Is there read-only replica support in freeipa? The use case is a dmz.
Thanks...
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
' is reported to us as
service: su-l.
My assumption is that SSSD's HBAC simply treats that as canonical.
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor
rebuild of
python for Fedora 14. This one uses Python 2.6 and should install
cleanly on Fedora 13.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version
). If not, then we should slip into
compatibility mode where we will search all groups for member=userdn
Does this seem sensible?
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor
this in
the real world.
Please try the build available at
http://koji.fedoraproject.org/koji/taskinfo?taskID=2351272 (it will
only be available for about two weeks from today)
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors
' to the
[domain/default] section.
After that, you can follow the instructions here: http://bit.ly/e1oMYe
for setting up a host keytab for SSH single-sign-on.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http
in
Fedora 15. So it's probably safe to assume that 2.0 is not several
years away. I'd say we're looking at weeks, not months or years at this
point.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com
ballpark us at nearly
about 95% now.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora
and are
enrolled with FreeIPA, then they can automatically update their DNS
entries by using the
ipa_dyndns_update = True
setting in sssd.conf
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor
in keytab
[default]
Well, here's your problem. The SSSD isn't starting up successfully
because you don't have a host principal for this server in your
/etc/krb5.keytab file. This was probably a bug in the ipa-client-install.
What does
klist -k /etc/krb5.keytab
return to you?
- --
Stephen
'setenforce 0'. This will set SELinux into permissive
mode. It will still report SELinux errors, but it won't prevent the
functionality. Please keep an eye on any such errors and report them to us.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 03:52 PM, Sigbjorn Lie wrote:
On 04/04/2011 09:36 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 03:06 PM, Dmitri Pal wrote:
On 04/04/2011 03:01 PM, Sigbjorn Lie wrote:
I also noticed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 04:20 PM, Sigbjorn Lie wrote:
On 04/04/2011 10:12 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 03:52 PM, Sigbjorn Lie wrote:
On 04/04/2011 09:36 PM, Stephen Gallagher wrote:
-BEGIN
a replica or move the FreeIPA
server) since you only have to update DNS instead of every client.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version
, ...
line of the [sssd] section are active.
We leave it in there to be a good citizen (in case it actually was
configured previously). That way we don't wipe out any settings that the
user may have had in it.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks
I'm trying to register the ipa directory server with
register-ds-admin.pl so that I may use the ds-console to view the
directory. As I see that the ipa portion of the directory is meant to
be managed by ipa, I don't intend on touching that part of the tree.
However, it would be really nice to be
-- Forwarded message --
From: Stephen Ingram sbing...@gmail.com
Date: Fri, Apr 8, 2011 at 2:02 PM
Subject: Re: [Freeipa-users] packages for Fedora 14
To: d...@redhat.com
I installed the rc2 version and used the f14-testing repo to
accommodate. Would this work for v2 or has dogtag
This question might be better posed on a general directory server
list, however, as ipa obviously contains very sensitive data, I'm
curious as to what ipa users think. Although ipa uses extensive acl's
to shield the most important directory attributes from general view,
it does allow anonymous
I currently maintain a directory with MTA configuration data in it
(among other items). I'm wondering what is the best way to add to the
FreeIPA schema without stepping on current and future schema additions
that might conflict with what I add. I know at one time you were
expecting to add
- Original Message -
From: Sigbjorn Lie sigbj...@nixtra.com
To: Stephen Gallagher sgall...@redhat.com
Cc: freeipa-users@redhat.com
Sent: Wednesday, May 11, 2011 1:51:54 PM
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
On Wed, May 11, 2011 14:42, Stephen Gallagher
out...
regards
From: Stephen Ingram [sbing...@gmail.com]
Sent: Wednesday, 1 June 2011 8:01 a.m.
To: Steven Jones
Subject: Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA
server
I could be wrong on this, but wasn't
I've disabled an account in FreeIPA using the UI and I don't see any
changes in the directory. Are there supposed to be changes there or is
this something that is accomplished in Kerberos? I was hoping to be
able to search the directory for disabled accounts.
Steve
On Sun, 2011-06-12 at 20:44 +, Steven Jones wrote:
If they ever make the bugtrak system useable, I will.
This is not a helpful response. Please file a bug at bugzilla.redhat.com
against either SSSD or pam_krb5 on the appropriate version of Fedora.
Please include the exact behavior you are
On Mon, 2011-06-13 at 17:29 +0200, Sigbjorn Lie wrote:
On 06/13/2011 04:41 PM, Ade Lee wrote:
Hi,
The replica installation is failing when the replica attempts to contact
the CA on the master to log into the security domain. According to your
log, this is https://ipa01.ix.test.com:9445
On Mon, 2011-06-13 at 18:10 -0500, Stamper, Brian P. (ARC-D)[Logyx LLC]
wrote:
Not until I add 1.299 billion users :)
I think you've missed the point a little bit. The reason for the high
UIDs is to solve a problem that most people don't realize yet that they
have.
A VERY common situation is
On Tue, 2011-06-21 at 11:06 -0400, Dan Scott wrote:
Hi,
I'm still running a FreeIPA 1.2 server but have started installing
Fedora 15 clients and am trying to figure out how to manually setup
the Krb/LDAP configuration.
I've run the 'authconfig-tui' command and manually setup Krb
On Tue, 2011-06-21 at 11:31 -0400, Dan Scott wrote:
Hi,
On Tue, Jun 21, 2011 at 11:20, Stephen Gallagher sgall...@redhat.com wrote:
On Tue, 2011-06-21 at 11:06 -0400, Dan Scott wrote:
Hi,
I'm still running a FreeIPA 1.2 server but have started installing
Fedora 15 clients and am
On Tue, 2011-06-21 at 11:58 -0400, Dan Scott wrote:
On Tue, Jun 21, 2011 at 11:37, Stephen Gallagher sgall...@redhat.com wrote:
On Tue, 2011-06-21 at 11:31 -0400, Dan Scott wrote:
Hi,
On Tue, Jun 21, 2011 at 11:20, Stephen Gallagher sgall...@redhat.com
wrote:
On Tue, 2011-06-21
On Tue, 2011-06-21 at 14:41 -0400, Dan Scott wrote:
Excellent! Thanks - that makes much more sense. I've been using
authconfig-tui all this time and had no idea that it was doing things
incorrectly.
One small issue that I found, if I switch on the Use DNS to resolve
hosts to realms
On Thu, 2011-06-23 at 15:26 +0200, Pieter Baele wrote:
My new freeipa installation is working (server + kinit on a host where
I configured krb5.conf manually)
but ipa-client-install gives the typical Kerberos error:
kinit: Client not found in Kerberos database while getting initial
On Thu, 2011-06-23 at 21:17 +, Steven Jones wrote:
Hi,
looking at sssd enforcing the HBAC, is it possible to [easily] or even
possible to achieve the same thing with say openlap or 389?
Right now, the SSSD is making certain assumptions that the server
providing the HBAC rules is an IPA
We discussed today on the FreeIPA status meeting the possibility of
dropping support for DENY rules from the HBAC specification. I'm
submitting it for discussion. Specifically, I'm looking to hear whether
there any any FreeIPA admins out there that have a strong opinion on
whether the DENY rules
On Thu, 2011-07-07 at 23:50 +, Steven Jones wrote:
8.
I thought there was a better alternative to authconfig-tui...
6
I normally type setup, which gives you a splash popup that takes you to
the auth config tool, but that dies silently.doing authconfig-tui
shows you
On Wed, 2011-08-03 at 10:14 -0400, Ian Stokes-Rees wrote:
On 8/3/11 4:47 AM, Ondrej Valousek wrote:
Maybe stupid question, but I have to ask:
Why would anyone want to store user RSA keys in LDAP? Once you have
IPA server with KDC installed, you can use Kerberos for
authentication as
On Wed, 2011-08-03 at 12:21 -0400, Ian Stokes-Rees wrote:
On Wed Aug 3 10:37:45 2011, Stephen Gallagher wrote:
As a general rule, I would think that having your private key stored
somewhere that an admin other than yourself can reset the password and
have access to would be really
On Wed, 2011-08-03 at 14:02 -0400, Ian Stokes-Rees wrote:
On 8/3/11 1:46 PM, Stephen Gallagher wrote:
Well, there exist central storage approaches that don't allow even
the local admin access to the data. The trade-off of course is that
they can't reinstate your access if you forget
On Sat, Aug 6, 2011 at 12:18 PM, Stephen Ingram sbing...@gmail.com wrote:
On Fri, May 6, 2011 at 1:11 PM, Adam Young ayo...@redhat.com wrote:
On 05/06/2011 08:49 AM, Simo Sorce wrote:
On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote:
I currently maintain a directory with MTA
On Tue, 2011-09-06 at 20:58 +0200, Sigbjorn Lie wrote:
On 09/06/2011 08:37 PM, Stephen Gallagher wrote:
On Tue, 2011-09-06 at 20:04 +0200, Sigbjorn Lie wrote:
Hi,
I attempt a login with a user account that's being denied access to the
host via HBAC, I receive the following generic error
I've seen mentioned on this list before that it is better to just
image the entire system as a backup rather than actually try to figure
out where the specific files are that relate to the various components
of IPA. What I'm wondering is what if you want to upgrade the
distribution say from Fedora
On Fri, 2011-09-16 at 14:01 -0400, Simo Sorce wrote:
There is some work being done to make ipa-client -install more cross
platforms, and we also have some contrib scripts, but we do not have a
complete ipa-client-install script for debian based distributions yet.
So you'll have to manually (or
On Tue, 2011-09-20 at 09:59 -0400, Dmitri Pal wrote:
3) After importing users use SSSD in migration mode (special setting in
SSSD config). In this case for any user without kerberos hash who would
log via SSSD the SSSD would connect IPA in a special way and trigger the
Kerberos hash
On Fri, 2011-09-23 at 13:38 -0400, Dan Scott wrote:
Hi,
I've recently upgraded from FreeIPA 1.2 to 2.1. Most things are
working OK, but I have a few problems:
1. I'm unable to login to a new client machine via GDM with my
existing credentials. i.e. I can login on the command line and my
When logging into the FreeIPA UI as a user, most everything is removed
with the exception of the Identity tab and the Users list. Although
I'm guessing that LDAP needs to expose the users list to all users
just as anyone can view the passwd file on any one system, is there a
technical need to
On Mon, 2011-10-03 at 10:03 +0200, Ondrej Valousek wrote:
Just wondering why would anyone want to sync freeIPA and AD - both can
serve Linux systems fine, so if I already have AD, I no longer require
IPA.
My 2 cents...
AD can serve Linux systems with a very limited definition of fine. All
I've successfully used ipa user-mod --setattr to remove custom
attributes that I've added by simply setting the attribute equal to
nothing. However, it does not work in the case of objectclasses since
there are several and the command does not support multiple arguments.
I've seen references to
that multiple
arguments were not supported.
Steve
On Mon, Oct 3, 2011 at 11:48 AM, Rob Crittenden rcrit...@redhat.com wrote:
Stephen Ingram wrote:
I've successfully used ipa user-mod --setattr to remove custom
attributes that I've added by simply setting the attribute equal to
nothing. However
to say quickly remove an objectclass or one of a list of email
addresses.
Steve
On Mon, Oct 3, 2011 at 12:05 PM, Rob Crittenden rcrit...@redhat.com wrote:
Stephen Ingram wrote:
Rob-
I tried that, but I couldn't figure out the correct format:
ipa user-mod --setattr=objectclass=oc1, oc2, oc3
On Tue, 2011-10-04 at 09:32 +0200, Ondrej Valousek wrote:
I have ~50 servers and yes, we are using Centrify now - and yes, it is
pain in the ass (need to take care of the licenses).
But I have found out recently that sssd can do much of the Centrify's
duty (authorization authentication) -
On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote:
Well, small things like sssd can not renew machine credentials /
As Jan said, this is being looked into.
sssd can not detect local site automatically in AD domain (no DC
locator implemented) /
Can you provide more information here?
On Tue, 2011-10-18 at 16:52 +0100, duncan.in...@virginmoney.com wrote:
Just as a pointer here - It would be good if there was ubiquitous
support amongst the browsers. I understand the whole concept behind
we test what we ship with, but we're no longer talking about huge
differences between
On Fri, Nov 4, 2011 at 2:12 PM, Dan Scott danieljamessc...@gmail.com wrote:
ldapsearch -b cn=users,cn=accounts,dc=example,dc=com
((mail=${email_address})(memberOf=cn=usergroup,cn=groups,dc=example,dc=com
-x
In version 2, it looks like the memberOf attributes have been removed
from the user
On Fri, 2011-11-04 at 17:12 -0400, Dan Scott wrote:
Hi,
I've just migrated a couple of servers from FreeIPA 1.2 to 2.1. I'm
almost done. I just have a few custom LDAP searches to migrate.
With the old system, I was trying to look users who are in a
particular group by their email address
On Wed, 2011-11-09 at 12:50 -0500, Boris Epstein wrote:
Hello all,
I am an absolute beginner here... So... I have a machine that only has
512 MB of RAM which is too small to house Fedora. So that machine is
running CentOS 5.6. And now I want to install FreeIPA on it. Has
anybody done it? If
On Wed, 2011-11-09 at 13:46 -0500, Boris Epstein wrote:
On Wed, Nov 9, 2011 at 1:39 PM, Stephen Gallagher sgall...@redhat.com wrote:
On Wed, 2011-11-09 at 12:50 -0500, Boris Epstein wrote:
Hello all,
I am an absolute beginner here... So... I have a machine that only has
512 MB of RAM
On Thu, 2011-11-10 at 23:08 +0100, Sigbjorn Lie wrote:
Hi,
I just installed Fedora 16 and noticed that there now was an option for
using FreeIPA as autentication database. Awesome!
But why the normal ldap/kerberos options that met me when I chose
FreeIPA (see the attachment). I was
On Sun, 2011-11-13 at 19:19 +0100, Sigbjorn Lie wrote:
On 11/13/2011 02:48 PM, Simo Sorce wrote:
On Sat, 2011-11-12 at 15:55 +0100, Sigbjorn Lie wrote:
Hi,
I notice that when sssd is configured to update DNS, it's only updating
the DNS forward zone, it's not updating the DNS reverse
On Tue, 2011-11-15 at 16:51 -0500, Boris Epstein wrote:
Just tried to install sssd from the above repo.
There's only packages for the old 10.04 lucid
I notice there is a 2.1.4 shown in Trac. There have been several
updates since 2.1.3. Will there be another 2.x release before the 3.0
pre-releases?
Steve
___
Freeipa-users mailing list
Freeipa-users@redhat.com
Rob-
On Wed, Nov 30, 2011 at 12:04 PM, Rob Crittenden rcrit...@redhat.com wrote:
Retrieve the CA certificate for the FreeIPA CA.
# wget -O /etc/ipa/ca.crt http://ipa.example.com/ipa/config/ca.crt
Create a separate Kerberos configuration to test the provided credentials.
This enables a
for if possible
-Lassi Pölönen
If you insist on a single instance for multiple organizations, then I
agree with Stephen Ingram that the correct way would be to setup ACIs.
You could also abuse the ldap_user_search_filter and ldap_group_search_filter
parameters to limit NSS lookups
When we originally designed SSSD, we looked at it as a solution for
dealing with LDAP and Kerberos identity and authentication for Linux and
UNIX clients. With our initial approach, we decided to include only
marginal support for Microsoft's Active Directory as a source of user
information (only
On Fri, 2011-12-02 at 15:59 +0100, Ondrej Valousek wrote:
Small update so I am not only throwing dirt on winbind:
Winbind has still its use if you can not use / do not have RFC2307
attributes in AD.
So simply, if you want to use RFC2307 attributes, sssd is here for
you. If not, go for
On Wed, Nov 30, 2011 at 12:59 PM, Rob Crittenden rcrit...@redhat.com wrote:
The only part assuming that is ipa-join itself. IPA does not support the
direct use of kadmin or kadmin.local. On a supported platform you'd run:
# ipa-getkeytab -s ipa.example.com -k /tmp/remote.keytab -p
On Tue, 2011-12-20 at 12:59 -0900, Erinn Looney-Triggs wrote:
I have been working through configuring sudo via IPA and ran into the
following situation.
There is a directive in the documentation to configure
/etc/sssd/sssd.conf on the clients with something like the following:
On Wed, 2011-12-21 at 09:08 -0900, Erinn Looney-Triggs wrote:
On 12/21/2011 04:37 AM, Stephen Gallagher wrote:
On Tue, 2011-12-20 at 12:59 -0900, Erinn Looney-Triggs wrote:
I have been working through configuring sudo via IPA and ran into the
following situation
On Thu, 2012-01-05 at 11:35 -0900, Erinn Looney-Triggs wrote:
I am trying to solve an issue that seems like it should be obvious but
is not, to me at least.
I am trying to allow a user to log into a single host, via GDM. I have
configured a HBAC rule that allows access to the host from the
On Jan 5, 2012, at 5:48 PM, Erinn Looney-Triggs erinn.looneytri...@gmail.com
wrote:
On 01/05/2012 11:54 AM, Stephen Gallagher wrote:
On Thu, 2012-01-05 at 11:48 -0900, Erinn Looney-Triggs wrote:
Yes that look about right, not able to confirm 100%, but that is
probably the issue.
We're
I noticed a message on here some time ago about changing IPA to output
certificates in PEM format instead of DER. I see that in version
2.1.4, the UI does indeed output in PEM format. It appears as though
the CLI still outputs in DER. Is this the case? I agree that PEM is
certainly more typical,
this on the list, I was more curious than
anything as to whether IPA would output directly in DER. I was also
coming more from the point of training people to perform this
function.
Steve
On Fri, Jan 6, 2012 at 1:58 PM, John Dennis jden...@redhat.com wrote:
On 01/06/2012 04:45 PM, Stephen Ingram
It's come up more than once that SSSD needs a Frequently Asked Questions
page to field some of our more common questions. I'm reaching out to the
SSSD and FreeIPA user and developer communities to help us flesh out
this page.
I've begun it with the two most common questions I've received lately,
On Wed, 2012-01-11 at 12:56 -0500, Dmitri Pal wrote:
On 01/10/2012 02:31 PM, Stephen Gallagher wrote:
It's come up more than once that SSSD needs a Frequently Asked Questions
page to field some of our more common questions. I'm reaching out to the
SSSD and FreeIPA user and developer
On Thu, Jan 12, 2012 at 8:28 AM, Jeff White jwh...@corp.acesse.com wrote:
I'd like to use FreeIPA with Amazon's EC2 virtual machines. I'm seeing a
number of barriers, mostly around DNS. An elastic IP address looks like it
would solve the issues, but I'm not sure that will. And I'm wondering
On Thu, 2012-01-19 at 13:18 +, Charlie Derwent wrote:
Thanks for the advice Stephen (and the quick response), obviously that
won't help with load balanced comms during the installation process
but it should keep it to a minimum afterwards.
Wouldn't a quick solution be the addition
On Thu, 2012-01-19 at 14:06 +, Charlie Derwent wrote:
https://fedorahosted.org/freeipa/ticket/22827
For the record, the correct link is
https://fedorahosted.org/freeipa/ticket/2282
signature.asc
Description: This is a digitally signed message part
On Fri, 2012-01-20 at 17:35 +0100, Sigbjorn Lie wrote:
On 01/19/2012 04:33 PM, Stephen Gallagher wrote:
On Thu, 2012-01-19 at 14:06 +, Charlie Derwent wrote:
https://fedorahosted.org/freeipa/ticket/22827
For the record, the correct link is
https://fedorahosted.org/freeipa/ticket/2282
On Tue, 2012-01-24 at 20:11 -0600, ~Stack~ wrote:
You can manage to have machines still fetch data from IPA, but they
can't be full fledged clients if you can't preserve the keytab and some
other configuration.
As long as I can have a user log into the box and run a process, I don't
On Fri, 2012-01-27 at 15:11 +0100, Sigbjorn Lie wrote:
Hi
The first naming context returned from the LDAP server is always chosen
when using migrate-ds. This makes my import fail when I attempt to
import users and groups from a previous LDAP server having more than 1
naming contexts
On Fri, 2012-01-27 at 10:36 -0500, Dan Scott wrote:
Hi,
I have a Fedora 16 client running sssd-client-1.6.4-1.fc16.x86_64.
When I run, e.g. id djscott, I do not get the names of the groups:
-bash-4.2$ id djscott
uid=768(djscott) gid=1002(legacy-group)
On Fri, 2012-01-27 at 17:57 +0100, Jakub Hrozek wrote:
On Fri, Jan 27, 2012 at 11:47:01AM -0500, Dan Scott wrote:
Hi,
On Fri, Jan 27, 2012 at 10:48, Stephen Gallagher sgall...@redhat.com
wrote:
On Fri, 2012-01-27 at 10:36 -0500, Dan Scott wrote:
Hi,
I have a Fedora 16 client
On Fri, 2012-01-27 at 13:42 -0500, Rob Crittenden wrote:
This came up yesterday internally too. I don't believe a bug or ticket
has been filed yet.
My best guess on what is happening, based on what I saw with our own
case, is this:
A migrated attribute is coming in that IPA doesn't
On Mon, 2012-01-30 at 16:01 +0100, Sigbjorn Lie wrote:
Hi,
I'm doing a pre-implementation project for a customer having RHEL 5.7
workstations with KDE as
their windows manager.
When using KDE at a RHEL 5.7 (or 5.8 BETA) workstation connected to a IPA
2.1.3 running at RHEL
6.2 server,
On Mon, 2012-01-30 at 18:00 +0100, Sigbjorn Lie wrote:
Sure. Ive left the office for today, will do so tomorrow.
Im not very familiar with gdb. Any particular syntax / switches to
add?
Rgds,
Siggi.
You'll want to do this in a non-graphical terminal, so you can switch to
it if KDE gets
On Tue, 2012-01-31 at 10:22 +0100, Ondrej Valousek wrote:
Hey sounds good to me, just glad it is working for you :). The only
other question/suggestion I have is that it looks like you aren't
leveraging kerberos in your configuration for SSO, You might want to
think about doing this
On Tue, 2012-01-31 at 13:35 +0100, Sigbjorn Lie wrote:
Ok, please see below for the output from gdb.
I notice that it's not happening every time. All this morning I could unlock
without any issues.
Around lunchtime the issue started occouring again, but it's different each
time how
On Tue, 2012-01-31 at 21:03 +, Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Simo
I have used oddjob in the past and it works a treat, however this was
with ipa-client-install..
I was just dappling around with the script over diner and saw you were
an
On Wed, 2012-02-01 at 11:02 +0100, Sigbjorn Lie wrote:
Hi,
Is this more like the expected output? :)
No, I'm afraid it's not. That's a log of a legitimate shutdown, not a
segmentation fault. (Receiving SIGTERM means that the monitor told the
process to exit).
Possibly this happened if the
On Thu, 2012-02-02 at 10:44 -0500, Dmitri Pal wrote:
On 02/02/2012 09:59 AM, Nigel Sollars wrote:
Hi All,
I notice online people have already asked about Clients for other
linux distributions, my addition to this is how far ( if any )
along is the effort?. Is there an svn / git
On Fri, 2012-02-10 at 10:50 +0100, Marco Pizzoli wrote:
Hi,
On Mon, Jan 30, 2012 at 4:55 PM, Dmitri Pal d...@redhat.com wrote:
On 01/30/2012 09:47 AM, Marco Pizzoli wrote:
Hi guys,
Next days I'm going to start a test deployment of FreeIPA
2.1 but the
On Fri, 2012-02-10 at 16:18 -0500, John Dennis wrote:
On 02/10/2012 03:49 PM, Marco Pizzoli wrote:
-- Finished Dependency Resolution
*Error: Protected multilib versions: libldb-1.1.0-1.fc16.i686 !=
libldb-1.1.4-1.fc16.1.x86_64*
This error is because you've got both a 32-bit and 64-bit
On Mon, 2012-02-27 at 22:05 -0800, Brian Cook wrote:
example
[root@ipasvr yum.repos.d]# yum list freeipa-server
Loaded plugins: langpacks, presto, refresh-packagekit
Available Packages
freeipa-server.i686
2.1.4-1.20120209T0216Zgit11c25a4.fc16 ipa-devel
On Wed, 2012-02-29 at 11:24 -0500, Kelvin Edmison wrote:
Hi all,
I am running into an issue where users cannot access a samba volume if
their only access is via a secondary group. For example, if testuser's
primary group is ipausers, and secondary groups include testgroup, and the
samba
On Wed, 2012-02-29 at 13:49 -0500, Kelvin Edmison wrote:
On 12-02-29 1:40 PM, Stephen Gallagher sgall...@redhat.com wrote:
On Wed, 2012-02-29 at 11:24 -0500, Kelvin Edmison wrote:
Hi all,
I am running into an issue where users cannot access a samba volume if
their only access
On Fri, 2012-03-02 at 05:16 +0300, Craig T wrote:
Hi,
Server Side:
RHEL6.2
ipa-admintools-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-python-2.1.3-9.el6.x86_64
ipa-server-2.1.3-9.el6.x86_64
On Fri, 2012-03-02 at 14:52 +0100, Sigbjorn Lie wrote:
Hi,
I'm experiencing that SSSD is now crashing at random times on _ALL_ RHEL 6.2
machines where we
have installed SSSD connected to an IPA domain. SSSD can reach up to a month
of uptime before
sssd_be crashes. This happens on both
On Fri, 2012-03-02 at 15:08 +0100, Sigbjorn Lie wrote:
On Fri, March 2, 2012 15:04, Stephen Gallagher wrote:
On Fri, 2012-03-02 at 14:52 +0100, Sigbjorn Lie wrote:
Hi,
I'm experiencing that SSSD is now crashing at random times on _ALL_ RHEL
6.2 machines where we
have installed
On Thu, 2012-03-08 at 20:14 +, Steven Jones wrote:
Hi,
I am setting up some IPA users what I have noticed is if I or they type
startx to start a gui locking the .Xauthority fails, if I setenforce 0
then it works fine.I have never seen this behaviour before and
googling suggests its
I'm testing the new FreeIPA 2.1.90 rc1 on a fresh Fedora 17 alpha this
weekend. I started by installing the freeipa-server package and the
dns packages hoping they would pull in all of the dependencies.
1. I received the error message:
2012-03-11T01:52:51Z DEBUG stderr=Can't locate File/Slurp.pm
On Sat, Mar 10, 2012 at 10:49 PM, Alexander Bokovoy aboko...@redhat.com wrote:
On Sat, 10 Mar 2012, Stephen Ingram wrote:
I'm testing the new FreeIPA 2.1.90 rc1 on a fresh Fedora 17 alpha this
weekend. I started by installing the freeipa-server package and the
dns packages hoping they would
On Sun, Mar 11, 2012 at 12:20 AM, Alexander Bokovoy aboko...@redhat.com wrote:
On Sat, 10 Mar 2012, Stephen Ingram wrote:
...snip...
You are using RC1, we have released beta1 last week, it should include
the fix:
https://www.redhat.com/archives/freeipa-devel/2012-March/msg00087.html
Could
Now I've made it to the WebUI. Login works great (also via the new
form auth). Click on IPA Server tab and then Configuration yields:
IPA Error 4208 - get-effective-rights: missing subject: Invalid syntax
This also happens at several other points in the UI. For example,
click one DNS zone and
1 - 100 of 206 matches
Mail list logo