Hi,
I have installed free-ipa on fedora 12...
Install documentation
Some issues"3.2 To test your IPA installation",
3. Item should read "/usr/sbin/ipa-finduser admin" and not "/usr/bin/ipa
user-find admin"
Admin documentation
1.1.1.1
"Using the Web Interface",
Ther
8><
> I tried https://localhost:443
>
> and I get a "Kerberos Authentication failed".there is no workable
> documentation / indication on how to fix this
http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_the_IPA_Se
ldapmodify: wrong attributeType at line 4, entry
"cn=ipa_pwd_extop,cn=plugins,cn=config
I cannot figure out what is wrong here?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
__
Hi,
I am trying to web browse to the localhost and it is telling me to obtain a
valid kerberos ticket and configure Firefox...
Where do I export / find this ticket? and how do I install it as a user so I
can connect?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
ve changed ver2 from ver1 and the doc hasnt
been corrected?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf
Hi,
This is Fedora 13 with the yum repo setup as per your web site...
389-ds-base-1.2.6-1.fc13.x86_64
ipa-server-1.2.2-4.fc13.x86_64
Your ldapsearch command gives me,
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
um..
So the LDAP server is dead?
regards
Steven Jones Tech
do this
syntax wellso you are maybe over looking my simple mis-understanding of how
to enter these commands correctly.
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: freeipa-users-boun
rtfile.cer adserver.example.com -v
This appears to be wrong?
It should be,
ipa-replica-manage add --winsync --binddn
cn=administrator,cn=users,dc=example,dc=com \
--cacert /path/to/certfile.cer adserver.example.com --passsync-v
?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 627
adserver.example.com --passsync-v
Is there a log somewhere to look for why?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, 22 September 2010
Hi,
I have created a user only to find that the login, home directory, UID and GID
are all auto-generated...
How can I set the gui to let me put these values in myself?
The linux account and AD account already have these...so I need to be able to
set these.
regards
Steven Jones Technical
For ipa-replica-manage list
The output is my AD
vuwwincodc1.vuw.ac.nz
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, 22
Hi,
Ok, it isnt crashing the LDAP server/service its doing a shutdown of it
according to the error log...
So while a sync is happening the LDAP server is offline?
How long should this take?
30secs?
3mins?
30mins?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
tal
protocol for replica "agmt="cn=meTovuwwincodc1.vuw.ac.nz636"
(vuwwincodc1:636)" did not shut down properly.
[22/Sep/2010:14:53:37 +1200] - Waiting for 4 database threads to stop
[22/Sep/2010:14:53:37 +1200] - All database threads now stopped
[22/Sep/2010:14:53:37 +1
d-certdir nsslapd-schemadir"
[22/Sep/2010:14:33:36 +1200] conn=51 op=1 RESULT err=0 tag=101 nentries=1
etime=0
[22/Sep/2010:14:33:36 +1200] conn=51 op=2 SRCH base="cn=config,cn=ldbm
database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)"
attrs="nsslapd-direc
t;(objectClass=*)"
attrs="nsslapd-directory"
[22/Sep/2010:15:58:16 +1200] conn=8 op=2 RESULT err=0 tag=101 nentries=1 etime=0
=
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
Any idea how to stop the LDAP server hosing itself?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of
Hi,
I have not seen such an email.
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: Dmitri Pal [mailto:d...@redhat.com]
Sent: Thursday, 23 September 2010 9:19 a.m.
To: Steven Jones
Cc: Freeipa
Hi,
Bug 634561 has been fixed...
How do I get this into/onto my setup please?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
___
Freeipa-users mailing list
Freeipa-users@redhat.com
to import?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Ok,
So lets avoid the passwords
Is there an automatic / scripted way to import the passwd file so I get the
UID's, GID's etc into ipa?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message
Hi,
I have come back after the weekend and find that the gui no longer works
While trying to get a new kerberos ticket I get,
"kinit: Cannot contact and KDC realm 'VUW.AC.NZ' while getting credentials"
So any ideas where I go looking?
regards
Steven Jones Techni
al
regards
Steven
bcc MW.
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Tuesday, 28 September 2010 4:30 a.m.
To: Steven Jones
Cc: Dmitri Pal; freeipa-users
Subject: Re: [Freeipa-users] Migrating passwd files etc into free-ipa
Steven Jones wrote:
&g
Hi,
Sorry if this sounds pushy but any chance of an ETA please?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-Original Message-
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Friday, 24 September 2010 8:20
sibleyet nothing on google
indicates how or if this is actually the case...
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
___
Freeipa-users mailing list
Freeipa-users@redhat.com
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Has anyone tried this?
I get a "Damaged repo file"
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Is there a series of RPMS I can download?
ie can someone tell which ones I need for the server and which ones I
need for the client and in what order I install? I can get the rpms off
the store, just not via yum as the repo is dead for meeither its a
remote issue, or our firewall is preventing
Trying to install but there appears to be a dependency failure
ipa server requires 389-ds-base > 1.2.8 but 389-ds-base = 1.2.6
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-use
[root@fed14-64-ipam001 jonesst1]# ipa-replica-prepare
fed14-64-ipam002.ipa.ac.nz
Directory Manager (existing master) password:
Preparing replica for fed14-64-ipam002.ipa.ac.nz from
fed14-64-ipam001.ipa.ac.nz
Creating SSL certificate for the Directory Server
ipa: INFO: sslget
'https://fed14-64-ip
I have just built these 2 fed14 to act as a server and client and run
yum updateso they should be as closely sync'd as possible...
=client===
[root@fed14-64-ipacl01 ~]# ipa-client-install
Discovery was successful!
Realm: IPA.AC.NZ
DNS Domain: ipa.ac.nz
IPA Server: fed14-64
What scrips need to be runa and in what order to start the primary ipa
server?
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
The point is both the client and the server are up to date in terms of
patches from teh repo.
So your repo is not consistent and needs fixing..
regards
On Mon, 2011-02-28 at 10:43 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > I have just built these 2 fed14 to act as
Hi,
How do I tell?
ie what are the package names?
but apart from that both are yum updated from the same repo, so this
means your repo is probably the problem
regards
On Mon, 2011-02-28 at 10:42 -0500, Dmitri Pal wrote:
> On 02/27/2011 10:22 PM, Steven Jones wrote:
> > I have j
led to read data from Directory Service
Shutting down
Shutting down dirsrv:
IPA-AC-NZ... [ OK ]
PKI-IPA... [ OK ]
[root@fed14-64-ipam001 init.d]#
On Mon, 2011-02-28 at 16:39 +1000, David O'Brien wrote:
&
CT,C,C
ipaCert u,u,u
Server-Cert u,u,u
[root@fed14-64-ipam001 init.d]#
===
regards
On Mon, 2011-02-28 at 10:50 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> >
Hi,
As per your website and I SCP'd the freeipa-devel.repo over to the
client and the replica from the master
regards
On Mon, 2011-02-28 at 14:30 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > Hi,
> >
> > The point is both the client and the server
8><
> On the client: rpm -q freeipa-client
freeipa-client-2.0.0.rc1-0.fc14.x86_64
> On the server: rpm -q freeipa-server
freeipa-server-2.0.0.rc1-0.fc14.x86_64
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redha
Not sure if I have to change anything in the repo? but rc2.0 does not
appear...
regards
On Mon, 2011-02-28 at 16:07 -0500, Rob Crittenden wrote:
> To all freeipa-interest, freeipa-users and freeipa-devel list members,
>
> The FreeIPA project team is pleased to announce the availability of the
umchecksum error?
===
[root@fed14-64-ipacl01 yum.repos.d]# yum update
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
freeipa-devel
| 1.3 kB 00:00
freeipa-devel/primary
| 10 kB 00:00
http://freeipa.com/downloads/devel/rpms/F14/
I have tried to download the rpms by hand and the dependencies are all
broken ie pythonwell stuffed by the looks of it...
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
esting repo and the Freeipa-devel repo enabled on my IPA
> test servers.
>
>
> Rgds,
> Siggi
>
>
>
>
> On Tue, March 1, 2011 01:32, Steven Jones wrote:
> > I have tried to download the rpms by hand and the dependencies are all
> > broken ie python.
[ OK ]
PKI-IPA... [ OK ]
[root@fed14-64-ipam001 init.d]#
regards
On Tue, 2011-03-01 at 16:10 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > Im getting a pycurl error 6so every few hours the errors change
>
>
8><-
> I think it is a mismatch between what we've stored as the hostname and
> the hostname of the machine.
>
> Can you look at the output of these commands and see if the hostname is
> the same between them all?
>
> $ ldapsearch -x -s one -b cn=masters,cn=ipa,cn=etc,dc=ipa,dc=ac,dc=n
> I think it is a mismatch between what we've stored as the hostname and
> the hostname of the machine.
>
> Can you look at the output of these commands and see if the hostname is
> the same between them all?
>
> $ ldapsearch -x -s one -b cn=masters,cn=ipa,cn=etc,dc=ipa,dc=ac,dc=nz dn
> $ host
Hi,
Yepthat is the issueI put it in, rebooted, worked, took it out
rebooted, didnt work, put it back in rebooted and it worked again.
Wonders of a gui setupnormally I do it by hand and do a FQDNI
assumed because it was short form in the file that is the way it is now,
obviously no
This is becoming a bit of a grind
Anyway, either I have not found it yet, or a definitive set of ports
that need to be open isnt there, this is my best shot so far,
Have I missed any or are there some not needed?
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp dpt:80
ACCEP
8><
starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
[21/27]: adding replication acis
[22/27]: initializing group membership
[23/27]: adding master entry
[24/27]: c
I appear to have IPA running, I have run the install client on a fed14
KVM guest and that guest is in the IPA system, however the users in IPA
cannot authenticate via IPA and get onto the client. There appears to
be traffic to port 389, so I assume its "almost" workingbut I can
find anything i
Entries: 1
===
On Wed, 2011-03-02 at 23:32 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > 8><
> > starting replication, please wait until this has completed.
> > Update in progress
> > Update in progress
> > Update in progress
> > Update
f-ipaserver.example.com-here
base dc=example,dc=com
So mine says,
uri host 192.168.100.2
base dc=ipa,dc=ac,dc=nz
Where 192.168.100.2 is the original master.
regards
On Thu, 2011-03-03 at 14:30 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > I appear to have IPA running, I hav
8><
I have no idea, Im trying to follow the ipa document (version 0.5)so
if it says do something I try and do itif it doesnt say do something
wellit doesnt get done as I cant mind read.
What I want is encrypted connections on all services / communications so
it is secure and safe.
Hi,
Is it possible to have the ipa 0.5 documentation (and future
documentation) as a pdf file? I'd like to download it and print it
off.
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-u
am dwnloading now.
regards
On Thu, 2011-03-03 at 18:22 -0500, Dmitri Pal wrote:
> On 03/03/2011 02:31 PM, Dmitri Pal wrote:
> > On 03/03/2011 02:21 PM, Steven Jones wrote:
> >> I appear to have IPA running, I have run the install client on a fed14
> >> KVM guest a
Thanks very much
I can live with rough.lets me study it on the train
regards
On Fri, 2011-03-04 at 11:24 +1000, David O'Brien wrote:
> Steven Jones wrote:
> > Hi,
> >
> > Is it possible to have the ipa 0.5 documentation (and future
> > documentati
Hi,
Americans are funny ppl they put the date format as month then
day.the problem is in the real world, its day then month
So I have registered 1 client and 2 ipa masters as of 4th march 2011
NZST, but the IPA server's gui says I registered them a month in the
future, ie 3rd April 2011
Hi,
Well client to ipa server doesnt work..
regards
On Fri, 2011-03-04 at 10:45 -0500, Rob Crittenden wrote:
> Dmitri Pal wrote:
> > On 03/03/2011 02:53 PM, Steven Jones wrote:
> >> 8><
> >>
> >> I have no idea, Im trying to follow the ipa do
8><---
This didnt work...intuitive, no I guess not
regards
> Sorry but the doc might be incomplete. We are in the middle of reviewing
> it actually and adding information to it.
>
> Please go to your system-authconfig dialog and configure LDAP + Kerberos
> with the IPA server. It should b
How do i turn on logging on the client and the server so as to start
troubleshooting this authentication failure?
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
Where does this log to?
regards
On Mon, 2011-03-07 at 12:33 -0500, Dmitri Pal wrote:
> On 03/06/2011 02:48 PM, Steven Jones wrote:
> > How do i turn on logging on the client and the server so as to start
> > troubleshooting this authentication failure?
have run authconfig-tui and that looks OK as far as I can tell
I have set cli.conf and server.conf but there are no logs any where I
can find
Ideas please?
Also how to get logging going so I have something to look at
regards
On Tue, 2011-03-08 at 13:31 +1300, Steven Jones wro
8><-
> >
> > getent passwd "user" however only returns one line, not the two I should
> > expect?
>
> Why do you expect two lines? It should only return one, for that user.
>
> >
> > It also returns very fastlike its not even looking remotely.
>
> Is the user in /etc/passwd too?
>
Whe
8><--
So how do I fault find? where do I start?
ie Where do I start to look to determine why a user cannot login to a
client via freeipa?
How can I be more clear? because so far the replies have been not very
productive.
regards
___
Freeipa-u
8><
>
> Steven, sorry you're having such a hard time with this. Let me see if I
> can help point you in the right direction.
>
> I'm trying to look at the history of this thread, but I'm coming into it
> late, so please forgive me if I retread any ground that's already been
> covered.
>
On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > 8><--
> >
> >
> > So how do I fault find? where do I start?
> >
> > ie Where do I start to look to determine why a user cannot login to a
> > client via freei
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
--
8><-
>
> Well, here's your problem. The SSSD isn't starting up successfully
> because you don't have a host principal for this server in your
> /etc/krb5.key
22,303 DEBUG stderr=
2011-03-04 15:09:22,303 DEBUG Backing up system configuration file
'/etc/ntp.conf'
2011-03-04 15:09:22,304 DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2011-03-04 1
Hi,
I have just done another F14 client and I have the same issue.
regards
regards
On Tue, 2011-03-08 at 19:28 -0500, Simo Sorce wrote:
> On Tue, 8 Mar 2011 19:05:45 -0500 (EST)
> Stephen Gallagher wrote:
>
> >
> >
> > On Mar 8, 2011, at 5:45 PM, Steven Jones
&
Hi,
I had/have already done the uninstall...and re-install.
Also I registered a brand new 2nd client...that hasnt worked
either..
regards
On Tue, 2011-03-08 at 23:29 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > Hi,
> >
> > Log,
> >
>
> The err
3/08/2011 04:40 PM, Steven Jones wrote:
> > On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote:
> >> Steven Jones wrote:
> >>> 8><--
> >>>
> >>>
> >>> So how do I fault find? where do I start?
> >>>
> &g
On Wed, 2011-03-09 at 14:42 -0500, Dmitri Pal wrote:
> On 03/09/2011 02:21 PM, Steven Jones wrote:
> > Hi,
> >
> > I had/have already done the uninstall...and re-install.
> >
> > Also I registered a brand new 2nd client...that hasnt worked
> > either..
&
Hi,
I have gone into the webgui and manually removed the no1 client/host, it
has now joined successfully...
So Yes, the next issue
regards
On Wed, 2011-03-09 at 14:51 -0500, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 03/09/2011 02:4
8><---
> 4) Install client again
>
> Everything should work.
> If not please send us the logs.
Not sure which logs as Im losing track of so many
suggestions/threadsbut,
On the client the sssd.log is zero length, the sssd_ipa.ac.nz.log is
zero length
I just tried to add a local user
Ok,
However I cant LDAP/Ipa authenticate stillon either client..
So what next?
regards
Steven
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Thursday, 10 March 2011 10:47 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re
& scripts for a rhel6ws?I could try that as well...also
RHEL5
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 10 March 2011 11:35 a.m.
To: d...@redhat
:
> - Original Message -
>> Steven Jones wrote:
>>> Ok,
>>>
>>> However I cant LDAP/Ipa authenticate stillon either
>>> client..
>>>
>>> So what next?
>>
>> sssd handles logins, you can try turning up the
third client wont authenticate either
So I guess its a problem around the install script if not selinux
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Friday
...this is still like alphamajor functionality
failure, as personally I class being unable to do the very first thing you need
to do as a major failure.
regards
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of St
My problem is "To troubleshoot we need logs. There are all sorts of logs and
configuration files on the server and on the client."
Thats just it.I dont know where to look.its simply not documentedso
what I need is for someone to tell me what logs you needand how to make the
syst
] on
behalf of Dmitri Pal [d...@redhat.com]
Sent: Friday, 11 March 2011 11:58 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to authenticate a client user against IPA
On 03/10/2011 05:37 PM, Steven Jones wrote:
> I have run the in-install script and it wont delete the cli
Hi,
A year or two back free vm's were easy to find/common, these days its quite
hardmostly I look, give up and go build my own VM for the job.
If you want to do some routeing in VMware vyatta do a free vm and it does dhcp
as well.
You can set up bind on your fedora VM just invent a domain,
Hi.
I see IPA 2.0 is F15.uh.
Is free-ipa 2.0 going to be put into RHEL6.1? ie Im assuming that F14 will
become 6.1? sometime in the next few months?
Or should I assume that since ipa2.0 is in F15 only we wont see anything
vaguely usable til 6.2 sometime near the end of the year?
The
Hi.
Is free-ipa going to be put into RHEL6.1? ie Im assuming that F14will become
6.1?
Or should I assume that since ipa2 is in F15 we wont see anything til 6.2
sometime near the end of the year?
I want to spend the next few months learning IPA and deploy it to limited
selected users as a PO
] FreeIPA 2 on F14/RHEl 6.1
On 03/28/2011 05:30 PM, Steven Jones wrote:
> Hi.
>
> I see IPA 2.0 is F15.uh.
>
> Is free-ipa 2.0 going to be put into RHEL6.1? ie Im assuming that F14 will
> become 6.1? sometime in the next few months?
>
> Or should I assume that since
Just tried to make a replica and the install failed with,
[4/11]: configuring certificate server instance
root: CRITICAL failed to configure ca instance Command '/usr/bin/perl
/usr/bin/pkisilent ConfigureCA -cs_hostname fed14-64-ipam002.ipa.ac.nz -cs_port
9445 -client_certdb_dir /tmp/t
Trying to set up a fed14 cleint and since DNS is on the AD server (dc0002)
there is no dns_discoveryso as per doc I ran the install and it should ask
me for the infobut it fails with,
Complete!
[root@fed14-64-cli01 yum.repos.d]# ipa-client-install
DNS discovery failed to determine your D
Following the install guide I get,
[root@fed14-64-ipam001 samba]# ipa-replica-manage add --winsync --binddn
cn=administrator,cn=users,dc=ipa,dc-ac,dc=nz \
> --bindpw Qsmith51B --cacert /home/jonesst1/domaincert.cer dc0001.ipa.ac.nz -v
Usage: ipa-replica-manage [options]
ipa-replica-manage: erro
eeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Tuesday, 29 March 2011 3:24 p.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] AD setup failure
Following the install guide I get,
[root@fed14-64-ipam001 samba]# ipa-replica-
2011 2:50 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] AD setup failure
Steven Jones wrote:
> Got a bit further...I was missing "--passsync"
I think you were using the V1 documentation. The "Enterprise Identity
Management Guide&quo
Subject: Re: [Freeipa-users] replica install failure
On Mon, 2011-03-28 at 23:45 +, Steven Jones wrote:
> Just tried to make a replica and the install failed with,
>
> [4/11]: configuring certificate server instance
> root: CRITICAL failed to configure ca instance Comma
Hi,
The DNS is in AD so it cant be set to suit IPA
I did as below and even with --force your script ignores these flags, it
insists on doing AD lookups and gets the AD infoand obviously the cert isnt
on the AD box.
8><
What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record?
: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure
On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote:
> On 2011-03-29, at 10:20, Martin Kosek wrote:
>
> > On Tue, 2011-03-29 at 00:08 +0000, Steven Jones wrote:
> >
> > What is a content
>> On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:
>>>
>>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
>>> installation uses this DNS record in an autodiscovery of IPA server in
>>> the given DNS domain.
>>
>> In
t;
-ca_audit_signing_cert_subject_nam!
e "CN=CA Audit,O=IPA.AC.NZ" -ca_sign_cert_subject_name "CN=Certificate
Authority,O=IPA.AC.NZ" -external false -clone true -clone_p12_file ca.p12
-clone_p12_password '' -sd_hostname fed14-64-ipam001.ipa.ac.nz
-sd_admi
-boun...@redhat.com] on
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 30 March 2011 8:29 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure
On 03/29/2011 03:26 PM, Steven Jones wrote:
> Hi,
>
> The DNS is in AD so it cant be set to suit IPA
>
>
: Re: [Freeipa-users] client setup failure
On 03/29/2011 03:26 PM, Steven Jones wrote:
> Hi,
>
> The DNS is in AD so it cant be set to suit IPA
>
> I did as below and even with --force your script ignores these flags, it
> insists on doing AD lookups and gets the AD info...
The ipv6 wasnt "right" I guess.
I have added the host's name into that line.will retry.
regards
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:43 a.m.
To: Steven Jones
Cc: Martin Kosek; freeipa-users@redhat.
Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure
Steven Jones wrote:
> What do I put in the python script as a work around?
https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html
>
>
I used --force as wellit still ignores it
regards
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:58 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure
Hi,
My Windows person suggests because this is a self signed cert, the client needs
to be forced to trust it?
regards
Steven
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 2:50 a.m.
To: Steven Jones
Cc: freeipa-users
4-64-cli01 tmp]#
So the client isnt appearing in the IPA web gui.so its a total failure to
join...
regards
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:03 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.c
1 - 100 of 765 matches
Mail list logo