, Wellington, NZ
0064 4 463 6272
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users
:
sys.exit('ERROR: something bad happened #3')
But I was wondering whether there was a better using the IPA API. Is
there a way for me to do that?
Any help or insights would be greatly appreciated.
Thanks,
Joe
--
Petr Vobornik
] https://fedorahosted.org/freeipa/ticket/2755
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 07/18/2012 08:59 PM, Stephen Ingram wrote:
On Wed, Jul 18, 2012 at 6:45 AM, Petr Vobornik pvobo...@redhat.com wrote:
On 07/17/2012 11:43 PM, Stephen Ingram wrote:
8--
I'm beginning to think this is just the Web UI itself instead of 389
although it is really difficult to tell. I've
-
-
Any pointers?
Thanks,
Mike
I think you are experiencing
https://fedorahosted.org/freeipa/ticket/2906 It's a bug introduced by
dns per-domain permissions https://fedorahosted.org/freeipa/ticket/2511.
As you see in track, it should be fixed in beta 2.
--
Petr Vobornik
in browser's console
(press F12 in most browsers or CTRL+SHIFT+K in latest Firefox in Fedora)
after successful login. Look for 'admin' in memberof_group,
memberofindirect_group or anything in memberof_role.
--
Petr Vobornik
___
Freeipa-users mailing
by following command:
# ipa pwpolicy-mod --maxlife=1000
Or in Web UI: Policy/Password Policies/global_policy
When user resets his password this policy will be applied on it.
IPA CLI and Web UI don't have options to set user password's expiration
date directly.
Regards
--
Petr Vobornik
/reset_password.js and the
modifications in install/ui/ipa.css from the changeset you linked. In
any case I do not recommend to such modifications. They have high
potential to break things.
HTH
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users
@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
be filled http header named
X-IPA-Rejection-Reason.
If you manage to get session, check expiration of ipa_session cookie.
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
knowledge of Web
UI code. It's easier to modify user page source codes. For simple edit
(just textbox, no calendar widget) it may be just one line of code (in
WebUI, server plugin will require more work).
I know that Petr Vobornik is already working in better extensibility of the UI
. Is it possible, that you, or some other application on the
machine modified apache configuration and enabled it?
HTH
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
text_widget, override create method and probably do some format
conversion in update and save methods. Register the new widget to widget
repository. Then, one has to modify spec of appropriate facets to use it.
HTH
2013/2/7 Petr Vobornik pvobo...@redhat.com mailto:pvobo...@redhat.com
modification of url and thus
showing details of another user.
Perhaps it's better to just put together a new WebUI using the Python API,
however, with the fantastic new password reset page in 3.x, I've become
lazy and let users access IPA directly.
Steve
--
Petr Vobornik
creation is
described in extension guide[4].
[1] http://www.freeipa.org/page/V3/WebUI_plugins
[2] http://pvoborni.fedorapeople.org/doc/
[3] http://www.redhat.com/archives/freeipa-devel/2013-April/msg00423.html
[4] http://abbra.fedorapeople.org/guide.html#sec-4
--
Petr Vobornik
(ssh-rsa)
Each fingerprint is followed by 'Show/Set key' and 'Delete' buttons.
I can't comment the CLI part without more information: key and exact
command you used.
HTH
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https
procedure for a host, got the same exact results.
Tried to ssh as the user to the host that has keys set via command line, get
the message that the keys could not be validated.
Thanks.
-Kenny
On Wed, 2013-07-17 at 10:33 +0200, Petr Vobornik wrote:
On 07/16/2013 07:24 PM, Armstrong, Kenneth
of
the issue.
HTH
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
group so all full access right.
thks
Barry
Hello,
This link is enabled when logged in user has write permission for
userpassword attribute.
HTH
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman
On 19.5.2014 09:05, Martin Kosek wrote:
On 05/17/2014 04:27 PM, Christopher Swingler wrote:
Short and to the point, but I have the same question. :)
On May 16, 2014, at 9:08 PM, Chris Whittle cwhi...@gmail.com wrote:
Is there a doc anywhere?
CC-ing Petr Vobornik to help with that. You can
but will probably use RHEL/CentOS 7 when
available for production. FreeIPA versions 3.0.0 on CentOS 6.5 and
3.3.5 on Fedora 20.
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
. BTW, the version of Samba I'm testing against is
3.6.9-168 on CentOS 6.5.
Thanks again for your information and patience,
Dylan.
On 22 May 2014 14:19, Petr Vobornik pvobo...@redhat.com wrote:
On 22.5.2014 14:19, Sumit Bose wrote:
On Tue, May 20, 2014 at 02:00:18PM +0100, Dylan Evans wrote
://www.redhat.com/archives/freeipa-devel/2012-August/msg00295.html
Still a huge improvement though - these are just niggles.
Cheers
D
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more
provides.
When IPA started there was no common access control mechanism across
*nixes. We looked at the available options and ended up rolling our own
which we called HBAC.
rob
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman
and RHEL/CentOS 7.
From: Petr Vobornik pvobo...@redhat.com
To: mohammad sereshki mohammadseres...@yahoo.com; Rob Crittenden rcrit...@redhat.com;
freeipa-users@redhat.com freeipa-users@redhat.com
Sent: Monday, July 28, 2014 8:10 PM
Subject: Re: [Freeipa-users] add
/ipa.conf , reason should be
in the log
Have you any idea?
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
access Web UI, but it doesn't work).
Does CLI work on the server?
On 11-09-2014 14:18, Petr Vobornik wrote:
Hello Tevfik,
comments inline
On 11.9.2014 12:24, Tevfik Ceydeliler wrote:
Hi all,
I tried to do single sign on for FreeIPa Web UI according to 4.3.3.
Configuring the Browser
I did
or somewhere else.
When you run CLI command:
ipa user-show brogOBFUSCATED
Does it list 'p309-mm' or any other group name in 'Member of groups' line?
On the second screenshot the obfuscated user login looks like it has
space in it. I hope it's just an illusion.
HTH
--
Petr Vobornik
limited extensibility support. User can add
his own code to /share/ipa/ui/ext/extension.js but usually it's more
easy to edit webui code in /share/ipa/ui/ directly. This approach brings
other issues so use at your own risk.
[1] https://fedorahosted.org/freeipa/ticket/3235
HTH
--
Petr Vobornik
idviews: Make sure only regular IPA objects are allowed to be
overriden
idviews: Create Default Trust View for upgraded servers
idviews: Fix typo in upgrade handling of the Default Trust View
spec: Bump SSSD requires to 1.12.2
--
Petr Vobornik
--
Manage your subscription
to be resolvable
* test_forced_client_reenrollment: Don't check for host certificates
* sudo integration test: Remove the local user test
=== Petr Vobornik (4) ===
* webui-ci: case-insensitive record check
* dns: fix privileges' memberof during dns install
* build: increase java stack size for all
after OTP validation
=== Petr Vobornik (1) ===
* Become IPA 4.0.5
=== Thierry bordaz (tbordaz) (1) ===
* Deadlock in schema compat plugin (between automember_update_membership
task and dse update)
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https
validation
=== Petr Spacek (1) ===
* Fix zone name to directory name conversion in BINDMgr.
=== Petr Vobornik (2) ===
* build: increase java stack size for all arches
* Become IPA 4.1.1
=== Thierry bordaz (tbordaz) (1) ===
* Deadlock in schema compat plugin (between automember_update_membership
task
skipped this thread b/c the subject didn't look like it was
SSSD-related.
I think we need to examine SSSD logs...
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info
for various
cli tools
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
.
Hello Eldo,
sounds like: https://fedorahosted.org/freeipa/ticket/4726
try to run:
sudo -u apache kdestroy
after the restore
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org
check the pointers on this
page though. If none of them help, it may help to show us:
- the Kerberos ticket and default encryptions:
$ kinit
$ klist -e
- any related Kerberos errors from /var/log/krb5kdc.log
Martin
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list
=a37f5faa-b0ff-11e4-a92e-001a4a22218e,cn=sudorules,cn=sudo,dc=example,dc=com
changetype: modify
replace: cn
cn: newName
Though, I'm not sure if it would cause some undesired side effects.
https://fedorahosted.org/freeipa/ticket/2466
https://fedorahosted.org/freeipa/ticket/2911
HTH
--
Petr Vobornik
ldappasswd won't help if the culprit is
global or other IPA password policy. You can change the policy in LDAP
as Directory Manager. It's located in:
cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
then you can try to kinit and set the new password.
--
Petr Vobornik
--
Manage your
for referential integrity plugin applied on
ipaAssignedIDView
* ipatests: Fix old command references in the ID views tests
* ipatests: Fix incorrect assumptions in idviews tests
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa
it from
top of my head).
HTH
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
procude any other error notification. E.g. an error dialog
with some message.
If you open a browser developer tools/console tab. Do you see there any
errors?
Does it work if you hard-reload the web page (usually ctrl+F5).
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing
different and unexpected.
I've created a new ticket:
https://fedorahosted.org/freeipa/ticket/5008
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-expired TGT ticket which
could be then used to obtain ticket for principal
HTTP/myipa.my.domain@MY.REALM (IPA server API - backend of webui).
Cheers
Chris
From: Petr Vobornik pvobo...@redhat.com
To: d...@redhat.com, Rob Crittenden rcrit...@redhat.com,
Christopher Lamb
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
= Date.now() - date.getTime();
var minutes = diff / 1000 / 60;
new ticket: https://fedorahosted.org/freeipa/ticket/5015
[1] https://tools.ietf.org/html/rfc2616#section-14.18
[2] https://tools.ietf.org/html/rfc2616#section-3.3.1
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing
?
https://pvoborni.fedorapeople.org/doc/#!/guide/Debugging
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 06/22/2015 04:15 PM, Janelle wrote:
On 6/22/15 5:15 AM, Petr Vobornik wrote:
On 06/21/2015 08:35 AM, Janelle wrote:
Hi,
Sure. Just login as a normal user to the WEB UI. screen is blank:
Of course, if you click on Actions - you will see those and you can
click on
them, but you can't do
On 06/22/2015 06:39 PM, Janelle wrote:
On 6/22/15 9:25 AM, Petr Vobornik wrote:
On 06/22/2015 04:15 PM, Janelle wrote:
On 6/22/15 5:15 AM, Petr Vobornik wrote:
On 06/21/2015 08:35 AM, Janelle wrote:
Hi,
Sure. Just login as a normal user to the WEB UI. screen is blank:
Of course, if you
to http://freeipa.org for more info on the project
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
stuff.
Exception is DNS (and maybe some other entries). DNS is not readable by
everybody by default.
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
option in plugins
* replica-manage: Properly delete nested entries
* Add Domain Level feature
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
.
SEC_ERROR_LEGACY_DATABASE error suggests that it fails on initialization
of NSS database which is not dependent on stored certificate.
Thanks!
David
On May 29, 2015, at 1:35 AM, Petr Vobornik pvobo...@redhat.com wrote:
On 05/29/2015 10:02 AM, Martin Kosek wrote:
On 05/29/2015 01:27 AM, David Lin wrote
notice that when i do
ipa host-show
there is no certificate listed.
If you are using FreeIPA 4.1+, this is expected:
https://fedorahosted.org/freeipa/ticket/4449
Martin
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo
load_certificate function in
/usr/lib/python2.7/site-packages/ipalib/x509.py, line ~ 112
ouput will be in /var/log/httpd/error_log
Thanks,
David
On 05/29/2015 02:05 AM, Petr Vobornik wrote:
On 05/29/2015 10:45 AM, David Lin wrote:
ipa host-find produces this
ipa: ERROR: Certificate format error
On 06/01/2015 11:36 AM, Bob Hinton wrote:
On 01/06/2015 09:55, Petr Vobornik wrote:
On 05/31/2015 12:21 PM, Bob Hinton wrote:
Hello,
I've written a Ruby script to add IPA users from CSV files. This works
fine when specifying a username and password. However, using a keytab
produces an error
settings, access control information) and
Audit (events,
: logs, analysis thereof). If you are installing an IPA
server you need
: to install this package (in other words, most people
should NOT install
: this package).
--
Petr Vobornik
--
Manage your
tool.
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
that is on the ACTION button,
which remains visible.
Are there any troubleshooting suggestions for this? I have not
customized anything.
Thank you
~J
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org
for me.
Up plz.
Is there anything related to the connection error in dirsrv logs?
/var/log/dirsrv/slapd-EXAMPLE-COM/errors
/var/log/dirsrv/slapd-EXAMPLE-COM/access
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa
ipa.mydomain.org
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
:0,"method":"user_add"}
The user is added to IPA, but the user is still forced to change it's
password. In the response I could see that my krbpasswordexpiration
is ignored.
Any ideas what I'm doing wrong?
Thanks
Oliver
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
omains tests
* idoverride: Ignore ValidationErrors when converting the anchor
* tests: Add tests for idoverride object integrity
* trusts: Make trust_show.get_dn raise properly formatted NotFound
* trustdomain: Perform validation of the trust domain first
--
Petr Vobornik
--
Manage your subscript
rce flag, remove
leftover references to an already deleted master.
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-prod-a-033.cloud.foo.com.
Then you can try to check DNS settings, easy in Web UI, and remove
references to old server if there are any.
Cheers,
Andrew
On 6 November 2015 at 15:28, Petr Vobornik <pvobo...@redhat.com> wrote:
On 11/05/2015 05:32 PM, Andrew Holway wrote:
Actual
e collisions in the names of external
groups
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 09/22/2015 01:03 AM, Craig White wrote:
-Original Message-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: Friday, September 18, 2015 1:44 AM
To: Craig White; Martin Kosek; freeipa-users@redhat.com; Jan Cholasta
Subject: Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA
* Hide topology and domainlevel features
* dcerpc: Raise ACIError correctly
* adtrustinstance: Enable and start oddjobd
* upgrade: Enable and start oddjobd if adtrust is available
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo
On 07/10/2015 02:40 PM, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote:
The FreeIPA team is proud to announce FreeIPA v4.2.0 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. The builds
for Fedora 22 and Fedora Rawhide
On 07/10/2015 04:51 PM, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 04:09:45PM +0200, Petr Vobornik wrote:
Some of the dependencies are still in updates-testing repository. They have
been added to the COPR repository.
Now FreeIPA 4.2 could be installed even with the updates-testing repo
On 07/10/2015 02:55 PM, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 02:40:58PM +0200, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote:
The FreeIPA team is proud to announce FreeIPA v4.2.0 release!
It can be downloaded from http://www.freeipa.org/page
e comparison by an entity name would help.
Best regards
Mateusz Małek
Intelligent Information Systems Group
Department of Computer Science
AGH University of Science and Technology, Kraków, Poland
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://w
On 09/05/2015 09:12 PM, Mateusz Małek wrote:
W dniu 01.09.2015 o 13:27, Petr Vobornik pisze:
On 08/27/2015 05:17 AM, Mateusz Małek wrote:
We're trying to adjust FreeIPA to our environment... quite a bit. Here
are some bullet points:
(...)
For points 3, 5, 6 and to limit available choices
/tree/ipaserver/install/replication.py#n1185
2) File a ticket to avoid get_ruv function exit the whole "del" command when
--force is in play to fix this long-term
https://fedorahosted.org/freeipa/ticket/5307
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users ma
nstall: Correctly determine 4.2 FreeIPA servers
* trusts: Detect domain clash with IPA domain when adding a AD trust
* trusts: Detect missing Samba instance
* winsync-migrate: Add warning about passsync
* winsync-migrate: Expand the man page
=== Yuri Chornoivan (1) ===
* Fix minor typos
--
Petr Voborn
On 09/17/2015 06:19 PM, Craig White wrote:
-Original Message-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: Thursday, September 17, 2015 4:59 AM
To: Martin Kosek; Craig White; freeipa-users@redhat.com; Jan Cholasta
Subject: Re: [Freeipa-users] last step in retiring old RHEL 6
freeipa-users
Go to http://freeipa.org for more info on the project
--
/ Alexander Bokovoy
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
/ Alex
d hostmask detection for sudo rules validating on hostmask
* replicainstall: Add check for domain if server is specified
* replicainstall: Make sure the enrollment state is preserved
=== Yuri Chornoivan (2) ===
* Fix minor typos
* Fix minor typos
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
with one
call and save some network calls.
Example could be seen in this ugly script:
https://pvoborni.fedorapeople.org/scripts/ipa-generate-users.sh
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http
negroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:9085
tn@https://moria.menegroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:8961
nn@https://moria.menegroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:9025
ln/i@https://moria.menegroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:10123
p.injectUrl/i@https://moria.menegroth.us/ipa/ui/js/dojo/dojo.js?v=40203:1:12306
Do I have to do something to enable username/password auth for this
version of IPA?
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
- what is the size and time limit configured
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
ords
You need to identify which one is INCORRECT and then run
ipa-replica-manage clean-ruv $incorrect command.
The CORRECT one can identified with:
ldapsearch -ZZ -h ipa2.localdomain.local -D "cn=Directory Manager" -W -b
"dc=localdomain,dc=local"
"(&(objectclass=ns
y/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> cn=automember
> > rebuild membership,cn=tasks,cn=config does not exist
> > [26/May/2016:12:14:10 +0200] - Skipping CoS Definition cn=Password
> > Policy,cn=accounts,dc=bioinf,dc=local--no CoS Templates found, w
ert-signing master?
>
> Thanks,
>
> Dan
>
> /This message and any attachments may contain confidential or privileged
>
> information and are only for the use of the intended recipient of this
>
> message. If you are not the intended recipient, please notify the sender
>
> by return email, and delete or destroy this and all copies of this
>
> message and all attachments. Any unauthorized disclosure, use,
>
> distribution, or reproduction of this message or any attachments is
>
> prohibited and may be unlawful./
>
> *From: *Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>>
>
> *Date: *Friday, June 10, 2016 at 14:48
>
> *To: *Daniel Finkestein <dan.finkelst...@high5games.com
> <mailto:dan.finkelst...@high5games.com>>,
>
> "freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>"
> <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>>
>
> *Subject: *Re: [Freeipa-users] FreeIPA 4.2.0: An error has occurred (IPA
>
> Error 4301: CertificateOperationError)
>
> I'd reinstall some rpms to properly create these:
>
> tomcat
>
> pki-base
>
> pki-server
>
> I'm not positive it will fix permissions, rpm -V on the same may point
>
> out problems as well.
>
> rob
>
>
>
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
d[22469]: WARNING: yacc
> table file version is out of date
> May 27 14:08:29 kaitain.pipebreaker.pl ipa-dnskeysyncd[22469]: WARNING:
> Couldn't create 'pycparser.yacctab'. [Errno 13] Permission denied:
> 'yacctab.py'
>
> Also (related?) error during 'ipactl' invocations:
> $ ipactl
ipa-adtrust-install: Allow dash in the NETBIOS name
spec: Bump required sssd version to 1.13.3-5
adtrustinstance: Make sure smb.conf exists
l10n: Remove Transifex configuration
ipalib: Fix user certificate docstrings
idviews: Add user certificate attribute to user
ed as a 2 factor authentication for browser login?
CCing Petr to be aware of this question. But first, I would be curious -
what
browser version do you use and what FreeIPA version do you use? Do you see
the
same troubling behavior with FreeIPA demo [1]?
[1] http://www.freeipa.org/page/Demo
--
Petr Vob
/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
947, in error_handler
raise errors.DuplicateEntry()
2016-01-18T03:29:55Z DEBUG The ipa-replica-install command failed,
exception: DuplicateEntry: This entry already exists
2016-01-18T03:29:55Z ERROR This entry already exists
2016-01-18T03:29:55Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 01/18/2016 04:34 PM, Petr Vobornik wrote:
On 01/18/2016 04:01 PM, Adam Kaczka wrote:
This happens with FreeIPA version 4.2.0 and also version 3.0.0 with
latest
Chrome (47.0.2526.111 m) and IE 11 (11.63.10586.0). The issue does not
occur with FF (43.0.4). I tried the demo page and same
using ipa-server-install --uninstall
2. Do we have to update to intermediate versions and if so how?
Should not be necessary.
Could we do anything else?
Thank you for any hints,
Kind regards,
—
Christophe
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing
Bokovoy <aboko...@redhat.com>
To: Christopher Lamb/Switzerland/IBM@IBMCH
Cc: Petr Vobornik <pvobo...@redhat.com>, freeipa-users@redhat.com,
wodel youchi <wodel.you...@gmail.com>
Date: 02.02.2016 09:32
Subject:Re: [Freeipa-users] [Centos7.2 Freeipa 4
se is successful(200) and what
is the cookie expiration date. If it's not successful, then what is in
response and in X-IPA-Rejection-Reason response header.
https://pvoborni.fedorapeople.org/images/ff-dev-tools-xhr.png
Chris
From: Petr Vobornik <pvobo...@redhat.com>
To: wodel youc
e I am using to connect to the webui of freeipa is not
enrolled
in it, I am using login/pass to connect not kerberos.
Web UI session is set to 30 minutes or so.
--
/ Alexander Bokovoy
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redh
the patch. Looks good - ACK
was pushed to master branch
https://fedorahosted.org/freeipa/changeset/f5f5c8c603e95d246d2cde92f56959fedba4666d
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.or
lready been done.
Yes the replica code works as expected.
Next step is to investigate why the search returns nothing. ACI issue?
Weird DB state?
Can other user fetch it? E.g. admin?
If so wow does "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping
tree,cn=config" on the master se
h - harder to explain.
Or easier thing might be to modify ipa.conf in a way that
/ipa/session/login_kerberos would not return negotiate headers but would
fail immediately with 401.
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailma
ALPW}\n${FINALPW}\n" | kpasswd $TESTUSER
klist
kdestroy -A
echo -e "${FINALPW}" | kinit $TESTUSER
klist
kdestroy -A
also works if kpasswd is changed to kinit.
You can also try to use KRB5_TRACE=/dev/stdout to debug it:
# KRB5_TRACE=/dev/stdout kpasswd user
--
Petr Vobornik
On 04/07/2016 01:34 PM, John Williams wrote:
>
>
>
> *From:* Petr Vobornik <pvobo...@redhat.com>
> *To:* John Williams <john.1...@yahoo.com>; "Freeipa-users@redhat.com"
open https
> 464/tcp open kpasswd5
> 636/tcp open ldapssl
> 749/tcp open kerberos-adm
> 8080/tcp open http-proxy
> 8443/tcp open https-alt
> MAC Address: 52:54:00:33:34:F0 (QEMU Virtual NIC)
>
> Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
> [root@ipa2 ~]#
>
>
> Why do I get this message?
>
> TIA!!
>
>
>
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
/access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/Managing-Unique_UID_and_GID_Attributes.html
And also "RANGES" section of `man ipa-replica-manage`?
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.
1 - 100 of 208 matches
Mail list logo