On 6.1.2016 08:25, Petr Spacek wrote:
> On 6.1.2016 06:42, Devin wrote:
>> I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a
>> fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the
>> Kerberos domain as LNX.NINJA. Everything installs just fine without any
On 6.1.2016 06:42, Devin wrote:
> I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a
> fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the
> Kerberos domain as LNX.NINJA. Everything installs just fine without any
> issues, and even when I log into FreeIPA
I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a
fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the
Kerberos domain as LNX.NINJA. Everything installs just fine without any
issues, and even when I log into FreeIPA and go to the DNS Manager i see
that it
Hi,
New install of FreeIPA 4.2.0-15.el7.centos.3 on Centos 7.2.1511 (and I'm very
new to FreeIPA)
Following the advice I got from here:
http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
I dumped old shadow into a csv, then wrote a small bash script to import all
the user
On Mon, Jan 04, 2016 at 03:13:43PM +0100, Domineaux Philippe wrote:
> Hello,
>
> Happy new year.
>
> So the content of my /etc/locale.conf :
>
> LANG="fr_FR.UTF-8"
>
Happy new year to you too, and thanks for the info.
I reproduced the issue and there is a now a patch awaiting review.
Ticket: h
BlueBolt wrote:
> Wow, that's fairly horrifying stuff, Rob. All of my NFS servers (and
> current ldap-auth'd clients, which are not migrated to ipa-client) are
> constrained to nfs3. I have no plans to v4 any of my nfs infrastructure
> apart from one server eventually which will serve mostly Macs
On 05/01/2016 17:17, Rob Crittenden wrote:
Martin Kosek wrote:
On 01/05/2016 04:24 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 01/04/2016 10:41 PM, Rob Crittenden wrote:
Martin Kosek wrote:
...
I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM
and it worke
On Tue, Jan 5, 2016 at 7:22 PM, Karl Forner wrote:
> update:
>
> modifying the /etc/krb5.conf, and replacing the name of my freeipa master
> by the replica fixes the problem.
> So that proves that the kdc is not picked up by discovery.
>
> The problem is that my ubuntu box was enrolled using the
Wow, that's fairly horrifying stuff, Rob. All of my NFS servers (and current
ldap-auth'd clients, which are not migrated to ipa-client) are constrained to
nfs3. I have no plans to v4 any of my nfs infrastructure apart from one server
eventually which will serve mostly Macs for acl richness. A
Thanks a lot, that works if I comment out the explicit reference to a
server name, and that I switch dns_lookup_kdc to true.
I think I understand why it was not working from the install:
I used the ipa-client-install with the option --server.
According to the man page, in the "Failover" section, I
On Tue, 05 Jan 2016, Karl Forner wrote:
update:
modifying the /etc/krb5.conf, and replacing the name of my freeipa master
by the replica fixes the problem.
So that proves that the kdc is not picked up by discovery.
This implies you have explicit line stating the KDC address in your
krb5.conf. T
On Tue, Jan 5, 2016 at 7:31 PM, Natxo Asenjo wrote:
> includedir /var/lib/sss/pubconf/krb5.include.d/
> #File modified by ipa-client-install
>
> [libdefaults]
> default_realm = IPA.DOMAIN.TLD
> dns_lookup_realm = true
> dns_lookup_kdc = true
> rdns = false
> ticket_lifetime = 24h
> fo
update:
modifying the /etc/krb5.conf, and replacing the name of my freeipa master
by the replica fixes the problem.
So that proves that the kdc is not picked up by discovery.
The problem is that my ubuntu box was enrolled using the ipa-client-install
script, and so should be properly configured.
Another piece of information:
the linux boxes are running ubuntu too, with the same configuration.
I have configured 2 dns servers, the first for my main freeipa server
(which is down), and rhe second for the replica.
After boot, the linux box can resolve addresses just fine, using the
secondary d
On Tue, Jan 5, 2016 at 8:14 AM, Jakub Hrozek wrote:
> On Tue, Jan 05, 2016 at 12:16:48AM +0100, Karl Forner wrote:
> > Hello,
> >
> > My freeipa master has crashed, and I have a replica running.
> > The problem is that I can not use anymore the webapps on my main server
> > which use a kerberos a
Martin Kosek wrote:
> On 01/05/2016 04:24 PM, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On 01/04/2016 10:41 PM, Rob Crittenden wrote:
Martin Kosek wrote:
>>> ...
> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify
> as DM
> and it worked:
>
>
On 01/05/2016 04:24 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 01/04/2016 10:41 PM, Rob Crittenden wrote:
>>> Martin Kosek wrote:
>> ...
I anyway tried to add externalHost to the shadow hostgroup via ldapmodify
as DM
and it worked:
# ipa netgroup-show masters
>>
On Tue, 05 Jan 2016, bahan w wrote:
Thanks.
And for the ipa-client package ? Is it installable on Redhat 6.6 ?
There *is* already ipa-client in RHEL 6.6, version 3.0. It is enough to
enroll this client to IPA version 4.0 server.
Or is it only installable on Redhat 7.x ?
ipa-client-4.x is onl
Martin Kosek wrote:
> On 01/04/2016 10:41 PM, Rob Crittenden wrote:
>> Martin Kosek wrote:
> ...
>>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify
>>> as DM
>>> and it worked:
>>>
>>> # ipa netgroup-show masters
>>> Netgroup name: masters
>>> Description: ipaNetgrou
Lukas Slebodnik wrote:
> On (05/01/16 15:11), bahan w wrote:
>> Hello.
>>
>> I have some questions related to this point :
>> 1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an
>> ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd
>> embedded with ipa-
Thanks.
And for the ipa-client package ? Is it installable on Redhat 6.6 ?
Or is it only installable on Redhat 7.x ?
Best regards.
Bahan
On Tue, Jan 5, 2016 at 3:31 PM, Lukas Slebodnik wrote:
> On (05/01/16 15:11), bahan w wrote:
> >Hello.
> >
> >I have some questions related to this point :
On (05/01/16 15:11), bahan w wrote:
>Hello.
>
>I have some questions related to this point :
>1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an
>ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd
>embedded with ipa-client 4.x ?
rhel6.6 has ipa-client-
Hello.
I have some questions related to this point :
1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an
ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd
embedded with ipa-client 4.x ?
2. The ipa-server 4.x can only be installed on RHEL7+, true/false
Karl Forner wrote:
>
>
> >
> > It hangs forever.
>
> How long is forever?
>
>
> officially it's about 15 mns. Do you mean that this delay could be
> expected ?
Forever is a measurement of patience. I'd have expected a timeout at
some point. To really diagnose things we'd probably
24 matches
Mail list logo