Okay, I have a replica built and running. My original, sick server is
ipamaster and the new one is ipamaster2. All I've done thus far on
ipamaster2 is run ipa-replica-install --setup-dns --no-forwarders
replica-info-ipamaster2.foo.net.gpg.
What additional steps do I need to take to ensure that
On Thu, 2013-08-29 at 08:07 -0400, Bret Wortman wrote:
Okay, I have a replica built and running. My original, sick server
is ipamaster and the new one is ipamaster2. All I've done thus far on
ipamaster2 is run ipa-replica-install --setup-dns --no-forwarders
replica-info-ipamaster2.foo.net.gpg.
On Thu, Aug 29, 2013 at 9:09 AM, Simo Sorce s...@redhat.com wrote:
On Thu, 2013-08-29 at 08:07 -0400, Bret Wortman wrote:
Okay, I have a replica built and running. My original, sick server
is ipamaster and the new one is ipamaster2. All I've done thus far on
ipamaster2 is run
On Thu, 2013-08-29 at 09:14 -0400, Bret Wortman wrote:
On Thu, Aug 29, 2013 at 9:09 AM, Simo Sorce s...@redhat.com wrote:
On Thu, 2013-08-29 at 08:07 -0400, Bret Wortman wrote:
Okay, I have a replica built and running. My original,
sick server
is ipamaster
Agreed, but not always possible. I had a replica crash hard and it wasn't
possible to remove it.
In other news:
[ipamaster2]# ipa-ca-install replica-info-ipamaster2.spx.net.gpg
A selfsign CA can not be added
Is there a way around this? How can I ensure that I can transfer the CA
back to
A bit of googling has led me to understand that we must have created the
original server with --selfsign, and that locked us into something bad
which is now causing us problems. I'm not sure how this happened, since we
actually created our original instance on a different server, created
ipamaster
Bret Wortman wrote:
A bit of googling has led me to understand that we must have created the
original server with --selfsign, and that locked us into something bad
which is now causing us problems. I'm not sure how this happened, since
we actually created our original instance on a different
Bret Wortman wrote:
On Thu, Aug 29, 2013 at 11:10 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Bret Wortman wrote:
A bit of googling has led me to understand that we must have
created the
original server with --selfsign, and that locked
On Thu, Aug 29, 2013 at 11:40 AM, Rob Crittenden rcrit...@redhat.comwrote:
Bret Wortman wrote:
On Thu, Aug 29, 2013 at 11:10 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Bret Wortman wrote:
A bit of googling has led me to understand that we must
On 08/19/2013 09:05 AM, Thomas Raehalme wrote:
Hi!
We are in the process of deploying FreeIPA in our virtual environment.
So far things are working smoothly and I am really impressed by the
solution!
One question has risen as we have added our first clients to the
system. Because the total
Bret Wortman wrote:
On Thu, Aug 29, 2013 at 11:40 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.comwrote:
Bret Wortman wrote:
On Thu, Aug 29, 2013 at 11:10 AM, Rob Crittenden
rcrit...@redhat.com mailto:rcrit...@redhat.com
mailto:rcrit...@redhat.com
The FreeIPA team is proud to announce FreeIPA v3.3.1!
This is a bugfix release.
It can be downloaded from http://www.freeipa.org/page/Downloads. Fedora
19 builds will be ready soon.
== Highlights in 3.3.1 ==
=== Bug fixes ===
* ipa-server-certinstall now works correctly both with a CA
What passpharase would this be encrypted with? If it's something I set a
year ago and never needed to know again, then we may be screwed. If it's
saved somewhere, where should I look?
*
*
*Bret Wortman*
http://damascusgrp.com/
http://about.me/wortmanbret
On Thu, Aug 29, 2013 at 11:58 AM, Rob
In our deployment we use subdomains but set NIS domain to main domain:
example.com has subdomains
na.example.com
wa.example.com
...
all machines work fine with that but in /etc/sysconfig/network we have
NISDOMAIN='example.com'
This way sudo rules get evaluated see getent netgroup hostgroup
On
On Mon, Aug 19, 2013 at 04:05:40PM +0300, Thomas Raehalme wrote:
Hi!
We are in the process of deploying FreeIPA in our virtual environment.
So far things are working smoothly and I am really impressed by the
solution!
One question has risen as we have added our first clients to the
Michał Dwużnik wrote:
Hi folks,
did anyone succeed in connecting such an old thing recently to freeipa
server?
Is there a document (or an archive post) about connecting a 'non ipa
aware' client step by step?
I got as far as woing Kerberos with no issues, hit a wall with ldap part..
You might
As for now I have set up a 'known good' client on RH based distro, to get
the feeling how the config files
look like when configured correctly.
Thanks for the nice reference
M.
On Thu, Aug 29, 2013 at 7:56 PM, Rob Crittenden rcrit...@redhat.com wrote:
Michał Dwużnik wrote:
Hi folks,
did
Ok, going step by step I did the following on squeeze:
set up ntp, time synced with ipa server
test setup is done on
ipa.localdomain (server)
client.localdomain
(client on Scientific Linux 6.4, looks ok after ipa-client-install, ssh
works for test users tester and tester2)
client2.localdomain
Sorry for quick continuation...
Certificate added to nss DB in /etc/pki
certutil -A -d /etc/pki/ -n IPA CA -t CT,C,C -a -i pki/ca.crt
sssd configured according to
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/linux-manual.html
How do I test now, before changing PAM options
19 matches
Mail list logo