[Freeipa-users] Disadantages of using external DNS

2012-12-12 Thread Rashard . Kelly
What are the disadvantages of using an external DNS source? My three options are install DNS services on the IPA server, use the local Active Directory DNS, or connect to a linux based DNS appliance. Is it common not to use DNS at all if so what are the drawbacks? My goal is consolidating all

Re: [Freeipa-users] Disadantages of using external DNS

2012-12-14 Thread Rashard . Kelly
Thank everyone for the ideas. We will be adding the DNS service to the IPA server. This seems like the best solution. Thanks again, Rashard This document is strictly confidential and intended only for use by the addressee unless otherwise stated. If you are not the intended recipient,

[Freeipa-users] Postponing IPA 3 upgrade

2013-02-11 Thread Rashard . Kelly
I was wondering if I need to be concerned about IPA 2 being updated automatically to IPA 3? We have a working IPA 2 environment in place now and wanted to know if IPA needed to be added to an exclude list. We are afraid of breaking our current setup. When IPA 3 is released will yum

Re: [Freeipa-users] Postponing IPA 3 upgrade

2013-02-12 Thread Rashard . Kelly
Thanks for all the replies, We are using Red Hat Satellite Server to handle Yum updates but I am still getting a grasp on how it works. After talking to one of our admins, I was told that it should not do a major version upgrade without being explicitly told to. The servers are virtual so I

[Freeipa-users] Joining realm failed: SASL Bind failed Local error (-2)

2014-03-07 Thread Rashard . Kelly
and took a working DNS config from another server. Everything appears to be setup right. What could I be overlooking? Thank You, Rashard Kelly SITA Senior Linux Specialist From: Dmitri Pal d...@redhat.com To: Trey Dockendorf treyd...@gmail.com Cc: freeipa-users@redhat.com Date: 03/07

[Freeipa-users] Joining realm failed: SASL Bind failed Local error (-2)

2014-03-07 Thread Rashard . Kelly
and took a working DNS config from another server. Everything appears to be setup right. What could I be overlooking? Thank You, Rashard Kelly SITA Senior Linux Specialist This document is strictly confidential and intended only for use by the addressee unless otherwise stated. If you

Re: [Freeipa-users] Joining realm failed: SASL Bind failed Local error (-2)

2014-03-10 Thread Rashard . Kelly
this mean? Ldap is instslled Thank You, Rashard Kelly This document is strictly confidential and intended only for use by the addressee unless otherwise stated. If you are not the intended recipient, please notify the sender immediately and delete it from your system

Re: [Freeipa-users] Joining realm failed: SASL Bind failed Local error (-2) (SOLVED)

2014-03-11 Thread Rashard . Kelly
Thanks, after a little digging I found that the reverse DNS records were not configured for the masters. Thank You, Rashard Kelly From: Martin Kosek mko...@redhat.com To: rashard.ke...@sita.aero Cc: freeipa-users@redhat.com Date: 03/10/2014 10:17 AM Subject:Re: [Freeipa

[Freeipa-users] Sudo Rule Command Line Option Arguments

2014-03-12 Thread Rashard . Kelly
/yum localupdate example* Failed members: member sudo command: /usr/bin/yum --disableexcludes=all localinstall example*: no such entry - Number of members added 0 - Thank You, Rashard Kelly This document is strictly

Re: [Freeipa-users] Sudo Rule Command Line Option Arguments (Solved)

2014-03-13 Thread Rashard . Kelly
entry defined yet vs no such entry would improve workflow for people stuck using the CMD. Thank You, Rashard Kelly From: Rashard Kelly/Atlanta/SITA/WW To: freeipa-users@redhat.com Date: 03/12/2014 11:47 AM Subject:Sudo Rule Command Line Option Arguments What is the correct

Re: [Freeipa-users] Sudo Rule Command Line Option Arguments (Solved)

2014-03-13 Thread Rashard . Kelly
I would be happy to open a ticket, where do I go to do that? Thank You, Rashard Kelly From: Rob Crittenden rcrit...@redhat.com To: rashard.ke...@sita.aero, freeipa-users@redhat.com Date: 03/13/2014 09:52 AM Subject:Re: [Freeipa-users] Sudo Rule Command Line Option Arguments

[Freeipa-users] ipa: ERROR: did not receive Kerberos credentials

2014-04-10 Thread Rashard . Kelly
--from liipaxs010p.ipa2.dc.sita.aero Invalid password ipa-replica-conncheck says communication is ok. I looked at the httpd, secure,and krb log and none show any activity when I execute the commands above. Im lost any clues as to where I can look for answers? Thank You, Rashard Kelly

Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos credentials

2014-04-10 Thread Rashard . Kelly
@replicahostname ~]$ KRB5_TRACE=/dev/stderr klist klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/tmp/krb5cc_159910_oKtZFE) -- Thank You, Rashard Kelly From: Alexander Bokovoy aboko...@redhat.com To: rashard.ke...@sita.aero Cc

Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos credentials

2014-04-10 Thread Rashard . Kelly
, Rashard Kelly From: rashard.ke...@sita.aero To: Alexander Bokovoy aboko...@redhat.com Cc: freeipa-users@redhat.com Date: 04/10/2014 08:42 AM Subject:Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos credentials Sent by:freeipa-users-boun...@redhat.com

Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos credentials

2014-04-10 Thread Rashard . Kelly
- Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted Thank You, Rashard Kelly From: Sumit Bose sb...@redhat.com To: rashard.ke...@sita.aero Cc: freeipa-users@redhat.com Date: 04/10/2014 12:31 PM Subject:Re: [Freeipa

Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos credentials

2014-04-11 Thread Rashard . Kelly
[root@replicahostname ~]# sestatus SELinux status: disabled [root@replicahostname ~]# audit2why -b -w -t avc [root@replicahostname ~]# Nothing in the audit log after audit2why came back either. Thank You, Rashard Kelly From: Alexander Bokovoy aboko...@redhat.com

Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos credentials

2014-04-11 Thread Rashard . Kelly
: Permission denied Thank You, Rashard Kelly SITA Senior Linux Specialist From: Sumit Bose sb...@redhat.com To: rashard.ke...@sita.aero Cc: Alexander Bokovoy aboko...@redhat.com, freeipa-users@redhat.com Date: 04/11/2014 09:54 AM Subject:Re: [Freeipa-users] ipa: ERROR: did

Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos credentials (SOLVED)

2014-04-11 Thread Rashard . Kelly
Thank you so much, it was the user id. There was an account with the same user name leftover from a previous effort. Thanks to everyone for the time. Thank You, Rashard Kelly From: Sumit Bose sb...@redhat.com To: rashard.ke...@sita.aero Cc: Alexander Bokovoy aboko...@redhat.com