Fu-Jyh Luo wrote:
Dear All,
I am having some trouble to Setting up Multi-Master Replication. ipa-replica-install
complains about CRITICAL Failed to load indices.ldif: Command '/usr/bin/ldapmodify -h
127.0.0.1 -xv -D cn=Directory Manager -y /tmp/tmpCwijw4 -f /usr/share/ipa/indices.ldif'
James Roman wrote:
Can anyone elaborate on the options for the ipa-replica-prepare command?
I have a third party signed certificate for both my master and replica
server. Am I supposed to provide the PKCS12 file for the master server
or the replica? If it is looking for the master server, I
James Roman wrote:
In case any one runs into this error while trying to create a replica:
Starting dirsrv:
REALM-COM...[15/Sep/2009:09:39:18 -0400] dse - The entry cn=schema in
file /etc/dirsrv/slapd-REALM-COM/schema/##xx.ldif is invalid, error
code 21 (Invalid syntax) - object class
Michael Kang wrote:
-- Forwarded message --
From: *Michael Kang* wxi...@gmail.com mailto:wxi...@gmail.com
Date: Fri, Sep 25, 2009 at 4:09 PM
Subject: Re: [Freeipa-users] Problem with Kerberos Authentication
To: Jenny Galipeau jgali...@redhat.com mailto:jgali...@redhat.com
Jason Gerard DeRose wrote:
On Thu, 2009-10-29 at 17:56 -0400, Dan Scott wrote:
Hi,
I'm trying to integrate FreeIPA with a Java webapp using JAAS. I have
the login module configured properly and it is working fine.
However, I have a problem with the initial user setup. New accounts
are created
such as these will not be copied to 99user.ldif, and
setup-ds.pl -u in 389-ds-base 1.2.3 and later will clean up 99user.ldif
of these and other bogus schema.
Rich Megginson wrote:
Rob Crittenden wrote:
Виктор Сергеевич wrote:
On fedora 11:
Name: 389-ds-base Relocations
James Roman wrote:
Rob Crittenden wrote:
Виктор Сергеевич wrote:
Hi!
Thanks! It works!, but
In master-server I'm see users in groups, but in replica I'm see only
group, without users. If search users - i'm can find it. And one more:
Strange, that shouldn't happen. I'd search for them
The machine hosting the freeIPA wiki was moved to a new datacenter this
weekend. The move was successful and the machine is up and operating,
the problem is that DNS hasn't been updated to reflect the new IP
address. We are working on resolving this but at this time have no ETA
on when that
John Robert Mendoza
--- On *Tue, 12/15/09, John Robert Mendoza /jrober...@yahoo.com/* wrote:
From: John Robert Mendoza jrober...@yahoo.com
Subject: Re: [Freeipa-users] freeipa replication
To: Rob Crittenden rcrit...@redhat.com
Cc: freeipa-users@redhat.com
Date: Tuesday, 15
root wrote:
Greetings FreeIPA mailing list:
I have an FC11 environment setup for testing the FreeIPA implementation
of kerberos+ldap w/admin utils. Our primary purpose for kerberos right
now is to provide auth services for coda. However, once that gnat is
squished, we'll of course be using
root wrote:
Greetings FreeIPA mailing list:
Thinking outside of the box for a moment, is it possible to divorce the
FreeIPA master feature of deploying FreeIPA servers from the FreeIPA
cluster which handles everything else? Keeps it safe and out of harms
way, especially considering it has
Dmitri Pal wrote:
Scott Kaminski wrote:
Just wondering if you setup 4 servers using MMR what would happen if
your first ipa server died and was unrecoverable? Would it be possible
to recover from this scenario?
The replicas are mostly symmetric. The difference is the that the first
IPA has
Michael Kang wrote:
Nobody answers my question:
Could I ues phpLDAPadmin to maintain FreeIPA Directory Server?
Is it technically possible? Sure, assuming it works with 389-ds. Is it a
good idea? Depends on what exactly you're going to do.
If you don't try to manage any objects used by IPA
Shan Kumaraswamy wrote:
Dear All,
I am try to install FreeIPA build 1.2.2 with RHDS 8.0, while installing
I am facing some serious issue. Please find the blow steps which I
followed and error message which got during the installation
1. I successfully installed RHDS 8.0
2. Installed
Scott Kaminski wrote:
I'm not sure what I'm doing wrong here. I'm trying to setup a replica
server and this is the output i'm getting:
[r...@ldap-4 tmp]# ipa-replica-install -d
replica-info-ldap-4.quadrant.local.gpg
Directory Manager (existing master) password:
root: INFO
root
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: 03 February 2010 17:34
To: Andy Singleton; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Installing IPA on Solaris 10
Andy Singleton wrote:
Hi Rob,
Neither of the commands give any results.
/me smacks
To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
Alpha 2 release of the long-awaited freeIPA 2.0 server [1].
This version of the server includes:
* Draft UI pages for all plugins that fit into a
David Christensen wrote:
I have my ipa 1.2.2 setup in an environment where my servers have two
NICs each in a different VLAN.
With the multi NIC setup I have two different DNS names for a single
host to control which interface is is used when accessing the host e.g.
host.example.com and
Steven Whately wrote:
On Fedora 12, I un-installed 1.2 and then installed 1.9.
My clients could not log in. The server was logging the following message:
sssd_be: GSSAPI Error: The referenced context has expired (Unknown error)
Hmm, is the time on the client close to the time on the IPA
://bugzilla.redhat.com/show_bug.cgi?id=568104
rob
Cheers
Andy
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: 24 February 2010 14:47
To: Andy Singleton
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Installing IPA on Solaris 10
Andy Singleton wrote:
Hi
root wrote:
Greetings all:
I'm thinking I just have to bounce something (or maybe it's been long
enough that I'm running the command wrong, but I don't think so).
Note that I show the error when not authenticated, and that I can
authenticate without error:
[r...@sandbox1 ~]# ipa-finduser
Dmitri Pal wrote:
Don,
Sorry, I accidentally deleted your post.
I am resending it.
===
Greetings all:
Turned out to be webservice getting reconfigured out from under me. We
didn't know that the management interface website was necessary for the
command-line
Gerrard Geldenhuis wrote:
Hi
I was wondering if anyone has had any luck in getting FreeIPA compiled
and installed on Centos. I am struggling a bit at the moment. I have
downloaded a fedora source package which I have tried to compile but
can’t even get the package to install at the moment. I
James Roman wrote:
Just for posterity. The issue ended up being that the AD and FreeIPA
were out of sync. One of the sub-containers in the Active Directory
containing disabled accounts was moved outside of the scope of the sync
agreement. We never ran a replica init, so a number of scheduled
Walter Meyer wrote:
I am testing out FreeIPA and am wondering if FreeIPA is compatible with
the Google Apps password sync utility. Specifically my question in
relation to FreeIPA is how the password attribute is stored in the DS?
Is it in any of these Google Apps supported formats: MD5, SHA1,
all communication with
SSL (it may very well work today, I didn't dive too deeply into the
documentation).
regards
rob
Thanks
Dmitri
On Thu, Mar 18, 2010 at 6:10 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Walter Meyer wrote:
I am testing out
Dmitri Pal wrote:
Walter Meyer wrote:
We would be using Google Apps for our email system (and other services
included with GA like Google Docs etc.) I'd like to have one password
for users when they access their email via Google Apps, ideally the
users and passwords would be centralized in IPA.
Walter Meyer wrote:
I will see if Salted SHA1 is supported and maybe Google hasn't
documented it yet. If not, the sync is done with the Google Servers over
SSL. And if only the Directory Manager can read the userPassword
attribute, would storing the userPassword attribute in SHA1 be that
, the default.
rob
On Mar 19, 2010, at 4:43 PM, Rob Crittenden rcrit...@redhat.com wrote:
Walter Meyer wrote:
I will see if Salted SHA1 is supported and maybe Google hasn't
documented it yet. If not, the sync is done with the Google Servers
over SSL. And if only the Directory Manager can read
Harshavardhana wrote:
Hi Everyone,
I have been recently configuring Freeipa server and client which
i have achieved successfully.
But i have hit a roadblock when i tried to replicate ipa server
configuration from one already working node to another node. This is on
Fedora 11.
I have
root wrote:
Greetings FreeIPA mailing list:
I have an FC11 environment setup for testing the FreeIPA
implementation of kerberos+ldap w/admin utils. Our primary purpose
for kerberos right now is to provide auth services for coda.
However, once that gnat is squished, we'll of course be using
James Roman wrote:
The bug outlines how to promote a replica to be the primary master.
You basically just need to import the CA and setup the serial number
file.
So lets say you had a master and 2 replicas. In reality the only thing
that differentiates the first master is that it was
Oliver Burtchen wrote:
Hi @all,
is it possible to use an already configured und running dogtag-instance for
freeipa V2 in the installation process? I would like to give ipa-server-
install just the params for the dogtag-instance/server to use, and skip its
own creation-process (pkisilence
. It is probably
possible to do what you want given time and patience but we are unlikely
to do this in the near future.
rob
Best regards,
Oli
Am Freitag, 9. April 2010 23:42:54 schrieb Rob Crittenden:
Oliver Burtchen wrote:
Hi @all,
is it possible to use an already configured und running dogtag
Tom Brown wrote:
Hi
I need to bulk insert a bunch of users, and i need to create them with
certain gid's but i dont see where i can do that using the cli. Are
there any pointers here?
There is currently not a way to directly set the user's gidnumber other
than the default group for all
Tom Brown wrote:
Not sure which howto you referred to but this covers it pretty well
http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Your_Browser.html
For troubleshooting the client side see
this capability we would want to take
advantage of it.
Okay, hope it was not to much for one posting,
best regards,
Oli
This is great feedback, thanks!
rob
Am Dienstag, 13. April 2010 19:58:23 schrieb Rob Crittenden:
Oliver Burtchen wrote:
Hi Rob,
thanks for the answer. I know about
Oliver Burtchen wrote:
Hi,
using clean F12 installtion with all updates and ipa
1.91-0.2010041617git671bb9c.fc12 on server and client:
Currently I'm unable to join a client, debug of ipa-client-install attached.
Seems, there was a change in the protocol, and ipa-join gives to many
ALAHYANE Rachid wrote:
Any ideas ? I can provide further explanations if it is not clear ;)
I think that will be needed.
You are doing server-server communication if you are running within Apache.
It would be helpful if you would describe what your end goal is.
rob
Sorry for this mail
mailto:jder...@redhat.com
On Wed, 2010-04-21 at 15:21 -0400, Rob Crittenden wrote:
ALAHYANE Rachid wrote:
Here is my apache logs :
== /var/log
Oliver Burtchen wrote:
Hi @all,
I did a clean, minimum F-12 install with all updates, and used freeipa and
sssd12 from http://jdennis.fedorapeople.org/
Everything seems to work fine when I do a
ipa-server-install --setup-dns
But what does it mean what I see in ipaserver-install.log
Marc Schlinger wrote:
Le 03/05/2010 17:38, Rob Crittenden a écrit :
Marc Schlinger wrote:
Hello,
I tried to install freeipa with certs management. I did manage after
a problem.
1°) The installation was unable to finished on a french localized
system.
The error at stage [3/15
Oliver Burtchen wrote:
Am Montag, 3. Mai 2010 09:14:26 schrieb Sumit Bose:
On Sun, May 02, 2010 at 08:41:14PM +0200, Oliver Burtchen wrote:
Am Sonntag, 2. Mai 2010 04:43:22 schrieb Rob Crittenden:
Oliver Burtchen wrote:
Hi Stephen,
I nailed the problem now a little bit down. I think it's
Ryan Thomson wrote:
Wow, I need to improve my search skills:
http://freeipa.org/page/IPAv2_alpha2
My answer is at the bottom of the page!
My apologies, everyone.
No worries.
We're going to build this on a new feature in 389-ds, Managed Entries
ALAHYANE Rachid wrote:
Hi,
I am working with ACIs and I noticed that you forgot to add mail in the
set of attribute that it can be modified :
ipa aci-find Modify Users
-
aci-find:
-
(targetattr = givenName || sn || cn ||
ALAHYANE Rachid wrote:
I execute this command hoping it'll work but I get some errors :
on my client
==
ipa -v aci-mod --taskgroup=modifyusers --permissions=write --attrs=mail
--type=user Modify Users
ipa: INFO: skipping plugin module ipalib.plugins.cert:
Marc Schlinger wrote:
hello all,
I'm doing bulk enrollment, with ipa-client-install -w mypassword .
But after this command when I launch #id test-user, I see in the kdc log
that the client key for my host principal has expired, and the command
fails.
This is because the host principal has
Rob Crittenden wrote:
Marc Schlinger wrote:
hello all,
I'm doing bulk enrollment, with ipa-client-install -w mypassword .
But after this command when I launch #id test-user, I see in the kdc
log that the client key for my host principal has expired, and the
command fails.
This is because
Shan Kumaraswamy wrote:
Hi Rob,
I am trying to rebuild the free IPA V2 against RHEL 6.0 beta and I
installed all the build requirements as per the ipa.spec file. When I
start the build it ends with bad error:
ipa_repl_version.o
ipa_repl_version.c:39:33: error: repl-session-plugin.h: No such file
Shan Kumaraswamy wrote:
Rob,
I have installed 389-ds and again I started FreeIPA build, but again
some error:
Provides: config(ipa-python) = 1.9.0.pre4-0.el6
Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1
rpmlib(FileDigests) = 4.6.0-1 rpmlib(PartialHardlinkSets) = 4.0.4-1
Dan Scott wrote:
Hi,
I have a FreeIPA slave server which used to be running Fedora 11 and
has recently been upgraded to Fedora 13. It is replicating from a
server which is still running Fedora 11.
Twice over the last week, the process providing LDAP (dirsrv?) has
died. I receive these errors
I fat-fingered this moderated message and it went into the bit bucket,
here it is revived.
Subject: FreeIPA v2.0 alpha4 replica installation problems
From: Hemminger, Corey Lee. [heco0...@stcloudstate.edu]
heco0...@stcloudstate.edu
Date: Mon, 16 Aug 2010 10:32:14 -0500
To:
Hemminger, Corey Lee. [heco0...@stcloudstate.edu] wrote:
Hi,
I'm a student admin for St. Cloud State University's Business Computing Research Lab, and
we run our own seperate network inside the campus network with dedicated internet feeds
and hardware for professors research as well as masters
install should
proceed.
I've opened a ticket to add this functionality to ipa-replica-install:
https://fedorahosted.org/freeipa/ticket/146
rob
Corey-
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Monday, August 16, 2010 2:49 PM
To: Hemminger, Corey
In v2 we are adding more fine-grained access control per the many
requests we had in v1. v1 only provided the ability to grant permission
to write a fixed set of user attributes from group A to group B.
We're looking for feedback on the types of access control that the IPA
users require in
Brian LaMere wrote:
Let me start by saying I work at a software development co; I get it -
so this isn't a harsh at all. However, the latest docs I could find (
http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/ ) seem
a bit outdated already.
For example, this section:
Brian LaMere wrote:
What version of IPA are you looking at? I have both options in mine.
Note that if you want to use magic-private groups only set uidstart.
We made this configurable for those installations that may have
limited UIDs.
The lastest in the fedora repo; just
Fereyre Jerome wrote:
Hi all
I am trying to connect postgresql to freeipa/kerberos to ensure user
authentication...
but i did not find a lot of information concerning this type of
configuration.
currently the messages i encounter arewhen i'm using the psql command:
psql: FATAL: accepting GSS
Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, 22 September 2010 1:57 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems
Brian LaMere wrote:
I have the following error in the log after named refuses to start:
named[1736]: failed to dynamically load driver 'ldap.so':
libldap-2.4.so.2: cannot open shared object file: No such file or directory
At first I thought it was simply a bah, they require the i686 library
Brian LaMere wrote:
The primary GID for a user isn't in the web interface for the user to be
able to change it. /usr/sbin/ipa-moduser (what the document references)
doesn't exist, nor does ipa user-mod have an options for changing the GID.
How is this done?
I'll assume you're using IPA v2.
Brian LaMere wrote:
I know about --user-container and --group-container, but that's not
sufficient; the domain is different, so I want to completely change the
search base for migration. Is this possible?
Thanks!
Brian
It looks like it tries to auto-detect the remote search base using the
going to do the right thing?
rob
Thanks :)
Brian
On Wed, Sep 22, 2010 at 12:44 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Brian LaMere wrote:
I know about --user-container and --group-container, but that's not
sufficient; the domain
Brian LaMere wrote:
On Wed, Sep 22, 2010 at 1:14 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
And this request came from newserver? I don't see where we would
query namingContexts with this search base. Seems strange that
something knew about the new
Brian LaMere wrote:
It looks like we have a bug when setting an empty base_dn. We try to
set it blank but it ends up getting set to the IPA base.
so if I just change base_dn from '' to 'dc=briandomain,dc=com' then my
selfish desire to complete the migration might complete? ; )
Shan Kumaraswamy wrote:
Hi All,
I have installed IPA Replica server and the installation is succeed,
after configured Firefox browser setting, I could not able to access ipa
webui, and I couple of time I restarted IPA replica server as well, but
no luck and I found this error message view in
Brian LaMere wrote:
On Fri, Sep 24, 2010 at 10:43 AM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
Brian LaMere wrote:
ah, odd - I'm used to IPs being IA5. then the equality match should
be changed? Can't have caseIgnoreIA5Match on a directory string :)
Yes.
Steven Jones wrote:
Hi,
Sorry if this sounds pushy but any chance of an ETA please?
Looks like it is in updates-testing:
https://admin.fedoraproject.org/updates/search/389-ds-base?_csrf_token=02164f85ca5037bd97fa8deacbd13fda7ea300f0
# yum update --enablerepo=updates-testing 389-ds-base
rob
Marc Schlinger wrote:
Le 30/09/2010 18:30, Simo Sorce a écrit :
You can use ldappasswd too, either with GSSAPI auth or eventually even
with plaintext auth (require using SSL) in that case though you will
neeed to know the user DN.
Simo.
So if a user logs in when his password is expired,
Dan Scott wrote:
Hi,
On Wed, Oct 6, 2010 at 11:32, Simo Sorcesso...@redhat.com wrote:
On Wed, 6 Oct 2010 10:26:48 -0400
Dan Scottdanieljamessc...@gmail.com wrote:
Hi,
I have master and slave FreeIPA servers. I recently upgraded the slave
by wiping, re-installing Fedora 13 and re-creating
Rob Crittenden wrote:
Miljan Karadzic wrote:
Hi,
I am having problems configuring Solaris 10 client to work with FreeIPA
v2 server. Everything seems to be working fine except for password
change. When I try to change the password I get this error:
$ kpasswd
kpasswd: Changing password for u
Rob Crittenden wrote:
Uzor Ide wrote:
We have a network that relies on kerberos, 389-ds, bind and nfs4. I am
currently testing out the freeipa version 2 to see if we can use it to
consolidate the various configuration into one interface. For the most
part it works great apart from the obvious
luis lugo wrote:
Hi all,
I have problem with freeipa 1.2.2 on fedora 14, when I add new users and
use id command to view the numeric user and group ID get id: No such
user, the same thing with getent passwd no info about new users, but
with ipa-finduser commando get the user information . Help
Geerten Schram wrote:
Hi All,
When running ipa-server-install from ipa-server-2.0.0.pre1-0.fc14.x86_64 I get
an error (see list1 and ipserver-install.log). I just don't get it. When I run
the pkisilent command by hand I get
Ian Stokes-Rees wrote:
Hello,
We have a deployment of IPA that we have been using successfully for 185
days. We are 3 days past the half year mark, and the self-signed cert
that was created with the original IPA install (FreeIPA v2 alpha) has
expired. I have created a new self-signed cert,
Ian Stokes-Rees wrote:
Just so I have the full context, where did the original self-signed
cert come from? The initial cert should have been good for 12 months
so I'm a little confused. Do you know where the initial certificate
came from?
I have to plead ignorance, since it was our regular
Ian Stokes-Rees wrote:
Some more info:
1. certmonger wasn't running, so I started it. Then I can execute
ipa-getcert list but it doesn't return anything.
Ok, your install must have pre-dated our implementation of it.
2. /var/log/ipa/default.log (the only log file in that dir) appears to
Ian Stokes-Rees wrote:
Rob,
Thanks for your most recent comments. I'm not sure if I should try these
*before* or *after* the steps described in the 5:32 EST email.
Ian
I think roll back the time to the 15th, disable SSL in 389-ds and bring
the servers back up. Then follow the instructions
Jeff B wrote:
I'm trying to test out migration from an Apple Open Directory Server
to FreeIPA (unstable) The command I'm running is:
ipa config-mod --enable-migration=true
ipa -d migrate-ds --user-container='cn=users,dc=xxx,dc=,dc=com'
--group-container='cn=groups,dc=xxx,dc=,dc=com'
Jeff B wrote:
The Apple Open Directory uses kerberos so they aren't readable as the
rood dn either. the password fields all have the same token:
KioqKioqKio=
I wasn't expecting to be able to import passwords so I thought I could
run an import as an anonymous bind.
I'll try again with a bind
To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
Release Candidate 1 release of freeIPA 2.0 server [1].
* Binaries are available for F-14 and F-15 [2].
* Please do not hesitate to share feedback,
Peter Doherty wrote:
Hello, I'm running Fedora 14 and freeipa 1.2.2-6
Can I create a new cn/nsContainer (cn=subgroup,dc=example,dc=com)
and then create an account that can edit that cn as much as they want,
but can't edit the other ones (ie: accounts, groups...)?
Any pointers to documentation
Steven Jones wrote:
Is there a series of RPMS I can download?
ie can someone tell which ones I need for the server and which ones I
need for the client and in what order I install? I can get the rpms off
the store, just not via yum as the repo is dead for meeither its a
remote issue, or our
tomasz.napier...@allegro.pl wrote:
Hi,
Although I was very happy with FreeIPA on F12, due to compliance issues I had
to upgrade our master server from F12 to F13. I tried several methods, and only
yum upgrade was semi succesful.
After upgrade 389 seems to be running fine, with one exception:
tomasz.napier...@allegro.pl wrote:
On 2011-02-21, at 15:36, Rob Crittenden wrote:
tomasz.napier...@allegro.pl wrote:
Hi,
Im sure I read about it somwhere, but I can't find any references now.
Is it possible to change IP addres of master server? If so, is ot matter of
changing system IP
Steven Jones wrote:
I have just built these 2 fed14 to act as a server and client and run
yum updateso they should be as closely sync'd as possible...
=client===
[root@fed14-64-ipacl01 ~]# ipa-client-install
Discovery was successful!
Realm: IPA.AC.NZ
DNS Domain:
-0500, Rob Crittenden wrote:
Steven Jones wrote:
I have just built these 2 fed14 to act as a server and client and run
yum updateso they should be as closely sync'd as possible...
=client===
[root@fed14-64-ipacl01 ~]# ipa-client-install
Discovery was successful!
Realm
Steven Jones wrote:
Hi,
How do I tell?
ie what are the package names?
but apart from that both are yum updated from the same repo, so this
means your repo is probably the problem
On the client: rpm -q freeipa-client
On the server: rpm -q freeipa-server
regards
On Mon, 2011-02-28 at
To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
Release Candidate 2 release of freeIPA 2.0 server [1].
* Binaries are available for F-14 and F-15 [2].
* Please do not hesitate to share feedback,
Steven Jones wrote:
Im getting a pycurl error 6so every few hours the errors change
I don't know if the pycurl errors are equivalent to the curl errors but
in curl error 6 means couldn’t resolve host.
You might try: yum clean all
I tried the repo myself and was able to install rc2
?
$ ldapsearch -x -s one -b cn=masters,cn=ipa,cn=etc,dc=ipa,dc=ac,dc=nz dn
$ hostname
$ cat /etc/sysconfig/network (there should be only one HOSTNAME)
thanks
rob
regards
On Tue, 2011-03-01 at 16:10 -0500, Rob Crittenden wrote:
Steven Jones wrote:
Im getting a pycurl error 6so every few
Steven Jones wrote:
I think it is a mismatch between what we've stored as the hostname and
the hostname of the machine.
Can you look at the output of these commands and see if the hostname is
the same between them all?
$ ldapsearch -x -s one -b cn=masters,cn=ipa,cn=etc,dc=ipa,dc=ac,dc=nz dn
Steven Jones wrote:
Hi,
Yepthat is the issueI put it in, rebooted, worked, took it out
rebooted, didnt work, put it back in rebooted and it worked again.
Wonders of a gui setupnormally I do it by hand and do a FQDNI
assumed because it was short form in the file that is the way
Sayid Munawar wrote:
Dear,
I have successfully installed freeipa-server 2 rc2. and create some test
user and tested machine enrollment. now, what i want to do next is sync
all my windows 2008r2 AD accounts. i've got already get the cert needed,
and tested it with ldapsearch tools in the same
Steven Jones wrote:
8
starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
[21/27]: adding replication acis
[22/27]: initializing group membership
[23/27]: adding
Steven Jones wrote:
I appear to have IPA running, I have run the install client on a fed14
KVM guest and that guest is in the IPA system, however the users in IPA
cannot authenticate via IPA and get onto the client. There appears to
be traffic to port 389, so I assume its almost workingbut
Simo Sorce wrote:
On Fri, 4 Mar 2011 15:16:36 +1300
Steven Jonessteven.jo...@vuw.ac.nz wrote:
Hi,
Americans are funny ppl they put the date format as month then
day.the problem is in the real world, its day then month
So I have registered 1 client and 2 ipa masters as of 4th march
Dmitri Pal wrote:
On 03/03/2011 02:53 PM, Steven Jones wrote:
8
I have no idea, Im trying to follow the ipa document (version 0.5)so
if it says do something I try and do itif it doesnt say do something
wellit doesnt get done as I cant mind read.
What I want is encrypted
Steven Jones wrote:
Hi,
Log,
The error is Host is already joined so no keytab is requested. The
enrollment failed.
ipa-client-install --uninstall should unenroll the client (you can
verify that Keytab is False in ipa host-show client_fqdn on the IPA
server.
If so running
Steven Jones wrote:
Ok,
However I cant LDAP/Ipa authenticate stillon either client..
So what next?
sssd handles logins, you can try turning up the log level on that
(though I suspect it wasn't the reboot that fixed this but restarting sssd).
As part of ipa-client-install sssd
1 - 100 of 1927 matches
Mail list logo