# admins, groups, compat, domain.com
dn: cn=admins,cn=groups,cn=compat,dc=domain,dc=com
ipaAnchorUUID::
gidNumber: 5
memberUid: admin
memberUid: user1
memberUid: user2
objectClass: posixGroup
objectClass: ipaOverrideTarget
objectCla
data, then sever and
reinstate replication relationships with the other three?
Mike
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
x.xx) and
(krbprincipalname=ldap/ipa04.xxx...@xxx.xx)
I'm thinking the cert is only revoked on 01, it should be replicated to
02-09. Is there any way to make sure that it doesn't fully replicate
revokation and bring it back to 01? If that's even the problem!
Thanks much,
Mike
--
Manage
the
system hostname.
I thought I could just add a CNAME entry for the host record, but it fails
with the following error:
invalid 'cnamerecord': CNAME record is not allowed to coexist with any
other record (RFC 1034, section 3.6.2)
Is there an easy way I can do this?
Cheers,
Mike
--
Manage your
urned 2000
---
Any suggestions?
Mike
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-find?
Mike
> On Dec 13, 2016, at 08:17, Martin Basti <mba...@redhat.com> wrote:
>
> Tomas already replied to you, copying here as archives are currently offline
> to prevent spam
>
> """
>
> Hi,
>
> you seem to be hitting the size limit on
Any thoughts about this sizelimit bug?
Mike
> On Nov 28, 2016, at 14:44, Mike Driscoll <mike.drisc...@oracle.com> wrote:
>
> I'm running:
> # rpm -qa | grep ipa-server
> ipa-server-4.4.0-12.0.1.el7.x86_64
> ipa-server-dns-4.4.0-12.0.1.el7.noarch
> ipa-server-com
I need to add a login banner to the login page for freeIPA, is there a
setting that I could easily change for this?
Thanks,
--
Mike Waite
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info
pitfalls or problems you have encountered or any general advise?
Cheers,
Mike
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
36 matches
Mail list logo