Re: [Freeipa-users] Please help: How to restore IPA Master/Replicas from daily IPA Replica setup???

On 05/21/2012 01:25 PM, Gelen James wrote: > Hi Rob, > > Just wonder whether your guys have abandoned IPA 2.1.3 users on Redhat > 6.2 or not. :( > > The IPA replication/restoration procedure/document request has been > submitted for more than a week, but I can not see any meaningful work > has done

Re: [Freeipa-users] Help with ipa-replica-manage

On 05/21/2012 03:57 PM, Ben Ho wrote: Hi Rich, Yes, replication is working otherwise on these two servers: *Server1 and Server2:* freeipa-server-selinux-2.1.4-7.fc16.x86_64 freeipa-client-2.1.4-7.fc16.x86_64 freeipa-server-2.1.4-7.fc16.x86_64 Fedora release 16 389-ds-base-1.2.10.6-1.fc16.x86_6

Re: [Freeipa-users] Slight confusion about groups, netgroups, sudo rules etc.

Sigbjorn Lie wrote: > I have implemented Solaris 10 with IPA with success. AES256 did not come > to Solaris 10 until around update 7 or 8. There is still a bug where the > required crypto provider is not enabled. [etc.. lots of useful information] Thanks! I've postponed using FreeIPA with Solari

Re: [Freeipa-users] Help with ipa-replica-manage

Hi Rich, Yes, replication is working otherwise on these two servers: Server1 and Server2:freeipa-server-selinux-2.1.4-7.fc16.x86_64freeipa-client-2.1.4-7.fc16.x86_64freeipa-server-2.1.4-7.fc16.x86_64Fedora release 16389-ds-base-1.2.10.6-1.fc16.x86_64 Date: Tue, 15 May 2012 18:33:34 -0600 From:

Re: [Freeipa-users] IPA dogtag as CA for puppet ?

On 05/21/2012 01:00 PM, Jan-Frode Myklebust wrote: > > If joining a machine to IPA automatically gives it a SSL keyset, it > seems silly to also join the puppetca for config management. > > Has anybody looked into using IPA-dogtag as CA for puppet and func? > > > -jf > > __

Re: [Freeipa-users] Slight confusion about groups, netgroups, sudo rules etc.

On 03/13/2012 11:27 AM, Eivind Olsen wrote: Hello. I'm currently looking at implementing IPA in a mixed environment, consisting of RHEL6, RHEL5 and Solaris 10 systems. The IPA server(s) is the most recent one bundled with RHEL 6.2. I have some general rules I'll need to follow as best as I can,

[Freeipa-users] IPA dogtag as CA for puppet ?

If joining a machine to IPA automatically gives it a SSL keyset, it seems silly to also join the puppetca for config management. Has anybody looked into using IPA-dogtag as CA for puppet and func? -jf ___ Freeipa-users mailing list Freeipa-users@

[Freeipa-users] 2.1.3 and 2.2.0: how to do IPA replica promotion?

Hi all,  Any one has successfully do a IPA replica promotion when IPA master(Hub) failed, by following the IPA replica document for 2.1.3 and 2.2.0?  I've tried at my side and see that all the steps involved are very confusing and may be out-of-dated. my IPA master is installed with Dogtag, and

Re: [Freeipa-users] Help with ipa-replica-manage

Sorry for the late reply Steven - No, there is no firewall. -Ben From: steven.jo...@vuw.ac.nz CC: freeipa-users@redhat.com Date: Tue, 15 May 2012 21:04:04 + Subject: Re: [Freeipa-users] Help with ipa-replica-manage firewall? regards Steven Jones Technical Specialist - Linux RHCE Vic

[Freeipa-users] freeipa 2.1.3-9 install with external CA failed

Hi, I am trying to install freeipa 2.1.3-9 with external CA and it failed. Any help is appreciated and thanks in advance! [r...@ipa.dev.example.com ~]# ipa-server-install --external_cert_file=/root/ipa.crt --external_ca_file=/root/ca.crt The log file for this installation can be found in /va

Re: [Freeipa-users] Doc. mixup

On 05/21/2012 10:12 AM, Rob Crittenden wrote: Chris Evich wrote: Are there plans to rebase FreeIPA to 2.2 in Fedora 16? No. It can be possible to run a 2.2 server on F-16 but there are some things missing. If not, then should I open a bug to fix up the Fedora 16 FreeIPA docs to point at the

Re: [Freeipa-users] Please help: How to restore IPA Master/Replicas from daily IPA Replica setup???

Hi Rob, Just wonder whether your guys have abandoned IPA 2.1.3 users on Redhat 6.2 or not. :( The IPA replication/restoration procedure/document request has been submitted for more than a week, but I can not see any meaningful work has done for customers although IPA replication and restoratio

Re: [Freeipa-users] DNS portion of IPA Server randomly crashing

On 05/21/2012 07:17 PM, Charlie Derwent wrote: Hi Petr I'm running bind-dyndb-ldap-0.2.0-7el6.x86_64 rndc reload doesn't work as "neither /etc/rndc.conf nor /etc/rndc.key was found" You can fix it with # rndc-confgen -a (It probably doesn't help to reproduce it, unfortunately.) Logrotate is w

Re: [Freeipa-users] Doc. mixup

Chris Evich wrote: Hi, Not sure if this is the right place or not, but I noticed that the freeipa.org documentation link for 2.0 goes to https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/index.html which is for version 2.1.3. Ok, I'll take a look. We should probably change the

Re: [Freeipa-users] Please help: How to restore IPA Master/Replicas from daily IPA Replica setup???

Gelen James wrote: Hi Mmitri, Rob and all. Thanks for your instructions. I've performed your steps on case#1: replacing failed IPA master. The results, and my confusion and questions, are all detailed below. In general, please setup your own real test environment, and write down the detailed ste

[Freeipa-users] Doc. mixup

Hi, Not sure if this is the right place or not, but I noticed that the freeipa.org documentation link for 2.0 goes to https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/index.html which is for version 2.1.3. Freeipa 2.1.x is also what you get with Fedora 16, however the fedora

[Freeipa-users] Doc. mixup

Hi, Not sure if this is the right place or not, but I noticed that the freeipa.org documentation link for 2.0 goes to https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/index.html which is for version 2.1.3. Freeipa 2.1.x is also what you get with Fedora 16, however the fedora

Re: [Freeipa-users] Replication status

On Mon, May 21, 2012 at 3:21 PM, Rich Megginson wrote: > On 05/21/2012 07:13 AM, Dan Scott wrote: > >> >> > https://fedorahosted.org/**freeipa/ticket/2770 >> >> I've modified the nagios perl script that I got from: >> >> http://directory.**fedoraproj

Re: [Freeipa-users] Replication status

On 05/21/2012 07:13 AM, Dan Scott wrote: On Fri, May 18, 2012 at 10:29 AM, Rich Megginson wrote: On 05/18/2012 08:13 AM, Dan Scott wrote: Hi, On Wed, May 2, 2012 at 11:13 PM, Rob Crittenden wrote: Rich Megginson wrote: On 05/02/2012 07:36 PM, Ian Levesque wrote: On May 2, 2012, at 6:48 P

Re: [Freeipa-users] Replication status

On Fri, May 18, 2012 at 10:29 AM, Rich Megginson wrote: > On 05/18/2012 08:13 AM, Dan Scott wrote: >> >> Hi, >> >> On Wed, May 2, 2012 at 11:13 PM, Rob Crittenden >>  wrote: >>> >>> Rich Megginson wrote: On 05/02/2012 07:36 PM, Ian Levesque wrote: > > On May 2, 2012, at 6:48 PM,

Re: [Freeipa-users] Any ways for IPA users to reset expired passwords by themselves over web?

On 05/18/2012 10:57 PM, David Copperfield wrote: Hi all, Is there any Web interfaces for IPA users to reset their expired password over web? Currently we let test users to ssh/login to a particular Linux server, and sssd will let the users to authenticate with their old expired password and then

Re: [Freeipa-users] sudo rules in IPA infrastructure

On Sat, May 19, 2012 at 03:11:44PM -0700, David Copperfield wrote: >Hi Jakub and Rich, >Got it. >Thanks a lot on the HBAC and sudoes maps access. I think I got confused >with the graph in the powerpoint > > presentation http://www.redhat.com/summit/2011/presentations/summit/what

Re: [Freeipa-users] DNS portion of IPA Server randomly crashing

Hello, please provide your version of bind-dyndb-ldap package. It is interface between BIND and LDAP database. Latest version is 0.2.0-7.el6. # rpm -q bind-dyndb-ldap If you reload BIND manually, it crashes also? Every time? # rndc reload How long is log rotation period? What is Kerberos tic