from:"Yiorgos Stamoulis"

Re: [Freeipa-users] freeipa and RHEL 7

2014-10-08 Thread Yiorgos Stamoulis

Hi Janelle,

as a temp fix you can subsitute fedora-domainname.service with
rhel-domainname.service in the relevant files:

perl -i -pe 's/fedora-domainname.service/rhel-domainname.service/g'
/usr/lib/python2.7/site-packages/ipaplatform{/fedora,}/services.py

Cheers

Y

On 08/10/14 15:17, Janelle wrote:
 Hi again

 Just wondering if anyone has found a work around to get freeipa
 installed on RHEL 7 -- the server works fine, but it never finishes
 the client install and you can't force a client install either.

 You end up with this in the logs, which I see has been reported, but
 wondering  if fixed?

 stderr=Failed to issue method call: Unit fedora-domainname.service
 failed to load: No such file or directory.

 Thanks
 ~J


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] can ipa-client-install be updated to call username/password from a file?

2014-10-01 Thread Yiorgos Stamoulis


On 01/10/14 08:19, Les Stott wrote:

 Hi,

  

 I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.

  

 I am working on doing an unattended ipa client installation. I have it
 working with the following….

  

 /usr/sbin/ipa-client-install -p admin -w admin_password -U --no-ntp

  

 While this works, while it runs, the admin_password value is visable
 in the output of a ps –ef command on the host when installing the ipa
 client.

  

 # ps -ef |grep ipa

 root 30284 30283 43 03:31 ?00:00:01 /usr/bin/python -E
 /usr/sbin/ipa-client-install -p admin -w plain_text_password -U --no-ntp

  

 This represents a challenge to security, even though its only minor
 (as in its only there for a minute or so), but its still there and it
 is the admin password.

  

 Can  ipa-client-install be updated to include a parameter to retrieve
 the admin password from a file? i.e.

  

 /usr/bin/python -E /usr/sbin/ipa-client-install -p admin –from-file
 /tmp/credentials -U --no-ntp

  

 That would then protect the admin password.

  

 I am not familiar with python coding.

  

 Thanks in advance,

  

 Les



Hi Les,

in addition to the answers you have already received, you can create a
user with the 'host enrollment' permission only, so even if the
credentials are compromised the damage is minimized.

I am using this on 4.0.3 but looking at an older installation the same
seems available in 3.0 too.

Best Regards

Yiorgos
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

[Freeipa-users] freeipa 4.0.3 on RHEL/Centos7 calls fedora-domainname.service instead of rhel-domainname.service

2014-10-01 Thread Yiorgos Stamoulis

Hi Martin,

not sure where to file a bug report as this is in limbo between Fedora 
RHEL, so here it is:

enrolling a 4.0.3 RHEL/Centos7 server fails with:

Configuring example.com as NIS domain.
Traceback (most recent call last):
  File /usr/sbin/ipa-client-install, line 2790, in module
sys.exit(main())
  File /usr/sbin/ipa-client-install, line 2771, in main
rval = install(options, env, fstore, statestore)
  File /usr/sbin/ipa-client-install, line 2735, in install
configure_nisdomain(options=options, domain=cli_domain)
  File /usr/sbin/ipa-client-install, line 1391, in configure_nisdomain
services.knownservices.domainname.restart()
  File /usr/lib/python2.7/site-packages/ipaplatform/base/services.py,
line 270, in restart
capture_output=capture_output)
  File /usr/lib/python2.7/site-packages/ipapython/ipautil.py, line
346, in run
raise CalledProcessError(p.returncode, arg_string, stdout)
subprocess.CalledProcessError: Command ''/bin/systemctl' 'restart'
'fedora-domainname.service'' returned non-zero exit status 6

substituting fedora-domainname.service with rhel-domainname.service in
/usr/lib/python2.7/site-packages/ipaplatform/fedora/services.py and
/usr/lib/python2.7/site-packages/ipaplatform/services.py allows the
installation to proceed.

Cheers,

Yiorgos
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] freeipa 4.0.3 on RHEL/Centos7 calls fedora-domainname.service instead of rhel-domainname.service

2014-10-01 Thread Yiorgos Stamoulis


On 01/10/14 13:16, Martin Kosek wrote:
 Hello Yiorgos,

 Yes, this is a known issue that the upstream FreeIPA Copr build for 
 CentOS/RHEL
 7.0 has. We track it in this ticket:

 https://fedorahosted.org/freeipa/ticket/4562

 We would like to fix it within October. If you will be able to help with
 patches or testing, we would of course welcome it!

 HTH,
 Martin

Hi Martin,

Thank you for your reply and pointer.  Yes, I would like to contribute
to the best of my {avail,}ability.

I am interested in making v4 work in EL7 as I am working towards
deploying FreeIPA the coming months and I would like to avoid starting
with a version that is about to be superseded or doing it on Fedora for
a production environment.

Best Regards,

Yiorgos

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] freeipa and RHEL 7

Re: [Freeipa-users] can ipa-client-install be updated to call username/password from a file?

[Freeipa-users] freeipa 4.0.3 on RHEL/Centos7 calls fedora-domainname.service instead of rhel-domainname.service

Re: [Freeipa-users] freeipa 4.0.3 on RHEL/Centos7 calls fedora-domainname.service instead of rhel-domainname.service

4 matches

Site Navigation

Mail list logo

Footer information