[Freeipa] blueprint Re: [Blueprint servercloud-p-freeipa-tech-preview] FreeIPA Tech Preview

2011-10-26 Thread TImo Aaltonen
Hey For the record, I've created a blueprint [1] and assigned the team to it, but reassigned it to myself for now until it is in a better shape to avoid unnecessary spamming.. I have a FreeIPA server instance running on Fedora 15, and will try to get the client ready for UDS. The goal

[Freeipa] [Bug 259547] Re: [needs-packaging] FreeIPA

2011-11-27 Thread Timo Aaltonen
I've uploaded python-nss and python-krb5 to the archive, certmonger and freeipa itself is left for the freeipa-client to work. The server needs further work. ** Changed in: ubuntu Status: Confirmed = In Progress ** Changed in: ubuntu Assignee: (unassigned) = Timo Aaltonen (tjaalton

[Freeipa] [Bug 899327] Re: auto-generated patch in debian/patches

2012-01-02 Thread Timo Aaltonen
: (unassigned) = Timo Aaltonen (tjaalton) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to python-krbv in Ubuntu. https://bugs.launchpad.net/bugs/899327 Title: auto-generated patch in debian/patches Status in “certmonger” package in Ubuntu: In Progress

[Freeipa] [Bug 935352] Re: osutil version 2.0.2-1~ubuntu2 FTBFS on amd64 in precise

2012-03-26 Thread Timo Aaltonen
osutil got removed from the archive, as it's not needed anymore. ** Changed in: osutil (Ubuntu Precise) Status: New = Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to osutil in Ubuntu. https://bugs.launchpad.net/bugs/935352

Re: [Freeipa] ipa-client-install error

2012-05-06 Thread Timo Aaltonen
04.05.2012 21:27, Baoli Ma kirjoitti: Hi freeipa team members: I tried to join a Ubuntu12.04 to my freeipa domain, I got the following errors: 2012-05-01 08:38:59,093 DEBUG Init ldap with: ldap://ds.mydomain.com:389 2012-05-01 08:38:59,121 ERROR LDAP Error: Connect error: A TLS packet

[Freeipa] [Bug 997990] Re: fail joining to a freeipa server with ipa-client-install

2012-05-11 Thread Timo Aaltonen
Yes, this is likely a bug in NSS on the server. You can make it work by enabling SSL v3 on the server: - shut dirsrv down - edit /etc/dirsrv/slapd-FOO/dse.ldif: - search for 'nsSSL3:', change the value to 'on' - save the file - start dirsrv the next time ipa-client-install should work. --

[Freeipa] [Bug 997990] Re: fail joining to a freeipa server with ipa-client-install

2012-05-14 Thread Timo Aaltonen
ah, if you mean the comment would run.. it's just informational. SSSD is already enabled, and pam is otherwise configured, but there's no pam- auth-update config for pam_mkhomedir.. probably should just change the text, or drop it. -- You received this bug notification because you are a member

[Freeipa] [Bug 1025864] Re: ipa-getkeytab doesn't work

2012-07-18 Thread Timo Aaltonen
thanks for testing, I'll look at it after my vacation. ** Changed in: freeipa (Ubuntu) Assignee: (unassigned) = Timo Aaltonen (tjaalton) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs

[Freeipa] [Bug 1024765] Re: ipa-client-install failes at certutil stage because /etc/pki doesn't exists

2012-07-30 Thread Timo Aaltonen
nss should create the nssdb hierarchy ** Also affects: nss (Ubuntu) Importance: Undecided Status: New ** Changed in: nss (Ubuntu) Importance: Undecided = High ** Changed in: nss (Ubuntu) Status: New = Confirmed ** Also affects: nss (Debian) via

[Freeipa] [Bug 1024765] Re: ipa-client-install failes at certutil stage because /etc/pki doesn't exist

2012-07-31 Thread Timo Aaltonen
Preferably in debian first, since I'm not sure what possible issues it might bring. Need to discuss it with Mike. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title:

[Freeipa] [Bug 1025018] Re: chkconfig call in ipa-client-install doesn't work

2012-07-31 Thread Timo Aaltonen
There's much restructuring needed upstream before a proper debian platform module can be created (that works for the server as well). I'm in process of doing it, but not sure how long it takes until everything is in place. we should still be able to fix the current package so that it doesn't need

[Freeipa] [Blueprint servercloud-r-freeipa] FreeIPA work for R

2012-12-01 Thread Timo Aaltonen
Blueprint changed by Timo Aaltonen: Whiteboard changed: - Please can this be blueprint be completed? - - Thanks :) + 2012-12-01: Sent a preliminary patch to Debian bug #537866 to add + support for /etc/pki/nssdb -- FreeIPA work for R https://blueprints.launchpad.net/ubuntu/+spec/servercloud-r

[Freeipa] [Bug 1104954] Re: CVE-2012-5484: ipa-client security vunerability

2013-01-25 Thread Timo Aaltonen
i'll deal with it soon. ** Changed in: freeipa (Ubuntu) Status: Incomplete = Confirmed ** Changed in: freeipa (Ubuntu) Assignee: (unassigned) = Timo Aaltonen (tjaalton) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa

[Freeipa] [Bug 1104954] Re: CVE-2012-5484: ipa-client security vunerability

2013-02-08 Thread Timo Aaltonen
or steal them from the rhel package -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1104954 Title: CVE-2012-5484: ipa-client security vunerability Status in “freeipa” package in Ubuntu:

[Freeipa] [Bug 1104954] Re: CVE-2012-5484: ipa-client security vunerability

2013-02-10 Thread Timo Aaltonen
** Also affects: freeipa (Ubuntu Precise) Importance: Undecided Status: New -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1104954 Title: CVE-2012-5484: ipa-client security

[Freeipa] [Bug 1104954] Re: CVE-2012-5484: ipa-client security vunerability

2013-02-10 Thread Timo Aaltonen
I've pushed a new version of the package to raring and the freeipa ppa (precise): https://launchpad.net/~freeipa/+archive/ppa please test ** Changed in: freeipa (Ubuntu Precise) Importance: Undecided = Medium ** Changed in: freeipa (Ubuntu Precise) Status: New = In Progress -- You

[Freeipa] [Bug 1024765] Re: ipa-client-install failes at certutil stage because /etc/pki doesn't exist

2013-02-20 Thread Timo Aaltonen
uploaded a new nss to the freeipa ppa that adds support for nssdb: https://launchpad.net/~freeipa/+archive/ppa only for precise, guess that's what people are testing with.. so please test if it works with ipa-client-install. ** Changed in: nss (Ubuntu) Status: In Progress = Incomplete

[Freeipa] [Bug 1025765] Re: pam-auth-update call is missing from platform/debian.py

2013-03-07 Thread Timo Aaltonen
the other bug has been fixed in sssd, closing this as invalid since I don't think it makes sense for freeipa to run pam-auth-update. ** Changed in: freeipa (Ubuntu) Status: Incomplete = Invalid -- You received this bug notification because you are a member of FreeIPA, which is subscribed

[Freeipa] [Bug 997990] Re: fail joining to a freeipa server with ipa-client-install

2013-05-22 Thread Timo Aaltonen
Please try with current updates, gnutls26 in particular has received updates that might have fixed this in the process, and I can't reproduce this on raring. ** Changed in: freeipa (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of

[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist

2013-09-11 Thread Timo Aaltonen
** Summary changed: - ipa-client-install failes at certutil stage because /etc/pki doesn't exist + ipa-client-install fails at certutil stage because /etc/pki doesn't exist -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.

[Freeipa] [Bug 1282818] Re: 14.04 freeipa ipa-client-install fails

2014-04-04 Thread Timo Aaltonen
nah that's fine, I'll fix that too! and yes I think mkhomedir was the motivation to keep it but disabled, can't remember anymore -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1282818 Title:

[Freeipa] [Bug 1282818] Re: 14.04 freeipa ipa-client-install fails

2014-04-04 Thread Timo Aaltonen
ok that's reassuring to hear, maybe something wrong on my side then.. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1282818 Title: 14.04 freeipa ipa-client-install fails Status in “freeipa”

[Freeipa] [Bug 1282818] Re: 14.04 freeipa ipa-client-install fails

2014-04-10 Thread Timo Aaltonen
also, mkhomedir can't be Default like on your example config, so https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1192719 needs to be fixed before --mkhomedir option works -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.

[Freeipa] [Bug 1287428] Re: apt-get install freeipa-client partially runs installer

2014-04-14 Thread Timo Aaltonen
the default conf has been dropped from the package ** Changed in: freeipa (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1287428 Title: apt-get

[Freeipa] [Bug 1164749] Re: ipa-client-install --unattended stalls with a prompt for user input

2014-04-14 Thread Timo Aaltonen
this should be fixed in trusty, reopen if not ** Changed in: freeipa (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1164749 Title:

[Freeipa] [Bug 1309655] Re: freeipa-client-install points to wrong ntp.conf file

2014-04-19 Thread Timo Aaltonen
= Triaged ** Changed in: freeipa (Ubuntu) Assignee: (unassigned) = Timo Aaltonen (tjaalton) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1309655 Title: freeipa-client-install points to wrong

[Freeipa] [Bug 1336869] Re: mkhomedir option not working on ipa-client-install

2014-07-03 Thread Timo Aaltonen
yes, see https://bugs.launchpad.net/ubuntu/+source/pam/+bug/557013 (fixed in utopic) https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1192719 ** Changed in: freeipa (Ubuntu) Importance: Undecided = Medium ** Changed in: freeipa (Ubuntu) Status: New = Triaged -- You received this

[Freeipa] [Bug 1309655] Re: freeipa-client-install points to wrong ntp.conf file

2014-08-05 Thread Timo Aaltonen
soon is relative, but it's fixed on utopic now, next is filing the paperwork for trusty SRU ** Also affects: freeipa (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: freeipa (Ubuntu Trusty) Status: New = In Progress -- You received this bug notification because

[Freeipa] [Bug 1309655] Re: freeipa-client-install points to wrong ntp.conf file

2014-08-06 Thread Timo Aaltonen
** Description changed: - On a fresh 14.04-server install freeipa-client-install does not write to - the correct ntpd conf file. Using + [Impact] + On a fresh 14.04-server install freeipa-client-install does not write to the correct ntpd conf file. Also, it needs --force-ntpd option to overcome

[Freeipa] [Blueprint foundations-t-freeipa] FreeIPA for trusty

2014-10-26 Thread Timo Aaltonen
Blueprint changed by Timo Aaltonen: Work items changed: Work items: [tjaalton] add nssdb support to nss: DONE [tjaalton] update tomcatjss to 7.1: DONE [tjaalton] add dyndb support to bind9: DONE [tjaalton] refactor the platform code on freeipa: DONE - [tjaalton] freeipa: write platform

[Freeipa] [Blueprint foundations-t-freeipa] FreeIPA for trusty

2014-10-26 Thread Timo Aaltonen
Blueprint changed by Timo Aaltonen: Work items changed: Work items: [tjaalton] add nssdb support to nss: DONE [tjaalton] update tomcatjss to 7.1: DONE [tjaalton] add dyndb support to bind9: DONE [tjaalton] refactor the platform code on freeipa: DONE [tjaalton] freeipa: write platform

[Freeipa] [Blueprint foundations-t-freeipa] FreeIPA for trusty

2014-10-26 Thread Timo Aaltonen
Blueprint changed by Timo Aaltonen: Work items changed: Work items: [tjaalton] add nssdb support to nss: DONE [tjaalton] update tomcatjss to 7.1: DONE [tjaalton] add dyndb support to bind9: DONE [tjaalton] refactor the platform code on freeipa: DONE [tjaalton] freeipa: write platform

[Freeipa] FreeIPA 4.0.4 now in Debian unstable!

2014-10-26 Thread Timo Aaltonen
Hi! Sooo.. as a followup to last weeks announcement about Dogtag 10.2 getting in Debian, today marks the day that FreeIPA finally made it to the distro! And unless release critical bugs are found it'll migrate to the testing branch after spending 10 days on unstable, just in time

[Freeipa] [Bug 1446874] Re: FreeIPA 4.0.5 on Trusty

2015-04-23 Thread Timo Aaltonen
yes, uploaded a package which only builds the client -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1446874 Title: FreeIPA 4.0.5 on Trusty Status in freeipa package in Ubuntu: Won't Fix

[Freeipa] [Bug 1446874] Re: FreeIPA 4.0.5 on Trusty

2015-04-21 Thread Timo Aaltonen
That's new, but wouldn't be the last error in the process.. I'll remove the package from the ppa. ** Changed in: freeipa (Ubuntu) Status: New = Won't Fix -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.

[Freeipa] [Bug 1446874] Re: FreeIPA 4.0.5 on Trusty

2015-04-21 Thread Timo Aaltonen
the problem is that it would take too much of an effort to port it to upstart, just for one release -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1446874 Title: FreeIPA 4.0.5 on Trusty

[Freeipa] [Bug 1492219] Re: ipa-client-install crashes when /usr/bin/nsupdate isn't installed

2015-09-04 Thread Timo Aaltonen
that's weird, since freeipa-client already depends on dnsutils which provides nsupdate.. ** Changed in: freeipa (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.

[Freeipa] [Bug 1449304] Re: ipa-replica-prepare fails

2015-09-24 Thread Timo Aaltonen
changed the title, gpg-agent addition is handled in bug 1492184 FYI, it'll be 4.3 that should support replica installation with GSSAPI ** Summary changed: - ipa-replica-prepare fails due to gnupg-agent missing + ipa-replica-prepare fails ** Changed in: freeipa (Ubuntu) Importance: Undecided

[Freeipa] [Bug 1449304] Re: ipa-replica-prepare fails

2015-12-19 Thread Timo Aaltonen
still needs bind 9.10.x in order to get past 4.1 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1449304 Title: ipa-replica-prepare fails Status in freeipa package in Ubuntu: Triaged Status

[Freeipa] [Bug 1543230] Re: After installing freeipa-server-trust-ad ipa tries to start smb.service which doesn't exist

2016-02-08 Thread Timo Aaltonen
right, I don't know if ipa-adtrust-install needs an actual AD instance to test against, or samba.. I don't have either so this part is untested it's fairly trivial to fix that smb.service part though, but there might be other bugs still ** Changed in: freeipa (Ubuntu) Status: New =>

[Freeipa] [Bug 1543230] Re: After installing freeipa-server-trust-ad ipa tries to start smb.service which doesn't exist

2016-02-09 Thread Timo Aaltonen
the logs are in /var/log/ipa* but I know how to fix this I'm the one packaging ipa for debian/ubuntu and currently trying to get 4.3 to fully replicate, which none of the earlier versions were able to even start.. -- You received this bug notification because you are a member of FreeIPA, which

[Freeipa] [Bug 1564981] Re: freeipa install errors out with certmonger 'dbus' 'start' ''' returned non-zero exit status 4

2016-04-05 Thread Timo Aaltonen
yeah alert would be one way, at least --dnssec-master should yell something I'm discussing the bind change with lamont, he'll have a look tomorrow. And thanks for trying it out :) Apache systemd integration now has a bug too https://bugs.launchpad.net/debian/+source/apache2/+bug/1566519 and a

[Freeipa] [Bug 1543230] Re: After installing freeipa-server-trust-ad ipa tries to start smb.service which doesn't exist

2016-03-02 Thread Timo Aaltonen
default samba installation doesn't install /etc/samba/smb.conf, so ipa- adtrust-install fails right away because of that.. but after adding that file and the fix for ipaplatform/services.py it installs fine -- You received this bug notification because you are a member of FreeIPA, which is

[Freeipa] [Bug 1543230] Re: After installing freeipa-server-trust-ad ipa tries to start smb.service which doesn't exist

2016-03-02 Thread Timo Aaltonen
https://fedorahosted.org/freeipa/ticket/5687 ** Bug watch added: fedorahosted.org/freeipa/ #5687 https://fedorahosted.org/freeipa/ticket/5687 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.

[Freeipa] [Bug 1564981] Re: freeipa install errors out with certmonger 'dbus' 'start' ''' returned non-zero exit status 4

2016-04-02 Thread Timo Aaltonen
Right, I think the server will be removed from xenial and instead point folks to use a ppa with freeipa 4.3.1 plus other bits that are needed and which are too late to get in before release (bind9 with native pkcs11, apache with systemd integration) You can try it out now, client promotion to a

[Freeipa] Ubuntu 16.04 released with FreeIPA 4.3.1

2016-04-21 Thread Timo Aaltonen
Howdy! Ubuntu 16.04 LTS got released today, and it comes with FreeIPA 4.3.1! The biggest feature of this version is that it also supports replication by client promotion to replica master. IPA on Debian/Ubuntu has been a single-master thing until now.. FreeIPA is in the

[Freeipa] [Bug 1509484] Re: certmonger processes turn into zombies on start

2016-04-18 Thread Timo Aaltonen
What does 'getcert list-cas' say? I guess the zombies were due to ipa- client-install bugs or such, and could be you need to fix things manually... -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu.

[Freeipa] [Bug 1336869] Re: mkhomedir option not working on ipa-client-install

2016-04-15 Thread Timo Aaltonen
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1192719 is not fixed yet -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1336869 Title: mkhomedir option not working on ipa-client-install

Re: [Freeipa] Missing armhf python-ipalib

2016-04-19 Thread Timo Aaltonen
19.04.2016, 11:28, Nicklas Björk kirjoitti: > Hi FreeIPA team, > > I was experimenting with the armhf packages, trying to get the FreeIPA > client to install on a Raspberry PI 3 / raspbian. The python-ipaclient > package seems to have a dependency for python-ipalib, which seems to be > included

[Freeipa] [Bug 1509484] Re: certmonger processes turn into zombies on start

2016-04-19 Thread Timo Aaltonen
the helper locations are wrong, the prefix should be /usr/lib/certmonger two ways to fix: 1) shutdown certmonger, edit /var/lib/certmonger/cas/* to use correct paths 2) use 'getcert modify-ca' to edit the paths -- You received this bug notification because you are a member of FreeIPA, which is

Re: [Freeipa] Missing armhf python-ipalib

2016-04-19 Thread Timo Aaltonen
19.04.2016, 14:41, Nicklas Björk kirjoitti: > On 2016-04-19 12:15, Timo Aaltonen wrote: >> 19.04.2016, 11:28, Nicklas Björk kirjoitti: >>> Hi FreeIPA team, >>> >>> I was experimenting with the armhf packages, trying to get the FreeIPA >>> cli

[Freeipa] [Bug 1509484] Re: certmonger processes turn into zombies on start

2016-04-18 Thread Timo Aaltonen
this should be fixed in xenial.. ** Changed in: certmonger (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1509484 Title: certmonger

[Freeipa] [Bug 1600634] Re: ipa-server-install: On non-x86, errors enabling compatibility plugin for dirsrv

2016-07-11 Thread Timo Aaltonen
right, it was expected that sooner or later someone used 389 on !x86 :/ the libarch patch should cover all the others too ** Also affects: 389-ds-base (Ubuntu) Importance: Undecided Status: New ** Changed in: 389-ds-base (Ubuntu) Status: New => Triaged -- You received this

[Freeipa] [Bug 1664457] Re: ftbfs with libresteasy-java 3.1.0

2017-02-14 Thread Timo Aaltonen
signee: (unassigned) => Timo Aaltonen (tjaalton) ** Summary changed: - ftbfs with libresteasy-java 3.1.0 + dogtag-pki ftbfs with libresteasy-java 3.1.0 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to dogtag-pki in Ubuntu. https://bugs.laun

[Freeipa] [Bug 1664453] Re: autopkgtests failing with systemd-232

2017-02-14 Thread Timo Aaltonen
it has no chance of working before tomcat 8.5 is purged from proposed(*), so I'd hold on making any changes before that happens * https://bugs.launchpad.net/bugs/1662654 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to dogtag-pki in Ubuntu.

[Freeipa] [Bug 1657134] Re: ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was not

2017-01-17 Thread Timo Aaltonen
I see that the rpm packages reload these on postinst, so that needs to be done here too.. ** Changed in: freeipa (Ubuntu) Status: Incomplete => Triaged -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.

[Freeipa] [Bug 1657134] Re: ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was not

2017-01-19 Thread Timo Aaltonen
this is actually better handled in oddjob by adding a dpkg trigger to reload the daemon when config files are installed in /etc/oddjobd.conf.d ** Package changed: freeipa (Ubuntu) => oddjob (Ubuntu) -- You received this bug notification because you are a member of FreeIPA, which is subscribed

Re: [Freeipa] [Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1

2016-08-30 Thread Timo Aaltonen
On 29.08.2016 10:34, Timo Aaltonen wrote: > On 21.04.2016 22:01, Timo Aaltonen wrote: >> >> ps. Debian unstable will have 4.3.1 once the package has gone through >> the NEW queue because the packaging got split in certain ways > > No it did not, because the ftpmaste

[Freeipa] [Bug 1600634] Re: ipa-server-install: On non-x86, errors enabling compatibility plugin for dirsrv

2016-09-23 Thread Timo Aaltonen
file a new bug -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1600634 Title: ipa-server-install: On non-x86, errors enabling compatibility plugin for dirsrv Status in 389-ds-base package

[Freeipa] [Bug 1628884] Re: ipa-otpd@1-32385-0.service: Failed at step EXEC spawning /usr/lib/ipa-otpd: No such file or directory

2016-09-29 Thread Timo Aaltonen
** Changed in: freeipa (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1628884 Title: ipa-otpd@1-32385-0.service: Failed at step EXEC spawning

[Freeipa] [Bug 1630911] Re: freeipa-client has a hard dependency on "ntp" which is not wanted in lxd environment

2016-10-07 Thread Timo Aaltonen
it's not that simple, the client setup would fail if there's no ntp installed, and I don't think there's a reliable way to detect lxc -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1630911

[Freeipa] [Bug 1627371] Re: Timing problems with FreeIPA installation

2016-09-25 Thread Timo Aaltonen
this is likely caused by tomcat instances using initd rather than systemd I'm not sure about adding timeouts to freeipa for this, because RPi doesn't have much RAM either.. the VM's that I've used for testing have all had at least 1.5GB ** Also affects: dogtag-pki (Ubuntu) Importance:

Re: [Freeipa] help

2016-11-07 Thread Timo Aaltonen
On 08.11.2016 03:22, 郑磊 wrote: > Hi Timo, > Thank you for your reply! I have already joined both the freeipa-users > and freeipa-devel team, and submitted some PR on the freeipa github. My > OS is Ubuntu, and available version of freeipa is 4.3.x, which is > different from master branch. A member

Re: [Freeipa] help

2016-11-07 Thread Timo Aaltonen
On 08.11.2016 09:38, 郑磊 wrote: > I see. But my work environment is Ubuntu and available version of > freeipa is 4.3.x. I want to maintain freeipa on the Ubuntu system. I > have already applied to join the freeipa@lists.launchpad.net team in > https://launchpad.net/~freeipa/+members#proposed,

Re: [Freeipa] help

2016-11-07 Thread Timo Aaltonen
On 07.11.2016 03:24, 郑磊 wrote: > Hello Everyone, > I'm using FreeIPA on Ubuntu, and having a test and research with the > function of FreeIPA. At the same time, I have carried on the Chinese > translation to the web interface, also added own log module in web > interface, which can record our

Re: [Freeipa] Help removing me from this list

2016-11-08 Thread Timo Aaltonen
On 08.11.2016 12:14, Adilson Oliveira wrote: > Hello > > I no longer have a launchpad account but I am still receiving emails > from this list. Does anyone have the means to remove me from it? https://launchpad.net/~agoliveira seems to be doing well, so you just need to revive the password? I

Re: [Freeipa] [Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1

2016-10-17 Thread Timo Aaltonen
On 16.10.2016 08:00, Jochen Hein wrote: > Timo Aaltonen <tjaal...@ubuntu.com> writes: > >> On 15.10.2016 22:33, Jochen Hein wrote: >>> Timo Aaltonen <tjaal...@ubuntu.com> writes: >>> >>>> Ubuntu 16.04 LTS got released today, and it

[Freeipa] [Bug 1645201] Re: ipa-client-automount fails

2016-11-28 Thread Timo Aaltonen
yeah, service mapping was wrong on ipaplatform/debian/services.py ** Changed in: freeipa (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1645201

[Freeipa] [Bug 1336869] Re: mkhomedir option not working on ipa-client-install

2016-10-10 Thread Timo Aaltonen
feel free to help with 1192719 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1336869 Title: mkhomedir option not working on ipa-client-install Status in freeipa package in Ubuntu: Triaged

[Freeipa] [Bug 1656236] Re: OpenSans TTF fonts missing

2017-01-14 Thread Timo Aaltonen
right, but the ui still works with the fallback font so it's harmless ** Changed in: freeipa (Ubuntu) Importance: Undecided => Wishlist ** Changed in: freeipa (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of FreeIPA, which is

[Freeipa] [Bug 1630911] Re: freeipa-client has a hard dependency on "ntp" which is not wanted in lxd environment

2017-01-14 Thread Timo Aaltonen
client install expects ntpd to be present upstream is discussing whether ntp should be configured at all, since it's usually already configured by the distro -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.

[Freeipa] [Bug 1640732] Re: krb5-otp package not being installed when ipa-server-install

2017-01-14 Thread Timo Aaltonen
** Changed in: freeipa (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1640732 Title: krb5-otp package not being installed when ipa-server-install

[Freeipa] [Bug 1643244] Re: --mkhomedir seems to not work (through oddjob) in 16.04

2017-01-14 Thread Timo Aaltonen
*** This bug is a duplicate of bug 1336869 *** https://bugs.launchpad.net/bugs/1336869 ** This bug has been marked a duplicate of bug 1336869 mkhomedir option not working on ipa-client-install -- You received this bug notification because you are a member of FreeIPA, which is subscribed

[Freeipa] [Bug 1630911] Re: freeipa-client has a hard dependency on "ntp" which is not wanted in lxd environment

2017-01-14 Thread Timo Aaltonen
alright, so it does install even without.. anyway, it's a no-brainer to demote as Recommends so I'll just do that -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1630911 Title: freeipa-client

[Freeipa] [Bug 1653245] Re: python-ipalib is missing authconfig

2017-01-12 Thread Timo Aaltonen
that's the one, and here's the commit https://anonscm.debian.org/git/pkg-freeipa/freeipa.git/commit/?h=master- next=d1b501999f999df5b7b3b5574e820a1e57c8281e -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.

[Freeipa] [Bug 1653245] Re: python-ipalib is missing authconfig

2016-12-30 Thread Timo Aaltonen
this is fixed in git ** Changed in: freeipa (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1653245 Title: python-ipalib is missing authconfig

[Freeipa] [Bug 1685115] [NEW] opendnssec 2.0 broke FreeIPA DNSSEC setup

2017-04-21 Thread Timo Aaltonen
Public bug reported: [Impact] https://pagure.io/freeipa/issue/6873 Not fixed upstream yet, this is a placeholder bug. [Test case] Run 'ipa-dns-install --dnssec-master' after ipa-server-install. [Regression potential] ** Affects: freeipa (Ubuntu) Importance: Undecided Status:

[Freeipa] [Bug 1682149] Re: dogtag-pki stops working with resteasy newer than 3.0.19-2

2017-04-13 Thread Timo Aaltonen
yep, well known: https://pagure.io/dogtagpki/issue/2596 but even after this the bigger issue is getting dogtag/tomcatjss ported to tomcat 8.5: https://pagure.io/tomcatjss/issue/1 https://pagure.io/tomcatjss/issue/3 https://pagure.io/dogtagpki/issue/2560 not sure it'll happen for 17.10 either..

[Freeipa] [Bug 1677139] Re: pkcs11 setup needs fixes for SoftHSM 2.2

2017-04-19 Thread Timo Aaltonen
** Summary changed: - softhsm 2.2.0 is broken + pkcs11 setup needs fixes for SoftHSM 2.2 ** Description changed: - The current version of softhsm in zesty, 2.2.0, is broken: + [Impact] - https://github.com/opendnssec/SoftHSMv2/issues/298 + https://pagure.io/freeipa/issue/6692 - even basic

[Freeipa] [Bug 1635568] Re: freeipa-client - Can't enroll a client if server has external CA certs in addition to self signed CA cert

2017-03-07 Thread Timo Aaltonen
if you have /etc/ipa/ca.crt, try removing it and ipa-client-install again -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1635568 Title: freeipa-client - Can't enroll a client if server has

[Freeipa] [Bug 1677139] Re: softhsm 2.2.0 is broken

2017-04-19 Thread Timo Aaltonen
the patch for freeipa works ** Package changed: softhsm2 (Ubuntu) => freeipa (Ubuntu) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1677139 Title: pkcs11 setup needs fixes for SoftHSM 2.2

[Freeipa] [Bug 1677139] Re: pkcs11 setup needs fixes for SoftHSM 2.2

2017-04-21 Thread Timo Aaltonen
yes that's another bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860722 ** Bug watch added: Debian Bug tracker #860722 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860722 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa

[Freeipa] [Bug 1691655] [NEW] pki-base postinst creates corrupt /etc/pki/pki.version

2017-05-18 Thread Timo Aaltonen
Public bug reported: [Impact] Upgrading pki-base from xenial to zesty fails, because /etc/pki/pki.versio created on xenial looks like this: Configuration-Version: 10.2.6+git20160317 while it should just have 10.2.6. To fix the upgrade, the file should be recreated if old pki-base is older than

[Freeipa] [Bug 1693154] Re: ipa-client-install fails: kinit: Included profile directory could not be read while initializing Kerberos 5 library

2017-05-24 Thread Timo Aaltonen
the client install creates /etc/krb5.conf with "includedir /etc/krb5.conf.d/" while creating that directory should be done by krb5-config, it was fixed in sid/artful by freeipa-client 4.4.4-1. mit-krb5 will add the directory after stretch is released SRU for zesty would be in order, though **

[Freeipa] [Bug 1691655] Re: pki-base postinst creates corrupt /etc/pki/pki.version

2017-05-18 Thread Timo Aaltonen
Now that 10.3.5+12-4 is synced, yes. But I heard about another upgrade bug which I'll check first, and reupload this along with other fixes if needed. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to dogtag-pki in Ubuntu.

[Freeipa] [Bug 1685115] Re: opendnssec 2.0 broke FreeIPA DNSSEC setup

2017-06-10 Thread Timo Aaltonen
I'll monitor this issue ** Changed in: freeipa (Ubuntu Artful) Assignee: Dimitri John Ledkov (xnox) => Timo Aaltonen (tjaalton) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1685

[Freeipa] [Bug 1677139] Re: pkcs11 setup needs fixes for SoftHSM 2.2

2017-06-10 Thread Timo Aaltonen
I'll deal with this ** Changed in: freeipa (Ubuntu Artful) Assignee: Dimitri John Ledkov (xnox) => Timo Aaltonen (tjaalton) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1677139 Ti

[Freeipa] [Bug 1693154] Re: ipa-client-install fails: kinit: Included profile directory could not be read while initializing Kerberos 5 library

2017-06-14 Thread Timo Aaltonen
resent (probably fresh install) ** Changed in: freeipa (Ubuntu Zesty) Status: New => In Progress ** Changed in: freeipa (Ubuntu Zesty) Assignee: (unassigned) => Timo Aaltonen (tjaalton) -- You received this bug notification because you are a member of FreeIPA, which is su

[Freeipa] [Bug 1717998] [NEW] Please remove tomcat8.0 before 18.04 releases

2017-09-18 Thread Timo Aaltonen
Public bug reported: This package is meant to be temporary to allow tomcatjss, dogtag-pki (and thus freeipa) to work until upstream has ported the components for tomcat 8.5 and up. ** Affects: tomcat8.0 (Ubuntu) Importance: High Assignee: Timo Aaltonen (tjaalton) Status

[Freeipa] [Bug 1716842] Re: dogtag-pki needs porting work for tomcat8

2017-09-20 Thread Timo Aaltonen
It built against old tomcat 8.0.x, but tomcat 8.5 got synced and dogtag (& tomcatjss) fail to build with it. I've packaged tomcat8.0 as a separate source package and it's in the archive now. Next I'll modify tomcatjss & dogtag-pki to use it. Tomcat8.0 will be removed before 18.04 releases, which

[Freeipa] [Bug 1656236] Re: OpenSans TTF fonts missing

2017-09-21 Thread Timo Aaltonen
** Changed in: freeipa (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1656236 Title: OpenSans TTF fonts missing Status in freeipa package in

[Freeipa] [Bug 1706872] Re: FreeIPA Client on Ubuntu 14.04 can't be enrolled to IPA Server having third party SSL

2017-09-21 Thread Timo Aaltonen
yeah 3.3.4 in 14.04 is old by today's standard.. I don't support that anymore, so either backport the client from 16.04 or upgrade to it.. closing as fixed since it's working in 16.04 ** Changed in: freeipa (Ubuntu) Status: New => Fix Released -- You received this bug notification

[Freeipa] [Bug 1656236] Re: OpenSans TTF fonts missing

2017-09-21 Thread Timo Aaltonen
looks like fonts-open-sans is now included in debian, I'll add a dep to freeipa -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1656236 Title: OpenSans TTF fonts missing Status in freeipa

[Freeipa] [Bug 1703836] Re: ipa-dnskeysyncd expects XML ods-enforcer no longer outputs xml

2017-10-09 Thread Timo Aaltonen
artful has 2.1.3 ** Changed in: opendnssec (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1703836 Title: ipa-dnskeysyncd expects XML ods-enforcer

[Freeipa] [Bug 1685115] Re: opendnssec 2.0 broke FreeIPA DNSSEC setup

2017-10-09 Thread Timo Aaltonen
*** This bug is a duplicate of bug 1703836 *** https://bugs.launchpad.net/bugs/1703836 ** This bug has been marked a duplicate of bug 1703836 ipa-dnskeysyncd expects XML ods-enforcer no longer outputs xml -- You received this bug notification because you are a member of FreeIPA, which is

[Freeipa] [Bug 1769440] Re: freeipa server install fails - Configuring the web interface, setting up ssl

2018-05-06 Thread Timo Aaltonen
yep, that's a known issue, though it doesn't have a bug for it so maybe this should be it the installation shouldn't start if the hostname is not a FQDN though, so that's another bug then -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa

[Freeipa] [Bug 1769440] Re: freeipa server install fails - Configuring the web interface, setting up ssl

2018-05-06 Thread Timo Aaltonen
doesn't hurt to try on qemu/kvm or actual hw -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769440 Title: freeipa server install fails - Configuring the web interface, setting up ssl

[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL

2018-05-06 Thread Timo Aaltonen
which architecture, and is it running on LXC/qemu or native hw? -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with

[Freeipa] [Bug 1769440] Re: freeipa server install fails - Configuring the web interface, setting up ssl

2018-05-07 Thread Timo Aaltonen
I mean the dns setup is known to be broken, I don't know why it gets an empty zone from ldap and reported it upstream but the next step would be to debug with gdb and I didn't get anywhere with it yet.. -- You received this bug notification because you are a member of FreeIPA, which is

[Freeipa] [Bug 1765616] Re: freeipa server install fails - RuntimeError: CA configuration failed.

2018-05-04 Thread Timo Aaltonen
file a separate bug, I'm not able to reproduce that -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1765616 Title: freeipa server install fails - RuntimeError: CA configuration failed.

  1   2   3   >