[Freeipa-users] Re: Backup idea of disaster

2018-03-05 Thread Florence Blanc-Renaud via FreeIPA-users
On 04/03/2018 02:28, barrykfl--- via FreeIPA-users wrote: Tried those command before ,,,seem the web page and LDAP separate or I missed some parts. it can turn on the ldap but the web page not allow to login ...mostly it related to ? Hi, on which system do you have trouble accessing the web

[Freeipa-users] Re: Backup idea of disaster

2018-03-05 Thread Barry via FreeIPA-users
Hi: the link u provided mentioned similar : 9.2. RESTORING A BACKUP If you have a directory with a backup created using ipa-backup , you can restore your IdM server or the LDAP content to the state in which they were when the backup was performed. You cannot restore a backup on a host differe

[Freeipa-users] Re: Backup idea of disaster

2018-03-05 Thread Florence Blanc-Renaud via FreeIPA-users
On 05/03/2018 09:57, Barry via FreeIPA-users wrote: Hi: the link u provided mentioned similar : 9.2. RESTORING A BACKUP If you have a directory with a backup created using ipa-backup , you can restore your IdM server or the LDAP content to the state in which they were when the backup was

[Freeipa-users] Re: new freeipa server

2018-03-05 Thread Andrew Meyer via FreeIPA-users
Somehow it works as a client machine and then can be promoted to a replica. On Friday, March 2, 2018 4:51 PM, Rob Crittenden via FreeIPA-users wrote: Andrew Meyer wrote: > [ec2-user@freeipa01 ~]$ curl -V > curl 7.55.1 (x86_64-koji-linux-gnu) libcurl/7.55.1 OpenSSL/1.0.2k > zlib/1.2.7 li

[Freeipa-users] snmp monitoring

2018-03-05 Thread Andrew Meyer via FreeIPA-users
When reading about monitoring replication I see that I can get this setup using --setup-snmp, however on CentOS 7.x (latest) I don't have that option.  Is it not in 4.5.0?___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscr

[Freeipa-users] Re: new freeipa server

2018-03-05 Thread Alexander Bokovoy via FreeIPA-users
On ma, 05 maalis 2018, Andrew Meyer via FreeIPA-users wrote: Somehow it works as a client machine and then can be promoted to a replica. If you are really interested in getting Amazon Linux supported with FreeIPA, I'm afraid you are looking at a wrong venue for support. Any issues like this nee

[Freeipa-users] Re: snmp monitoring

2018-03-05 Thread Alexander Bokovoy via FreeIPA-users
On ma, 05 maalis 2018, Andrew Meyer via FreeIPA-users wrote: When reading about monitoring replication I see that I can get this setup using --setup-snmp, however on CentOS 7.x (latest) I don't have that option.  Is it not in 4.5.0? Can you point to your sources? It is quite hard to understand w

[Freeipa-users] CA server install on existing server fails - FreeIPA 4.5.0

2018-03-05 Thread John Seekins via FreeIPA-users
On a RHEL 7 box, I installed the ipa-server package and set up a server without a CA successfully. Then I tried to manually add the CA functionality afterwards and, while the install appeared to work, the server can't properly access the dogtag instance through the proxy, which breaks a lot of f

[Freeipa-users] Re: snmp monitoring

2018-03-05 Thread Andrew Meyer via FreeIPA-users
My apologies. V4/Tool to Check Status of All Replicas - FreeIPA | | | | || | | | | | V4/Tool to Check Status of All Replicas - FreeIPA | | | | On Monday, March 5, 2018 10:28 AM, Alexander Bokovoy via FreeIPA-users wrote: On ma, 05 maalis 201

[Freeipa-users] Re: snmp monitoring

2018-03-05 Thread Alexander Bokovoy via FreeIPA-users
On ma, 05 maalis 2018, Andrew Meyer wrote: My apologies. [V4/Tool to Check Status of All Replicas - FreeIPA](https://www.freeipa.org/page/V4/Tool_to_Check_Status_of_All_Replicas) [ | | | | ---|--- | | ## V4/Tool to Check Status of All Replicas - FreeIPA | ---|---|--- ]

[Freeipa-users] Re: CA server install on existing server fails - FreeIPA 4.5.0

2018-03-05 Thread John Seekins via FreeIPA-users
Manually installing the cert at /etc/ipa/ca.cert and restarting Apache fixes the error, but it seems like whenever a cert renewal happens, I'll have to manually update it again. Which seems brittle. ___ FreeIPA-users mailing list -- freeipa-users@lists.

[Freeipa-users] cross realm trust - without win AD credentials ?

2018-03-05 Thread lejeczek via FreeIPA-users
hi guys I wonder if it is(would be) possible to have IPA join AD but so IPA admin only asks AD admin(s) to do whatever is required and then s/he does IPA end? And a reason you would do that is - domains are formally(and in other ways) separate that AD admin would have to keep secret and not share

[Freeipa-users] Re: cross realm trust - without win AD credentials ?

2018-03-05 Thread lejeczek via FreeIPA-users
On 05/03/18 18:01, lejeczek via FreeIPA-users wrote: hi guys I wonder if it is(would be) possible to have IPA join AD but so IPA admin only asks AD admin(s) to do whatever is required and then s/he does IPA end? And a reason you would do that is - domains are formally(and in other ways) separa

[Freeipa-users] error when promoting new client to replica

2018-03-05 Thread Andrew Meyer via FreeIPA-users
After getting the feedback previously from the mailing list (thank you for all your help) I have deployed a CentOS 7 image in AWS.  I was able to add teh client machine to the FreeIPA domain.  The CentOS 7 instance is a t2.medium which is a 2 proc by 4GB RAM.  But when I go to promote it I get t

[Freeipa-users] Re: error when promoting new client to replica

2018-03-05 Thread Andrew Meyer via FreeIPA-users
I think I figured out my problem.  I think its the Amazon Linux replica.  named-pkcs11 keeps dying which is causing my issues. On Monday, March 5, 2018 3:40 PM, Andrew Meyer via FreeIPA-users wrote: After getting the feedback previously from the mailing list (thank you for all your he

[Freeipa-users] Re: CA server install on existing server fails - FreeIPA 4.5.0

2018-03-05 Thread Fraser Tweedale via FreeIPA-users
On Mon, Mar 05, 2018 at 04:57:52PM -, John Seekins via FreeIPA-users wrote: > Manually installing the cert at /etc/ipa/ca.cert and restarting > Apache fixes the error, but it seems like whenever a cert renewal > happens, I'll have to manually update it again. Which seems > brittle. The ipa-cer

[Freeipa-users] Re: CA server install on existing server fails - FreeIPA 4.5.0

2018-03-05 Thread Fraser Tweedale via FreeIPA-users
On Tue, Mar 06, 2018 at 10:57:16AM +1000, Fraser Tweedale via FreeIPA-users wrote: > On Mon, Mar 05, 2018 at 04:57:52PM -, John Seekins via FreeIPA-users > wrote: > > Manually installing the cert at /etc/ipa/ca.cert and restarting > > Apache fixes the error, but it seems like whenever a cert

[Freeipa-users] Re: CA server install on existing server fails - FreeIPA 4.5.0

2018-03-05 Thread John Seekins via FreeIPA-users
Alright. Thanks for looking in to it. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: cross realm trust - without win AD credentials ?

2018-03-05 Thread Florence Blanc-Renaud via FreeIPA-users
On 05/03/2018 19:01, lejeczek via FreeIPA-users wrote: hi guys I wonder if it is(would be) possible to have IPA join AD but so IPA admin only asks AD admin(s) to do whatever is required and then s/he does IPA end? And a reason you would do that is - domains are formally(and in other ways) separa