please help im stuck trying to finish this winsync agreement
[r...@se-idm-01.boingo.com slapd-BOINGO-COM]$ ipa-replica-manage connect
--winsync --binddn cn=idm admin, cn=Users, dc=boingoqa, dc=local --bindpw
*** --passsync --cacert=/etc/openldap/cacerts/boingoqaCA.cer
RE:
I am not sure I was clear. It seems that you provided the LDAP trace for the
ldapsearch commands you executed above. I was talking about the DS level logs
for the replica management agreement establishment and the follow up
replication.
here is the log tailed while I deleted teh
: Rich Megginson [rmegg...@redhat.com]
Sent: Friday, January 31, 2014 12:39 PM
To: Todd Maugh; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] cant create winsync reolication
On 01/31/2014 12:16 PM, Todd Maugh wrote:
RE:
I am not sure I was clear. It seems that you provided
thank you for the reply. here is the out put of the first command. I'm going to
run the second now and will reply with that as well
LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-BOINGO-COM/ ldapsearch -d 1 -LLLx -ZZ -H
ldap://qatestdc2.boingoqa.local -b cn=idm admin,cn=users,dc=boingoqa,dc=local
-D
)
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com]
Sent: Friday, January 31, 2014 12:55 PM
To: Rich Megginson; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] cant create winsync reolication
[r
I used the IPA directory manager password and got no output
[r...@se-idm-01.boingo.com cacerts]$ ldapsearch -LLLx -b cn=config -D
cn=directory manager -W 'objectclass=nsdswindowsreplicationagreement' dn
Enter LDAP Password:
From: Todd Maugh
Sent: Friday
Ok that time i got output
[r...@se-idm-01.boingo.com slapd-BOINGO-COM]$ ldapsearch -LLLx -b cn=config
-D cn=directory manager -W 'objectclass=nsds5replicationagreement'
Enter LDAP Password:
dn: cn=meTose-idm-02.boingo.com,cn=replica,cn=dc\3Dboingo\2Cdc\3Dcom,cn=mappin
g tree,cn=config
cn:
asked: Can you provide your /etc/openldap/ldap.conf?
answer:
/etc/openldap/ldap.con
#File modified by ipa-client-install
URI ldaps://se-idm-01.boingo.com
BASE dc=boingo,dc=com
TLS_CACERT /etc/ipa/ca.crt
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_REQCERT allow
ping
TLS: certificate
get no errors
but my passwords are not syncing!
Help! the documentation tells o fno way to verify or trouble shoot
Thank You
-Todd Maugh
tma...@boingo.com
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo
...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com]
Sent: Tuesday, February 04, 2014 9:04 AM
To: Rich Megginson; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: [Freeipa-users] Creating password sync
Ok, So I have my replication agreement set up.
and I see accounts coming in to my IDM server
From: Rich Megginson [rmegg...@redhat.com]
Sent: Tuesday, February 04, 2014 9:19 AM
To: Todd Maugh; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: Creating password sync
On 02/04/2014 10:17 AM, Todd Maugh wrote:
also I have verified the password
now I am getting this after rerunning the install and trying to reinstall my
cert
LDAP bind error in connect
81: Can't Contact LDAP Server
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com
my passhook.log file is empty
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com]
Sent: Tuesday, February 04, 2014 11:56 AM
To: Rich Megginson; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject
I have not changed any passwords in AD yet.
and the users I have in IDM from AD, their passwords are not working
From: Rich Megginson [rmegg...@redhat.com]
Sent: Tuesday, February 04, 2014 12:40 PM
To: Todd Maugh; d...@redhat.com
Cc: freeipa-users@redhat.com
: Todd Maugh
Sent: Tuesday, February 04, 2014 12:48 PM
To: Rich Megginson; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: RE: Creating password sync
but what about the cant contact LDAP server in the passsync log
and are you saying I should try to change one of the passwords in AD
To: Todd Maugh; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: Creating password sync
On 02/04/2014 01:42 PM, Todd Maugh wrote:
I have not changed any passwords in AD yet.
Then passsync will not have sent anything.
and the users I have in IDM from AD, their passwords are not working
)
---
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com]
Sent: Tuesday, February 04, 2014 12:53 PM
To: Rich Megginson; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Creating password sync
I tried
trying to find a command to check that connection
From: Rich Megginson [rmegg...@redhat.com]
Sent: Tuesday, February 04, 2014 1:02 PM
To: Todd Maugh; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: Creating password sync
On 02/04/2014 01:57 PM, Todd
[freeipa-users-boun...@redhat.commailto:freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.commailto:tma...@boingo.com]
Sent: Tuesday, February 04, 2014 12:53 PM
To: Rich Megginson; d...@redhat.commailto:d...@redhat.com
Cc: freeipa-users@redhat.commailto:freeipa-users@redhat.com
-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.commailto:tma...@boingo.com]
Sent: Tuesday, February 04, 2014 12:53 PM
To: Rich Megginson; d...@redhat.commailto:d...@redhat.com
Cc: freeipa-users@redhat.commailto:freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Creating password
From: Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Tuesday, February 04, 2014 2:11 PM
To: Todd Maugh; Rich Megginson; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: RE: Creating password sync
I am just doing this now and works fine for me.
The password has to be changed
Hey Guys,
So I have my master and replica up in my datacenter.
I have a client, I have a winsync agreement, I have a password sync.
It's working lovely.
So Now I have spun up an AWS instance of redh hat 6.5 (same as my master and
first replica)
I run the ipa replica and it fails
-boun...@redhat.com] on
behalf of Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, February 12, 2014 10:36 AM
To: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trouble creating a replica in the cloud
Dmitri Pal wrote:
On 02/11/2014 05:02 PM, Todd Maugh wrote:
Hey Guys
the documentation is kinda vague on some parts
from the documentation:
Because the sudo information is not available anonymously over LDAP by default,
Identity Management defines a default sudo user,
uid=sudo,cn=sysaccounts,cn=etc,$SUFFIX, which can be set in the LDAP/sudo
configuration file,
and If I am configuring the sud-ldap.conf
what should it look like does any one have an example?
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com]
Sent: Thursday, February 13, 2014 3:17 PM
Hello,
Another day another issue it seems :)
so I'm trying to set up an ubunutu client I get almost all the way through the
install and it fails with a version error. Ive hear this is a known bug and
there is a fix out there. although Im not sure how to apply the fix or get the
older client
to force the uninstall?
From: Will Sheldon [m...@willsheldon.com]
Sent: Friday, February 21, 2014 9:32 AM
To: Todd Maugh
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] adding ubuntu client to red hat server
I ran into this, there was a post bout it a little
not update DNS SSHFP records.
From: Will Sheldon [m...@willsheldon.com]
Sent: Friday, February 21, 2014 9:46 AM
To: Todd Maugh
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] adding ubuntu client to red hat server
I also ran into this problem. I ended
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Rob Crittenden [rcrit...@redhat.com]
Sent: Friday, February 21, 2014 11:57 AM
To: freeipa-users
Subject: Re: [Freeipa-users] Ubuntu Client HELL
Todd Maugh wrote:
IM in limbo here
I need to remove the CA certs on a box from a previous IDM install
what is the command to do this
error im getting is
A CA is already configured on this system.
Thanks
-Todd
___
Freeipa-users mailing list
Freeipa-users@redhat.com
the CA cert from an IDM replica
On 03/12/2014 05:10 PM, Todd Maugh wrote:
I need to remove the CA certs on a box from a previous IDM install
what is the command to do this
error im getting is
A CA is already configured on this system.
Which OS and which version?
Thanks
-Todd
...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Simo Sorce [s...@redhat.com]
Sent: Wednesday, March 12, 2014 2:23 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] How to remove the CA cert from an IDM replica
On Wed, 2014-03-12 at 21:10 +, Todd Maugh wrote:
I need
-users] How to remove the CA cert from an IDM replica
On Wed, 2014-03-12 at 21:10 +, Todd Maugh wrote:
I need to remove the CA certs on a box from a previous IDM install
what is the command to do this
error im getting is
A CA is already configured on this system.
rm /etc/ipa/ca.crt
Simo
skipping the con check due to a clock skew error
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, March 12, 2014 2:39 PM
To: Todd Maugh; Simo Sorce; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] How to remove the CA cert from an IDM
Hello.
I'm using latest IPA build on red hat 6.5
I retrieved my CA cert from the AD Domain controller
I try to set up my winsyncagreement and I am getting this
[r...@idm-master-els.ops.boingo.com ipa]$ ipa-replica-manage connect --winsync
--binddn cn=idmadmin, cn=Users, dc=bwinc, dc=local
: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903C5, comment:
AcceptSecurityContext error, data 52e, v2580
From: Rich Megginson [rmegg...@redhat.com]
Sent: Wednesday, March 12, 2014 3:30 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject
does IDM work with AD 2012 or only 2008
-Todd
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Megginson [rmegg...@redhat.com]
Sent: Wednesday, March 12, 2014 4:23 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
On 03/12/2014 05:07 PM, Todd Maugh wrote:
so to verify this
I am able to log in to the AD server as idmadmin
: 20140306225101.0Z
dSCorePropagationData: 20140306225055.0Z
dSCorePropagationData: 1601010100.0Z
From: Rich Megginson [rmegg...@redhat.com]
Sent: Wednesday, March 12, 2014 3:47 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] [freeipa] Issues
: Thursday, March 13, 2014 11:43 AM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
On 03/13/2014 12:29 PM, Todd Maugh wrote:
ok so I ran that and Get this output
Ok. Next, take a look at /var/log/dirsrv/slapd-OPS-BOINGO-COM/errors
[r...@idm
(Success)
From: Rich Megginson [rmegg...@redhat.com]
Sent: Thursday, March 13, 2014 12:05 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
On 03/13/2014 12:50 PM, Todd Maugh wrote:
Ok the error I see
Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
On 03/13/2014 01:58 PM, Todd Maugh wrote:
I believe they are.
so here is the out put of the log. it was showing those errors, I deleted the
wynsync agreement and then restarted ipa and then readded
I'm curious if the ldap.conf is wrong: heres what it looks like
#File modified by ipa-client-install
URI ldaps://idm-master-els.ops.boingo.com
BASE dc=ops,dc=boingo,dc=com
TLS_CACERT /etc/openldap/cacerts/
TLS_REQCERT allow
From: Todd Maugh
Sent: Thursday, March
Sorry Guys me again.
So I have my winsync agreement up
and I know have my password sync setup
the cert has been imported
SSL is configured properly,
but when I go to change a password in AD
I see this error in passsync.log
LDAP error in QueryUsername
32: No such object
any
Thank you Rich, must have been a type-o in my install, I gutted it restarted it
and am All good now thank you
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Thursday, March 13, 2014 4:24 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Password sync woes
On 03
?
thank you
-Todd Maugh
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com]
Sent: Friday, March 14, 2014 10:13 AM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] winsync agreement for multiple subtrees
good morning, every day it's something new.
so turns out my AD admin has built
I actually hadnt tried yet to sync from the top level directory
would I just leave the CN out to try that?
From: Rich Megginson [rmegg...@redhat.com]
Sent: Friday, March 14, 2014 11:12 AM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: winsync
Does IPA support a trust with AD yet.
I've seen that this is coming in a future release but I havent found something
that said it has been released.
-Todd
___
Freeipa-users mailing list
Freeipa-users@redhat.com
And I can find no documentation or help on line.
Has anyone had any success or practice with this?
Thanks
-Todd
Todd Maugh
Sr System Engineer
Boingo Wireless
tma...@boingo.com
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https
IPA then sync all the accounts from the subtrees? I
cant believe I am the first person with this issue or need.
Thanks again in advance.
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Monday, March 17, 2014 2:44 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Has
Thanks again Rich is there some good Documentation on setting up the trust?
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Monday, March 17, 2014 3:03 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Has one successfully synched the entirety of their
AD to IPA
Hello,
So I'm on some red hat clients and I have seen this a few times when attempting
to enroll them as clients.
Enrolled in IPA realm OPS.BOINGO.COM
Failed to obtain host TGT.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
as any one seen this or
My Master IPA server has been lost,
My replica is still up and functioning.
what is the best way to proceed?
Do I rebuild my master and add it has a replica?
how do I get my master back in line with my IPA env?
the Master needs to be rebuilt from scratch
red hat 6.5 latest version of
this out before I move forward enrolling other previously
enrolled clients.
Thanks
Todd Maugh
Sr System Engineer
Boingo Wireless
tma...@boingo.com
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa
I have found this to be my only way to get Ubuntu to work with ipa as clients
Add the IDM servers to the hosts file
echo {ip address of idmserver} {fqdn of idm server
/etc/hosts
Set the Hostname for the box
echo ubuntu-idm-02.boingo.com /etc/hostname
HBAC rules are set to allow_all enabled
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, March 31, 2014 3:44 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] uninstalled IPA client and reinstalled and
enrolled to new server cant
. Returned 0,0,Success
I see this in the sssd Logs but still not authenticating
will check out AVC and SELinux very frustrating
From: Rob Crittenden rcrit...@redhat.com
Sent: Monday, March 31, 2014 3:52 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject
: Sumit Bose [mailto:sb...@redhat.com]
Sent: Tuesday, April 01, 2014 12:19 AM
To: Todd Maugh
Cc: Rob Crittenden; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] uninstalled IPA client and reinstalled and
enrolled to new server cant authenticate
On Mon, Mar 31, 2014 at 11:05:18PM +, Todd
=0)
From: freeipa-users-boun...@redhat.com freeipa-users-boun...@redhat.com on
behalf of Todd Maugh tma...@boingo.com
Sent: Tuesday, April 01, 2014 7:17 AM
To: Sumit Bose
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] uninstalled IPA client
= ops.boingo.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, idm-master-els.ops.boingo.com
ldap_tls_cacert = /etc/ipa/ca.crt
From: Todd Maugh
Sent: Tuesday, April 01, 2014 10:58 AM
To: Sumit Bose
Cc
to new server cant authenticate
On Tue, Apr 01, 2014 at 05:58:00PM +, Todd Maugh wrote:
I am seeing this error in /var/log/secure
[r...@black-64.qa ~]# tail /var/log/secure
Apr 1 17:54:05 black-64 sshd[3649]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser
From: freeipa-users-boun...@redhat.com freeipa-users-boun...@redhat.com on
behalf of Todd Maugh tma...@boingo.com
Sent: Tuesday, April 01, 2014 1:58 PM
To: Jakub Hrozek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] uninstalled IPA client
the /etc/ipa/default.conf
When I go to renenroll client it says
IPA client is already configured on this system.
Run the uninstall blah blah blah
Any suggestions? Does any one know the magic file to remove?
Thanks again
Your favorite questioner Todd
Todd Maugh
Sr System Engineer
Boingo Wireless
Thank you that was it!!!
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, April 01, 2014 6:11 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] force uninstall from Ubunutu 12.04
Todd Maugh wrote:
Has any one been able
what logs to look at I checked out the var/log/sssd and they are
all 0 file size and gave me nothing to look at.
Has any one seen this before, does any one have any clues on trouble shooting.
Thanks
-Todd Maugh
tma...@boingo.com
___
Freeipa-users mailing
66 matches
Mail list logo