[Freeipa-users] is not an IPA v2 Server.

2012-06-18 Thread george he
Hello all, I'm trying to install freeipa for a small lab with 10 computers, all running fedora 17. I seemed to have installed ipa server (without DNS) successfully, # ipactl status Directory Service: RUNNING KDC Service: RUNNING KPASSWD Service: RUNNING MEMCACHE Service: RUNNING HTTP Service:

Re: [Freeipa-users] is not an IPA v2 Server.

2012-06-18 Thread george he
help will be very appreciated. George From: george he george_...@yahoo.com To: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Saturday, June 16, 2012 4:02 PM Subject: is not an IPA v2 Server. Hello all, I'm trying to install freeipa for a small lab

Re: [Freeipa-users] is not an IPA v2 Server.

2012-06-18 Thread george he
ACCEPT Thanks, George From: Petr Viktorin pvikt...@redhat.com To: freeipa-users@redhat.com freeipa-users@redhat.com Cc: george he george_...@yahoo.com Sent: Monday, June 18, 2012 10:06 AM Subject: Re: [Freeipa-users] is not an IPA v2 Server. On 06/18/2012 03

Re: [Freeipa-users] is not an IPA v2 Server.

2012-06-18 Thread george he
Hi Petr, Yes, I still get the failed: No route to host error. and I cannot connect to the webUI from the client, but I can open the web UI on myserver. Thanks, George From: Petr Viktorin pvikt...@redhat.com To: george he george_...@yahoo.com Cc: freeipa

Re: [Freeipa-users] is not an IPA v2 Server.

2012-06-18 Thread george he
browser. Or you can use form-based authentication. but I can use the form based authentication sometimes, not always. Thanks, George From: Petr Viktorin pvikt...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com

Re: [Freeipa-users] is not an IPA v2 Server.

2012-06-18 Thread george he
another firewall blocking the connection. Thanks, George From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: Petr Viktorin pvikt...@redhat.com; freeipa-users@redhat.com freeipa-users@redhat.com Sent: Monday, June 18, 2012 11:51 AM

Re: [Freeipa-users] is not an IPA v2 Server.

2012-06-18 Thread george he
...@redhat.com To: george he george_...@yahoo.com Cc: Petr Viktorin pvikt...@redhat.com; freeipa-users@redhat.com freeipa-users@redhat.com Sent: Monday, June 18, 2012 1:28 PM Subject: Re: [Freeipa-users] is not an IPA v2 Server. george he wrote: Hello Rob, Yes, I did the configuration earlier today

[Freeipa-users] ipa installation problem

2012-06-18 Thread george he
Hello all, While waiting for more suggestions on my thread is not an IPA v2 Server, I tried to install ipa server on other machines running fc16 and fc15. When server is on fc16, I get the same error as when it's on fc17, wget failed: No route to host. when server is on fc15, wget still failed,

Re: [Freeipa-users] ipa installation problem

2012-06-19 Thread george he
in the same lab, I have set up two web servers in the usual way and they both run with no problem. Thanks, George From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Tuesday, June

Re: [Freeipa-users] ipa installation problem

2012-06-19 Thread george he
To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Tuesday, June 19, 2012 10:43 AM Subject: Re: [Freeipa-users] ipa installation problem george he wrote: Hello Rob, Can it be that the httpd service is not running properly? On all servers, I can only run wget

Re: [Freeipa-users] ipa installation problem -- 2

2012-06-20 Thread george he
Hi Rob, Client configuration complete. but it says Failed to upload host SSH public keys. Hope it's OK. Thanks a lot, George From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com

[Freeipa-users] Joining realm failed: Host is already joined

2012-06-21 Thread george he
Hello all, When I do ipa-client-install on a client with previous unsuccessful installation, I get this error message: Joining realm failed: Host is already joined. Installation failed. Rolling back changes. IPA client is not configured on this system. How do I clean up the machine for a

Re: [Freeipa-users] Joining realm failed: Host is already joined

2012-06-21 Thread george he
...@redhat.com To: freeipa-users@redhat.com Sent: Thursday, June 21, 2012 10:50 AM Subject: Re: [Freeipa-users] Joining realm failed: Host is already joined On 06/21/2012 04:42 PM, george he wrote: Hello all, When I do ipa-client-install on a client with previous unsuccessful installation, I

Re: [Freeipa-users] Joining realm failed: Host is already joined

2012-06-21 Thread george he
From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: Petr Viktorin pvikt...@redhat.com; freeipa-users@redhat.com freeipa-users@redhat.com Sent: Thursday, June 21, 2012 11:18 AM Subject: Re: [Freeipa-users] Joining realm failed: Host is already joined george he

[Freeipa-users] ipa user-add

2012-06-21 Thread george he
Hello all, After the server and the client are installed, I run ipa user-add myname to add users. The users are added successfully, but each user get his own GID, which is the same as his UID, even though ipa config-show --all shows   Default users group: ipausers How do I put all new

Re: [Freeipa-users] ipa user-add

2012-06-21 Thread george he
it's x86_64  2.2.0-1.fc17. Thanks, George From: Rob Crittenden rcrit...@redhat.com To: Rich Megginson rmegg...@redhat.com Cc: george he george_...@yahoo.com; freeipa-users@redhat.com freeipa-users@redhat.com Sent: Thursday, June 21, 2012 2:54 PM Subject: Re

Re: [Freeipa-users] ipa user-add

2012-06-21 Thread george he
From: Dmitri Pal d...@redhat.com To: freeipa-users@redhat.com Sent: Thursday, June 21, 2012 3:47 PM Subject: Re: [Freeipa-users] ipa user-add On 06/21/2012 03:10 PM, george he wrote: it's x86_64  2.2.0-1.fc17. Thanks, George You are looking at the private group feature

[Freeipa-users] replica installation clean up

2012-06-21 Thread george he
Hi, after ipa-replica-install and ipa-replica-install --uninstall, now I get [root@myreplica ~]# ipa-replica-install --setup-ca /var/lib/ipa/replica-info.gpg . . . Connection check OK The host myreplica already exists on the master server. Depending on your configuration, you may perform the

Re: [Freeipa-users] replica installation clean up

2012-06-21 Thread george he
From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Thursday, June 21, 2012 4:35 PM Subject: Re: [Freeipa-users] replica installation clean up george he wrote: Hi, after ipa-replica-install and ipa-replica

Re: [Freeipa-users] ipa user-add

2012-06-21 Thread george he
. After that I still get permission denied. Any suggestions? Thanks again, George From: Rich Megginson rmegg...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Thursday, June 21, 2012 2:43 PM Subject: Re

Re: [Freeipa-users] replica installation clean up

2012-06-22 Thread george he
-s4u2proxy.ldif: Command '/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpExxi0H -x -D cn=Directory Manager -y /tmp/tmpa12oUA' returned non-zero exit status 1 Any suggestions on this? Thanks, George From: george he george_...@yahoo.com To: Rob Crittenden rcrit

[Freeipa-users] freeipa and gdm

2012-06-25 Thread george he
Hello, I have a server and a few client set up. I can ssh to the server or clients. But there's no entry on the console gdm for ipa user, and I cannot login by choosing others either. What do I need to set up for gdm log on? I searched the docs but didn't find any... Thanks, George

Re: [Freeipa-users] freeipa and gdm

2012-06-25 Thread george he
Hi Stephen, I already have a home directory which was created the first time I ssh in. Now when I click on sign in, nothing happens... Thanks, George From: Stephen Gallagher sgall...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com

Re: [Freeipa-users] freeipa and gdm

2012-06-25 Thread george he
Hi Stephen, selinux was set to permissive before I installed the client. ( I modified the file /etc/sysconfig/selinex) So It cannot be the reason. Thanks, George From: Stephen Gallagher sgall...@redhat.com To: george he george_...@yahoo.com Cc: freeipa

Re: [Freeipa-users] freeipa and gdm

2012-06-25 Thread george he
-session -f ) Your help is appreciated. George From: Stephen Gallagher sgall...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Monday, June 25, 2012 1:58 PM Subject: Re: [Freeipa-users] freeipa and gdm

Re: [Freeipa-users] freeipa and gdm

2012-06-25 Thread george he
Yes! reboot works. Thanks a lot. George From: Simo Sorce s...@redhat.com To: george he george_...@yahoo.com Cc: Stephen Gallagher sgall...@redhat.com; freeipa-users@redhat.com freeipa-users@redhat.com Sent: Monday, June 25, 2012 2:39 PM Subject: Re

Re: [Freeipa-users] replica installation clean up

2012-06-26 Thread george he
. For this purpose, is the following list sufficient? /boot /etc /home /root /usr /var I think I probably don't need /boot /home /root either, but these are small. Thanks for your advice. George From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com

[Freeipa-users] pam_systemd(sshd:session): Failed to create session

2012-06-29 Thread george he
Hello all, I'm running out of time to figure out what was wrong with my replica set up, so I just went ahead and installed ipa-client on that machine. It seems the client was installed all right, except when I ssh to the new client from another client, I get this: Could not chdir to home

Re: [Freeipa-users] pam_systemd(sshd:session): Failed to create session

2012-06-29 Thread george he
Hello Dan, Many thanks. It worked. Now I remember this was done by default on my other clients... don't know why. George From: Dan Scott danieljamessc...@gmail.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent

Re: [Freeipa-users] nfs server

2012-06-29 Thread george he
.keytab is the key generated on the ipa-server for nfs. Thanks, George From: Simo Sorce s...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Friday, June 29, 2012 10:24 AM Subject: Re: [Freeipa-users

[Freeipa-users] rpcgssd

2012-06-29 Thread george he
Hello all, Is there a problem with this document: https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/kerb-nfs.html It says Start the GSS daemon. [root@nfs-client-server ~]# service rpcgssd start but when I do it, the nfs-client says Failed to issue method call: Unit

Re: [Freeipa-users] rpcgssd

2012-06-29 Thread george he
/ on the client, which happens to be the ipa-server, and get mount.nfs4: mount(2): Permission denied Thanks, George From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Friday

Re: [Freeipa-users] rpcgssd

2012-06-29 Thread george he
Hello all, nfs-secure.service is running on the client, but I still get mount.nfs4: mount(2): Permission denied and there's no message in /var/log/. Any help? Thanks, George From: george he george_...@yahoo.com To: Rob Crittenden rcrit...@redhat.com Cc

[Freeipa-users] win7 client

2012-07-03 Thread george he
Hello all, I'm trying to set up a win7 as a client of my freeipa server running on fc17. so I followed the instructions here: http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/Configuring_Microsoft_Windows.html But then what? The win7 is currently in a workgroup. I tried to join

[Freeipa-users] error yum install freeipa-server

2012-07-05 Thread george he
Hello all, When I do yum install -y freeipa-server on a newly installed FC17 system, I get a lot of errors like this: /sbin/restorecon:  lstat(/etc/pki-tks*) failed:  No such file or directory /sbin/restorecon:  lstat(/etc/pki-tps*) failed:  No such file or directory /sbin/restorecon: 

Re: [Freeipa-users] error yum install freeipa-server

2012-07-05 Thread george he
Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Thursday, July 5, 2012 11:27 AM Subject: Re: [Freeipa-users] error yum install freeipa-server george he wrote: Hello all, When I do yum install -y freeipa-server

[Freeipa-users] ipa samba win7

2012-07-10 Thread george he
Hello all, I have an ipa client that is also a file server. How do I set up a samba server on the file server so that the files can be accessed by a win7 machine, which is not a member of the ipa realm? Should I set the file server as a domain controller? How do I deal with the passdb backend

Re: [Freeipa-users] ipa samba win7

2012-07-10 Thread george he
@redhat.com Sent: Tuesday, July 10, 2012 9:12 AM Subject: Re: [Freeipa-users] ipa samba win7 Do you have an AD for the win7 machine or is it just standalone machine? Ondrej On 07/10/2012 03:01 PM, george he wrote: Hello all, I have an ipa client that is also a file server. How do I set up a samba

Re: [Freeipa-users] ipa samba win7

2012-07-10 Thread george he
, (and they are all in ipausers group), I would only need to add the sambaGroups class to ipausers group? Thanks, George From: Simo Sorce s...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Tuesday, July

[Freeipa-users] ipa krbtpolicy-mod --maxlife

2012-07-30 Thread george he
Hello all, I'm trying to change the krb ticket life time for myself, so I used ipa krbtpolicy-mod MYUSERNAME --maxlife 36 but then after I do kinit, my new ticket is still going to expire after 24 hours, which is the default ticket life, even though ipa krbtpolicy-show MYUSERNAME returns  

Re: [Freeipa-users] ipa krbtpolicy-mod --maxlife

2012-07-31 Thread george he
Thank you, Martin. This helps. George From: Martin Kosek mko...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Tuesday, July 31, 2012 3:04 AM Subject: Re: [Freeipa-users] ipa krbtpolicy-mod --maxlife

[Freeipa-users] ip changed

2012-08-29 Thread george he
Hello all, I have free-ipa set up on my lab machines all running Fedora 17. Today the lab was moved to another building on campus and the IPs have to be changed. Now that the IPs are changed, I cannot even run kinit on the ipa-server. The error message returned with kinit is connot contact any

[Freeipa-users] ipa host-del

2012-09-03 Thread george he
Hello all, I'm trying to reinstall myipaclient so I did ipa-client-install --uninstall on my client, but when I try to do ipa host-del on the sever, I got the following error: ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Not Found) What does it mean,

Re: [Freeipa-users] ipa host-del

2012-09-04 Thread george he
, George From: John Dennis jden...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Tuesday, September 4, 2012 8:10 AM Subject: Re: [Freeipa-users] ipa host-del On 09/03/2012 06:00 PM, george he wrote

Re: [Freeipa-users] ipa host-del

2012-09-04 Thread george he
Sep 04 10:17:05 2012] [error] ipa: DEBUG: Destroyed connection context.ldap2 Thanks, George From: John Dennis jden...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Tuesday, September 4, 2012 8:53 AM

Re: [Freeipa-users] ipa host-del

2012-09-04 Thread george he
/catalina.2012-09-03.log:SEVERE: Error deploying web application directory ca Thanks, George From: John Dennis jden...@redhat.com To: george he george_...@yahoo.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Tuesday, September 4, 2012 10:40 AM

Re: [Freeipa-users] ipa host-del

2012-09-04 Thread george he
How do I start dogtag? It's centos 6.3. some errors are posted to my other email. Thanks, George From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: John Dennis jden...@redhat.com; freeipa-users@redhat.com freeipa-users@redhat.com

[Freeipa-users] cannot logon: system error?

2012-09-04 Thread george he
Hi all, This is another issue I'm having with another ipa client. Both the sever and the client are centos 6.3 The client was configured all right. I was able to log on at a point. but then after the screen was auto-locked over the night, I cannot log on any more. If I try on the console, it

Re: [Freeipa-users] ipa host-del

2012-09-04 Thread george he
both of the commands service dirsrv restart and service pki-cad restart reported: stopping ... OK starting ... OK but host-del still has the same error. More suggestions? Thanks, George From: Rob Crittenden rcrit...@redhat.com To: george he george_

Re: [Freeipa-users] cannot logon: system error?

2012-09-04 Thread george he
, September 4, 2012 3:05 PM Subject: Re: [Freeipa-users] cannot logon: system error? On Tue, Sep 04, 2012 at 11:02:36AM -0700, george he wrote: Hi all, This is another issue I'm having with another ipa client. Both the sever and the client are centos 6.3 The client was configured all right. I

Re: [Freeipa-users] ipa host-del

2012-09-05 Thread george he
: org.mozilla.jss.ssl.SSLSocket From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: John Dennis jden...@redhat.com; freeipa-users@redhat.com freeipa-users@redhat.com Sent: Tuesday, September 4, 2012 9:49 PM Subject: Re: [Freeipa-users] ipa host-del george he

Re: [Freeipa-users] ipa host-del

2012-09-05 Thread george he
=unconfined_u:system_r:pki_ca_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir And yes, I did yum update recently. Where else should I look? Thanks, George From: Rob Crittenden rcrit...@redhat.com To: george he george_...@yahoo.com Cc: Ade Lee a...@redhat.com

Re: [Freeipa-users] ipa host-del

2012-09-05 Thread george he
for your help. George From: Ade Lee a...@redhat.com To: george he george_...@yahoo.com Cc: Rob Crittenden rcrit...@redhat.com; freeipa-users@redhat.com freeipa-users@redhat.com Sent: Wednesday, September 5, 2012 10:46 AM Subject: Re: [Freeipa-users] ipa host-del

Re: [Freeipa-users] ipa host-del

2012-09-05 Thread george he
to existing files, but now they are not. So I changed the links one more times to make them pointing to /usr/lib/..., restarted ipa, and host-del worked. Thanks again, guys. George From: John Dennis jden...@redhat.com To: a...@redhat.com Cc: george he george_

[Freeipa-users] Stale NFS file handle

2012-09-12 Thread george he
Hello, My ipa server and my nfs server are the same machine running centos 6.3. The server was accidentally down and rebooted. But then I got authentication failsure on some clients when tried to log on through gdm, and blue screen (no desktop, no panels) on some others. On some clients that I

Re: [Freeipa-users] Stale NFS file handle

2012-09-12 Thread george he
-users] Stale NFS file handle On Wed, Sep 12, 2012 at 8:26 PM, george he george_...@yahoo.com wrote: Hello, My ipa server and my nfs server are the same machine running centos 6.3. try to separate those roles if you can. You can use vm's, it'll work great.   The server was accidentally down

Re: [Freeipa-users] Stale NFS file handle

2012-09-12 Thread george he
handle On 09/12/2012 08:26 PM, george he wrote: Hello, My ipa server and my nfs server are the same machine running centos 6.3. The server was accidentally down and rebooted. But then I got authentication failsure on some clients when tried to log on through gdm, and blue screen (no desktop

[Freeipa-users] NFS on Mac

2012-09-17 Thread george he
Hello all, I have IPA server and NFS server set up on a computer running centos 6.3. Is there a way to set up a mac laptop to access the data on the NFS server? The laptop does not have a static IP. DNS is not configured with IPA. If yes, how do I config the mac? Thanks,

Re: [Freeipa-users] NFS on Mac

2012-09-17 Thread george he
On 09/17/2012 11:07 AM, george he wrote: Hello all, I have IPA server and NFS server set up on a computer running centos 6.3. Is there a way to set up a mac laptop to access the data on the NFS server? The laptop does not have a static IP. DNS is not configured with IPA. If yes, how do I config

[Freeipa-users] ipa and cronjob

2012-11-13 Thread george he
Hi all, I have a cronjob run daily by an ipa user, which accesses nfs mounted data on the nfs server (another machine in the realm). The problem is when the user was away for a few days, his credential expired and the cronjob did not run until he came back and logged on to the system again.