Hi,
I updated my IPA test servers last night without a problem. I have only the
default Fedora 14 repo
+ Fedora 14 updates-testing repo and the Freeipa-devel repo enabled on my IPA
test servers.
Rgds,
Siggi
On Tue, March 1, 2011 01:32, Steven Jones wrote:
I have tried to download the
Hi,
Is there a roadmap for when version 2 of IPA is expected to be seen in RHEL?
Regards,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 03/13/2011 08:35 PM, Simo Sorce wrote:
On Fri, 11 Mar 2011 21:31:50 +0100
Sigbjørn Liesigbj...@nixtra.com wrote:
On 03/11/2011 09:15 PM, Dmitri Pal wrote:
On 03/11/2011 03:00 PM, Sigbjørn Lie wrote:
Hi,
I just upgraded my FreeIPA @ F14 to 2.0.0.rc3, and attempted to
add a sync
Hi,
I just did a fresh installation of FreeIPA 2 on a host called ipa1,
created a replica on a second server called ipa2. I then created a
winsync replica to an AD domain on the ipa1 host.
I noticed that I forgot the --win-subtree option and decided to delete
the replication agreement:
#
On 03/21/2011 02:31 PM, Simo Sorce wrote:
On Sun, 20 Mar 2011 18:28:12 +0100
Sigbjorn Liesigbj...@nixtra.com wrote:
Hi,
I just did a fresh installation of FreeIPA 2 on a host called ipa1,
created a replica on a second server called ipa2. I then created a
winsync replica to an AD domain on
Hi,
Using --gidnumber when adding a new user with ipa user-add does not
seem to have any effect. A gid number with the same value as what I
specify in with the --uid parameter is chosen.
I presume this is not the way user-add is intended to work?
# ipa user-add mysql14 --first=MySQL
Hi,
I have written some scripts for migration from NIS/local files to IPA.
They will import the passwd, group, netgroup, and hosts maps.
This is the first version, be aware of bugs. :)
Please read the README file before using.
You can download them from here if you are interested:
Done, thanks.
Rgds,
Siggi
On Mon, March 28, 2011 15:49, Dmitri Pal wrote:
On 03/28/2011 09:26 AM, Sigbjorn Lie wrote:
Hi,
We're using the ethers table in NIS today to generate DHCP config files for
clients to we can
send different TFTP,DNS,etc options to different clients depening
I open a request in
bugzilla?
Rgds,
Siggi
On 03/28/2011 04:56 PM, Dmitri Pal wrote:
On 03/28/2011 10:50 AM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Fantastic! Thanks. I will update my scripts.
Is there any downside to doing this?
One thing I should warn you of though that we've run
In rc2 we had to make a change to the OID used for some operations
because they were duplicated. The OID for the ipa-getkeytab operation was one
of them, so older
clients don't work with newer servers. IIRC the EL6 ipa-client was based on
the alpha 3 release.
I attached a patch that
On 04/04/2011 03:43 PM, Dmitri Pal wrote:
On 04/03/2011 05:41 PM, Sigbjorn Lie wrote:
According to Red Hat Network it does:
ipa-server-2.0.0-16.el6.x86_64
https://rhn.redhat.com/rhn/software/packages/details/Overview.do?pid=619857
Red Hat Enterprise Linux Server Beta (v. 6 for 64-bit
On 04/04/2011 08:32 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 04/04/2011 06:22 PM, Sigbjorn Lie wrote:
On 04/04/2011 03:43 PM, Dmitri Pal wrote:
On 04/03/2011 05:41 PM, Sigbjorn Lie wrote:
According to Red Hat Network it does:
ipa-server-2.0.0-16.el6.x86_64
https://rhn.redhat.com
On 04/04/2011 09:00 PM, Dmitri Pal wrote:
On 04/04/2011 10:34 AM, Sigbjorn Lie wrote:
On Mon, April 4, 2011 04:58, Simo Sorce wrote:
On Mon, 28 Mar 2011 15:43:18 +0200 (CEST)
Sigbjorn Liesigbj...@nixtra.com wrote:
On Mon, March 28, 2011 15:24, Dmitri Pal wrote:
On 03/28/2011 09:01 AM
On 04/04/2011 09:36 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 03:06 PM, Dmitri Pal wrote:
On 04/04/2011 03:01 PM, Sigbjorn Lie wrote:
I also noticed that in /etc/sssd/sssd.conf the ipa server is specified
with:
ipa_server = _srv_, ipa01
On 04/04/2011 10:12 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 03:52 PM, Sigbjorn Lie wrote:
On 04/04/2011 09:36 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 03:06 PM, Dmitri Pal wrote:
On 04/04/2011
On 04/05/2011 01:25 AM, Kevin Unthank wrote:
On 04/04/2011 12:06 PM, Dmitri Pal wrote:
On 04/04/2011 03:01 PM, Sigbjorn Lie wrote:
On 04/04/2011 08:32 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 04/04/2011 06:22 PM, Sigbjorn Lie wrote:
On 04/04/2011 03:43 PM, Dmitri Pal wrote
On 04/05/2011 01:25 AM, Kevin Unthank wrote:
On 04/04/2011 12:06 PM, Dmitri Pal wrote:
On 04/04/2011 03:01 PM, Sigbjorn Lie wrote:
On 04/04/2011 08:32 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 04/04/2011 06:22 PM, Sigbjorn Lie wrote:
On 04/04/2011 03:43 PM, Dmitri Pal wrote
Just to elaborate on Dmitri's comments. In addition to the IPA client
and server packages that are included in the RHEL6.1 beta channel, there
will be a separate RHEL
add-on channel, Enterprise Identity Replication. That add-on channel will
contain ds-replication
and the Windows sync
mvh,
Sigbjorn Lie
's/windows/unix/g'
- Ubuntu - an African word, meaning Slackware is too hard for me
On Fri, April 8, 2011 01:03, Kevin Unthank wrote:
snip
Just to elaborate on Dmitri's comments. In addition to the IPA client
and server packages that are included in the RHEL6.1 beta
Right, forgot to remove autosignature. :)
See my post at the bottom of my last email.
Rgds,
Siggi
On Fri, April 8, 2011 08:38, Sigbjorn Lie wrote:
mvh, Sigbjorn Lie
's/windows/unix/g'
- Ubuntu - an African word, meaning Slackware is too hard for me
On Fri, April 8, 2011 01:03
On Fri, April 8, 2011 09:48, Natxo Asenjo wrote:
On Fri, Apr 8, 2011 at 8:38 AM, Sigbjorn Lie sigbj...@nixtra.com wrote:
Ok, I do like the wider options for channels in Red Hat, but this bring me
to my next question:
Will there be an extra charge for this add on channel
Hi Kevin,
I requested the add-on replication channel from our RH account rep, however I
was advised they
we're unable to find any IPA Replication channel. Is this channel ready in RHN
yet? If so, what is
the name of this channel?
Rgds,
Siggi
On Thu, April 28, 2011 00:31, Kevin Unthank
On 05/06/2011 04:12 PM, Rob Crittenden wrote:
Steven Jones wrote:
Hi,
Digging through docs / googling I cant see any disk partition
suggestions and size thereof requirements...
Suggestions please? sizing for 500 servers, 2000 desktops, 5000+
users...
Especially around having different
Hi,
I would like to see the ipa client scripts and possibly the admin tools
in a nice Solaris package. This would make my job a lot easier as we
have a lot of customers running Solaris. :)
For the server part I agree with you, keep it at RHEL.
SSSD @ Solaris / HP-UX / AIX ... well there
On Wed, May 11, 2011 14:42, Stephen Gallagher wrote:
On Tue, 2011-05-10 at 23:42 +0200, Sigbjorn Lie wrote:
Hi,
I would like to see the ipa client scripts and possibly the admin tools
in a nice Solaris package. This would make my job a lot easier as we have a
lot of customers
running
nfs4+krb clients? If so, that
should be added to
the script as well.
Rgds,
Siggi
On Wed, May 11, 2011 00:24, Dmitri Pal wrote:
On 05/10/2011 05:42 PM, Sigbjorn Lie wrote:
Hi,
I would like to see the ipa client scripts and possibly the admin
tools in a nice Solaris package. This would
That said we have configuration instructions for other platforms, I am
sure the community can hack-up scripts to use them if instructions are
not enough. We can also host them if someone wants to contribute.
Ok. Let's say I've pre-created the host on the IPA server.
I'm logged on to the
On 05/16/2011 04:25 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 05/16/2011 03:41 PM, Dmitri Pal wrote:
On 05/14/2011 10:46 AM, Sigbjorn Lie wrote:
I've noticed that if the machine running IPA is very busy at startup,
the IPA services will not be online when the machine is started.
I
On 05/16/2011 04:56 PM, Rich Megginson wrote:
On 05/16/2011 08:43 AM, Sigbjorn Lie wrote:
On 05/16/2011 03:52 PM, Simo Sorce wrote:
On Sat, 2011-05-14 at 16:46 +0200, Sigbjorn Lie wrote:
I've noticed that if the machine running IPA is very busy at startup,
the IPA services will not be online
On 05/17/2011 07:24 PM, Rich Megginson wrote:
On 05/17/2011 06:40 AM, Sigbjorn Lie wrote:
On 05/16/2011 04:56 PM, Rich Megginson wrote:
On 05/16/2011 08:43 AM, Sigbjorn Lie wrote:
On 05/16/2011 03:52 PM, Simo Sorce wrote:
On Sat, 2011-05-14 at 16:46 +0200, Sigbjorn Lie wrote:
I've noticed
That used to be true, but it's been a lot higher for some time now.
Linux has had 32-bit integers for UID/GID since Linux kernel 2.4, and
Solaris has had the same since Solaris 2.5.1.
I can't speak for other *nix flavours.
Rgds,
Siggi.
On 05/23/2011 11:09 PM, Steven Jones wrote:
um so I
Hi,
I've connected and used IPA successfully with Ubuntu 10.04, 10.10, and
11.04. NFS4+KRB successfully in 10.10 and 11.04.
Install the packages below, substitute libpam-ldap for libpam-ldapd if
you prefer PADL's ldap liberary which can use groups within groups for
user accounts. ldapld
If you prefer you can use something like CFengine to automate the whole
process.
Rgds,
Siggi.
On 06/09/2011 07:21 PM, Sigbjorn Lie wrote:
Hi,
I've connected and used IPA successfully with Ubuntu 10.04, 10.10, and
11.04. NFS4+KRB successfully in 10.10 and 11.04.
Install the packages below
Hi,
I have successfully configured one IPA replica, now I'm trying to
configure a second replica, but I'm not having much success. I've
attached the output of ipa-replica-install -d. I get as far as [4/11]:
configuring certificate server instance. The machine is configured in
the same way as
On 06/13/2011 04:12 PM, Simo Sorce wrote:
On Mon, 2011-06-13 at 15:23 +0200, Sigbjorn Lie wrote:
Hi,
I have successfully configured one IPA replica, now I'm trying to
configure a second replica, but I'm not having much success. I've
attached the output of ipa-replica-install -d. I get as far
On 06/13/2011 04:41 PM, Ade Lee wrote:
Hi,
The replica installation is failing when the replica attempts to contact
the CA on the master to log into the security domain. According to your
log, this is https://ipa01.ix.test.com:9445
Can the master be resolved and reached from the replica? Can
On 06/13/2011 07:06 PM, Adam Young wrote:
On 06/13/2011 12:20 PM, Sigbjorn Lie wrote:
Hi,
How come I cannot see multiple records for the same host in the WEB
GUI? I can see the records when I'm using the CLI.
This goes for multiple A records for the same hostname, but also if a
hostname
On 06/13/2011 07:24 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 06/13/2011 04:41 PM, Ade Lee wrote:
Hi,
The replica installation is failing when the replica attempts to
contact
the CA on the master to log into the security domain. According to your
log, this is https://ipa01
On 06/13/2011 06:55 PM, Stephen Gallagher wrote:
On Mon, 2011-06-13 at 17:29 +0200, Sigbjorn Lie wrote:
On 06/13/2011 04:41 PM, Ade Lee wrote:
Hi,
The replica installation is failing when the replica attempts to contact
the CA on the master to log into the security domain. According to your
Hi,
Has anyone had success using IPA's LDAP as address book for Thunderbird?
I've tried configring IPA's LDAP as Abook for Thunderbird. As far as I
can see all the required attributes are there and mapped correctly out
of the box with Thunderbird 3.1, but I cannot get any names looked up.
On Tue, June 28, 2011 20:14, Natxo Asenjo wrote:
On Tue, Jun 28, 2011 at 6:35 PM, Sigbjorn Lie sigbj...@nixtra.com wrote:
In my NexentaStor configuration, the NFS service is using FreeIPA
(nss_ldap+krb5), and the CIFS
service is using Active Directory (nss_ad) for user authentication
Hi,
From:
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/sudo.html
Compatibility Translation for Native Sudo
The native |sudo| binary does not yet support SSSD or the IPA Sudo
Schema. As an interim solution, IPA has implemented a compatibility
plug-in which
Hi,
I had a similar problem. For me the
/etc/dirsrv/slapd-IX-TEST-COM/dse.ldif file was suddenly 0 bytes long. I
recovered by restoring a copy of the dse.ldif.bak file in the same folder.
I was under the impression that this was my own fault due to continuous
power cuts to my test bench,
Hi,
I've just updated to FreeIPA 2.1.0. I disabled SELinux on this machine
(Fedora 15) when I installed IPA, as there was a bug with IPA's SELinux
ruleset, which made the ipa-server-install script fail.
That decision seem to be biting my ass now, I get the following error
message:
Ah, excellent. Thanks. :)
Rgds,
Siggi
On 08/19/2011 07:17 PM, Ade Lee wrote:
Siggi,
The fix for this has already been checked into the dogtag code. We'll
have a new build out (for pki-ca) probably sometime next week.
Ade
On Fri, 2011-08-19 at 12:57 -0400, Rob Crittenden wrote:
Sigbjorn
Hi,
IPA Automount configuration: Is it possible to reference an automount
map from another location? E.g. under Policy - Automount - Add map -
Parent Map: reference to other location.auto.data
Example: Let's say you have the following automount locations defined in
IPA: NewYork, Washington,
Hi,
I receive an error when I attempt to go to Policy - Automount -
custom_location - Settings - Update:
IPA Error 905
unknown command u'automountlocation_mod'
Indeed the command is not available using the CLI either. A known issue?
Also, when choosing Add to add a map, the Indirect map
On 08/22/2011 10:02 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I receive an error when I attempt to go to Policy - Automount -
custom_location - Settings - Update:
IPA Error 905
unknown command u'automountlocation_mod'
Indeed the command is not available using the CLI either
On 08/23/2011 12:04 AM, Dmitri Pal wrote:
On 08/22/2011 04:48 PM, Sigbjorn Lie wrote:
On 08/22/2011 10:02 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I receive an error when I attempt to go to Policy - Automount -
custom_location - Settings - Update:
IPA Error 905
unknown
On 08/23/2011 12:06 AM, Dmitri Pal wrote:
On 08/22/2011 03:44 PM, Sigbjorn Lie wrote:
Hi,
IPA Automount configuration: Is it possible to reference an automount
map from another location? E.g. under Policy - Automount - Add map
- Parent Map:reference to other location.auto.data
Example
On Mon, September 5, 2011 00:08, Steven Jones wrote:
Hi,
From evaluation purposes I am looking to write test cases to evaluate
authentication products
so here is one I am thinking of.
From what I can see of IPA it would be fairly easy to implement centrally?
Lets say I have four
Hi,
I attempt a login with a user account that's being denied access to the
host via HBAC, I receive the following generic error message.
Sep 6 20:02:03 ipa01 sshd[11592]: pam_sss(sshd:account): Access denied
for user username: 4 (System error)
Would it be an idea to change this to
On 09/06/2011 08:37 PM, Stephen Gallagher wrote:
On Tue, 2011-09-06 at 20:04 +0200, Sigbjorn Lie wrote:
Hi,
I attempt a login with a user account that's being denied access to the
host via HBAC, I receive the following generic error message.
Sep 6 20:02:03 ipa01 sshd[11592]: pam_sss
On 09/06/2011 09:08 PM, Stephen Gallagher wrote:
On Tue, 2011-09-06 at 20:58 +0200, Sigbjorn Lie wrote:
On 09/06/2011 08:37 PM, Stephen Gallagher wrote:
On Tue, 2011-09-06 at 20:04 +0200, Sigbjorn Lie wrote:
Hi,
I attempt a login with a user account that's being denied access to the
host via
I have received this errata for RHEL5, but not RHEL6. Has the issue been fixed
in RHEL 6 as well?
Rgds,
Siggi
-Original Message-
From: Red Hat Network Alert [mailto:dev-n...@rhn.redhat.com]
Sent: 15. september 2011 09:58
To: Sigbjørn Lie
Subject: RHN Errata Alert: ipa-client bug
Hi,
Is there a custom script hook for when a user account is added using
either the cli, webui, or the winsync module?
I have a custom script I run when creating a user account, and having
this run automatically by IPA would make my life a lot easier.
Regards,
Siggi
On 09/15/2011 09:59 PM, Dmitri Pal wrote:
On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
Hi,
Is there a custom script hook for when a user account is added using
either the cli, webui, or the winsync module?
I have a custom script I run when creating a user account, and having
this run
On 09/16/2011 07:35 AM, Dmitri Pal wrote:
On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
On 09/15/2011 09:59 PM, Dmitri Pal wrote:
On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
Hi,
Is there a custom script hook for when a user account is added using
either the cli, webui, or the winsync module
On 09/16/2011 01:53 PM, Simo Sorce wrote:
On Fri, 2011-09-16 at 11:29 +0300, Alexander Bokovoy wrote:
On Fri, 16 Sep 2011, Dmitri Pal wrote:
On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
On 09/15/2011 09:59 PM, Dmitri Pal wrote:
On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
Hi
On 09/16/2011 02:45 PM, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Fri, 16 Sep 2011, Simo Sorce wrote:
As a proof of concept sounds nice, but as is this would be bad, as
changes to /etc/ipa/server.conf are not replicated through all masters.
So a change on one server would require
On 09/16/2011 05:59 PM, Dmitri Pal wrote:
On 09/16/2011 11:34 AM, Sigbjorn Lie wrote:
On 09/16/2011 07:35 AM, Dmitri Pal wrote:
On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
On 09/15/2011 09:59 PM, Dmitri Pal wrote:
On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
Hi,
Is there a custom script
On 09/16/2011 05:19 PM, Johan Sunnerstig wrote:
Hello.
I'm wondering if anyone has used FreeIPA with Debian clients, and if
so, what client software you opted to use?
Right now I have nss-pam-ldapd
(http://arthurdejong.org/nss-pam-ldapd/) and the MIT-based krb
software that's included in
On 09/16/2011 10:29 AM, Alexander Bokovoy wrote:
On Fri, 16 Sep 2011, Dmitri Pal wrote:
On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
On 09/15/2011 09:59 PM, Dmitri Pal wrote:
On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
Hi,
Is there a custom script hook for when a user account is added using
Hi,
When a client is re-installed and the ipa-client-install script is run,
the kerberos host keytab /etc/krb5.keytab is not retreived and placed on
the client. Why?
If I unprovision the host before reinstalling the client and running
ipa-client-install, a new keytab is placed on the
Hi,
I have a host that refuses to be modified or deleted. I get the same
error from the webui and the cli. I am using F15, FreeIPA 2.1.1 + all
updates from the updates repository. I cannot find any error in any log.
I have tried to reboot my ipa servers. All services seem to be running
and
On 09/25/2011 11:49 PM, Sigbjorn Lie wrote:
Hi,
I have a host that refuses to be modified or deleted. I get the same
error from the webui and the cli. I am using F15, FreeIPA 2.1.1 + all
updates from the updates repository. I cannot find any error in any
log. I have tried to reboot my ipa
My systems are updated (RHEL5/6 and Fedora 15) to latest available version from
the respective
repositories. And I have no issues with libcurl.
I noticed updates from RHN a few weeks back. My current RHEL6 pkg:
libcurl-7.19.7-26.el6_1.2.x86_64.
Rgds,
Siggi
On Mon, September 26, 2011
On 09/26/2011 12:01 AM, Sigbjorn Lie wrote:
On 09/25/2011 11:49 PM, Sigbjorn Lie wrote:
Hi,
I have a host that refuses to be modified or deleted. I get the same
error from the webui and the cli. I am using F15, FreeIPA 2.1.1 + all
updates from the updates repository. I cannot find any error
On 09/27/2011 12:34 AM, Dmitri Pal wrote:
On 09/25/2011 05:49 PM, Sigbjorn Lie wrote:
Hi,
I have a host that refuses to be modified or deleted. I get the same
error from the webui and the cli. I am using F15, FreeIPA 2.1.1 + all
updates from the updates repository. I cannot find any error
On 09/27/2011 09:54 PM, Sigbjorn Lie wrote:
On 09/27/2011 12:34 AM, Dmitri Pal wrote:
On 09/25/2011 05:49 PM, Sigbjorn Lie wrote:
Hi,
I have a host that refuses to be modified or deleted. I get the same
error from the webui and the cli. I am using F15, FreeIPA 2.1.1 +
all updates from
On 09/27/2011 10:46 PM, Simo Sorce wrote:
On Tue, 2011-09-27 at 22:22 +0200, Sigbjorn Lie wrote:
On 09/27/2011 09:54 PM, Sigbjorn Lie wrote:
On 09/27/2011 12:34 AM, Dmitri Pal wrote:
On 09/25/2011 05:49 PM, Sigbjorn Lie wrote:
Hi,
I have a host that refuses to be modified or deleted. I get
On 09/28/2011 03:33 AM, Adam Young wrote:
After talking with the PKI developer that is fixing this, I found out
that one other file needs to be modified:
/var/lib/pki-ca/conf/CS.cfg
http.port=8080
https.port=8443
On 09/27/2011 07:55 PM, Adam Young wrote:
Siggi,
This is my comment in
On 09/28/2011 11:35 PM, Adam Young wrote:
On 09/28/2011 05:03 PM, Sigbjorn Lie wrote:
On 09/28/2011 03:33 AM, Adam Young wrote:
After talking with the PKI developer that is fixing this, I found
out that one other file needs to be modified:
/var/lib/pki-ca/conf/CS.cfg
http.port=8080
On 09/28/2011 11:36 PM, Ade Lee wrote:
Cross-posting to freeipa-users.
In addition, Adam determined that the following dirctives need to be
enabled in /etc/httpd/conf.d/nss.conf :
NSSRenegotiation on
NSSRequireSafeNegotiation on
Ade
I have manually verified the files from reading your
Hi,
I have just installed RHEL 6.2 beta, with ipa-server-2.1.1-4.el6.x86_64. I have
installed firefox
locally on the ipa server, for testings sake.
I ran kinit, got a kerberos ticket. Started firefox, and followed the first
time user
instructions. Installing the cert worked fine. However when
Hi,
What's happened with the option for default shell under ipa server -
configuration in the webui?
This seem to be missing?
I can still see and change the value for default shell using the CLI.
Regards,
Siggi
___
Freeipa-users mailing list
Hi,
What is your recommendations for avoiding incompatability with future upgrades
of IPA if extending
the dirsrv schema and adding custom objects to the LDAP server is required?
What considerations
and precautions should be taken?
Such as adding RBAC support for Solaris clients...
Hi,
When I attempt to create a automember rule, I get an error message ipa:
ERROR: Auto Membership is not configured.
[root@ipa01 ~]# ipa automember-add --type=group s_serviceaccounts
ipa: ERROR: Auto Membership is not configured
[root@lieipa01 ~]# ipa group-add --desc=Developers devel
On Mon, October 17, 2011 09:42, Martin Kosek wrote:
On Sun, 2011-10-16 at 22:55 +0200, Sigbjorn Lie wrote:
Hi,
When I attempt to create a automember rule, I get an error message ipa:
ERROR: Auto Membership is not configured.
[root@ipa01 ~]# ipa automember-add --type=group
For the stable version I suppose you have to wait for CentOS 6.2, after RHEL
6.2 is out. At the
moment even CentOS 6.1 hasn't been released, so I thin it will be a while.
Have a look at Scientific Linux instead: http://www.scientificlinux.org/
They're already got a 6.1 release with updated pkgs
Hi,
Has there been given any thought to the concept of sites within IPA to
improve cross-site implementations? This should be easy to implement as
you are already using DNS SRV records to locate the ldap/kerberos servers.
E.g.
Site: Boston
Site: London
Create a subdomain of the IPA dns
...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Sigbjorn
Lie [sigbj...@nixtra.com]
Sent: Thursday, 20 October 2011 8:14 a.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] The concept of sites...
Hi,
Has there been given any thought to the concept of sites within
On Wed, October 19, 2011 21:27, Simo Sorce wrote:
On Wed, 2011-10-19 at 15:24 -0400, Dmitri Pal wrote:
On 10/19/2011 03:14 PM, Sigbjorn Lie wrote:
Hi,
Has there been given any thought to the concept of sites within IPA to
improve cross-site implementations? This should be easy
only one winsync agreement?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Sigbjorn Lie [sigbj...@nixtra.com]
Sent: Thursday, 20 October 2011 9:11 a.m.
To: Steven Jones
Cc
/1032
On 10/19/2011 10:25 PM, Sigbjorn Lie wrote:
The London/newyork dns sub-domains would be used for looking up srv records
for the local
kerberos/ldap servers only. The actual domain configured on the client and
the kerberos and LDAP
base would still be the ipa.domain.com.
Sync with AD
Hi,
I've updated to freeipa-server-2.1.3-2.fc15.x86_64.
There is no hosts showing as enrolled in the webui. In the CLI hosts are
reported to have a keytab. Is this a known issue?
Rgds,
Siggi
PS. KUDOS on the speed of lookups! MASSIVE improvement both in the CLI
and in the WEBUI!!!
On 10/21/2011 08:15 PM, Adam Young wrote:
On 10/21/2011 02:04 PM, Sigbjorn Lie wrote:
Hi,
I've updated to freeipa-server-2.1.3-2.fc15.x86_64.
There is no hosts showing as enrolled in the webui. In the CLI hosts
are reported to have a keytab. Is this a known issue?
Rgds,
Siggi
PS. KUDOS
On 10/21/2011 10:02 PM, Adam Young wrote:
On 10/21/2011 02:29 PM, Sigbjorn Lie wrote:
On 10/21/2011 08:15 PM, Adam Young wrote:
On 10/21/2011 02:04 PM, Sigbjorn Lie wrote:
Hi,
I've updated to freeipa-server-2.1.3-2.fc15.x86_64.
There is no hosts showing as enrolled in the webui. In the CLI
Hi,
What is the minimum required access for the account specified when creating a
winsync agreement
with a Windows 2008 Active Directory?
Regards,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
On 10/25/2011 05:18 PM, Rich Megginson wrote:
On 10/25/2011 08:52 AM, Sigbjorn Lie wrote:
Read and write to the subtree I'm attempting to sync, or the whole AD?
Could you elaborate on the replicator rights topic please? I cannot
remember having seen this in
Active Directory?
See
http
On 10/24/2011 04:01 PM, Dmitri Pal wrote:
On 10/24/2011 09:32 AM, Adam Young wrote:
On 10/21/2011 07:05 PM, Sigbjorn Lie wrote:
On 10/21/2011 10:02 PM, Adam Young wrote:
On 10/21/2011 02:29 PM, Sigbjorn Lie wrote:
On 10/21/2011 08:15 PM, Adam Young wrote:
On 10/21/2011 02:04 PM, Sigbjorn
We decided to back away from trying to provide central RBAC. Our
experience with multiple projects revealed that there is no one size fits all
solution regarding
RBAC. But we were talking about geral Role
base access control model not specific RBAC as Solaris implemented it. The
Solaris
On Wed, November 9, 2011 21:02, Boris Epstein wrote:
On Wed, Nov 9, 2011 at 2:56 PM, Sigbjorn Lie sigbj...@nixtra.com wrote:
On Wed, November 9, 2011 20:27, Stephen Gallagher wrote:
On Wed, 2011-11-09 at 14:23 -0500, Boris Epstein wrote:
So what OS would not be too old to run FreeIPA
Hi,
I notice that when sssd is configured to update DNS, it's only updating
the DNS forward zone, it's not updating the DNS reverse zone. And I
cannot find any option for enabling updating of the reverse dns zone.
Have I missed something? Or is updating the reverse zone not supported?
On 11/12/2011 03:55 PM, Sigbjorn Lie wrote:
Hi,
I notice that when sssd is configured to update DNS, it's only
updating the DNS forward zone, it's not updating the DNS reverse zone.
And I cannot find any option for enabling updating of the reverse dns
zone.
Have I missed something
On 11/13/2011 02:48 PM, Simo Sorce wrote:
On Sat, 2011-11-12 at 15:55 +0100, Sigbjorn Lie wrote:
Hi,
I notice that when sssd is configured to update DNS, it's only updating
the DNS forward zone, it's not updating the DNS reverse zone. And I
cannot find any option for enabling updating
On 11/14/2011 04:33 PM, Dmitri Pal wrote:
On 11/11/2011 05:12 PM, Boris Epstein wrote:
Hello all,
The question is in the subject. Is there an established reliable way
of doing that?
Thanks.
Boris.
___
Freeipa-users mailing list
On 11/16/2011 01:09 PM, Stephen Gallagher wrote:
On Tue, 2011-11-15 at 16:51 -0500, Boris Epstein wrote:
Just tried to install sssd from the above repo.
There's only packages for the old 10.04 lucid and
On 11/21/2011 10:52 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 11/21/2011 10:21 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I want to integrate a kickstart tool written in PHP to add hosts to an
IPA server.
I found the IpaApi, but there does not seem to be a host_add function
On 11/22/2011 10:01 PM, Stephen Gallagher wrote:
On Tue, 2011-11-22 at 15:01 -0500, Dmitri Pal wrote:
On 11/22/2011 02:46 PM, Sigbjorn Lie wrote:
...
I get the following error messages in the log, once a day. It seem
like the ticket expires before it's renewed. Has anyone else seen
1 - 100 of 265 matches
Mail list logo