Re: [Freeipa-users] Where do I change the nsslapd-accesslog-level?

2014-05-13 Thread Jason Becker
On Tue, May 13, 2014 at 3:35 PM, Richard Megginson wrote: > > > - Original Message - > > On Tue, May 13, 2014 at 2:26 PM, Richard Megginson > > wrote: > > > > > - Original Message - > > > > On Tue, May 13, 2014 at 1:28 PM, Richard Megginson > > > > wrote: > > > > > > > > > - Or

Re: [Freeipa-users] Where do I change the nsslapd-accesslog-level?

2014-05-13 Thread Richard Megginson
- Original Message - > On Tue, May 13, 2014 at 2:26 PM, Richard Megginson > wrote: > > > - Original Message - > > > On Tue, May 13, 2014 at 1:28 PM, Richard Megginson > > > wrote: > > > > > > > - Original Message - > > > > > I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-

Re: [Freeipa-users] Where do I change the nsslapd-accesslog-level?

2014-05-13 Thread Jason Becker
On Tue, May 13, 2014 at 2:26 PM, Richard Megginson wrote: > - Original Message - > > On Tue, May 13, 2014 at 1:28 PM, Richard Megginson > > wrote: > > > > > - Original Message - > > > > I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64). > > > > > > > > Where do I

Re: [Freeipa-users] Where do I change the nsslapd-accesslog-level?

2014-05-13 Thread Richard Megginson
- Original Message - > On Tue, May 13, 2014 at 1:28 PM, Richard Megginson > wrote: > > > - Original Message - > > > I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64). > > > > > > Where do I change the verbosity of access logging? > > > > > > Why do you need to cha

Re: [Freeipa-users] Where do I change the nsslapd-accesslog-level?

2014-05-13 Thread Jason Becker
On Tue, May 13, 2014 at 1:28 PM, Richard Megginson wrote: > - Original Message - > > I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64). > > > > Where do I change the verbosity of access logging? > > > Why do you need to change the verbosity of access logging? Do you mean

Re: [Freeipa-users] Where do I change the nsslapd-accesslog-level?

2014-05-13 Thread Rob Crittenden
Jason Becker wrote: I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64). Where do I change the verbosity of access logging? This doc: http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/server-config.html discusses turning on global debugging but doesn't help me.

Re: [Freeipa-users] DNS SOA Records

2014-05-13 Thread Dmitri Pal
On 05/13/2014 02:12 PM, Bob wrote: I ran ipa dnszone-mod vh1.vzwnet.com --update-policy="grant bob-key name test.vh1.vzwnet.com.;" I then execute the nsupdate: [root@nj51rhidms16v ~]# ./bobtest.sh ; TSIG error with server: tsig indicates error update failed: NOTAUTH(B

Re: [Freeipa-users] Where do I change the nsslapd-accesslog-level?

2014-05-13 Thread Richard Megginson
- Original Message - > I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64). > > Where do I change the verbosity of access logging? Why do you need to change the verbosity of access logging? Do you mean error logging? If so, see http://port389.org/wiki/FAQ#Troubleshooti

[Freeipa-users] Where do I change the nsslapd-accesslog-level?

2014-05-13 Thread Jason Becker
I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64). Where do I change the verbosity of access logging? This doc: http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/server-config.html discusses turning on global debugging but doesn't help me. The same doc links to:

Re: [Freeipa-users] DNS SOA Records

2014-05-13 Thread Bob
I ran ipa dnszone-mod vh1.vzwnet.com --update-policy="grant bob-key name test.vh1.vzwnet.com.;" I then execute the nsupdate: [root@nj51rhidms16v ~]# ./bobtest.sh ; TSIG error with server: tsig indicates error update failed: NOTAUTH(BADKEY) [root@nj51rhidms16v ~]# cat ./bobtest.sh #!/bin/ksh #

Re: [Freeipa-users] DNS SOA Records

2014-05-13 Thread Bob
I added: "grant bob-key name test.vh1.vzwnet.com.;" in the IPA GUI. But my nsupdate results in this in the daemon log: May 12 17:04:02 nj51rhidms16v named[27438]: zone vh1.vzwnet.com/IN: sending notifies (serial 1399928642) May 12 17:08:44 nj51rhidms16v named[27438]: client 10.194.96.47#26576:

Re: [Freeipa-users] DNS SOA Records

2014-05-13 Thread Loris Santamaria
El mar, 13-05-2014 a las 10:57 -0400, Bob escribió: > I have many dozens of TSIG keys declared in our current bind. There > are hundreds of records that have been granted to those keys. All of > this predates me and I do not know who has these keys. The scope of > trying to work with the owners of

Re: [Freeipa-users] DNS SOA Records

2014-05-13 Thread Bob
I have many dozens of TSIG keys declared in our current bind. There are hundreds of records that have been granted to those keys. All of this predates me and I do not know who has these keys. The scope of trying to work with the owners of these keys to convert their processes to to use kerberos wou

Re: [Freeipa-users] DNS SOA Records

2014-05-13 Thread Dmitri Pal
On 05/13/2014 09:59 AM, Bob wrote: Is there anyway to do a nsupdate of a DNS records in a IPA server using a TSIG key without having a kerberos ticket? We were going to swap out bind in favor of IPA, but we need to be able to nsupdates. If you are using IPA you can give you clients keytabs

Re: [Freeipa-users] DNS SOA Records

2014-05-13 Thread Bob
Is there anyway to do a nsupdate of a DNS records in a IPA server using a TSIG key without having a kerberos ticket? We were going to swap out bind in favor of IPA, but we need to be able to nsupdates. On Mon, May 12, 2014 at 10:11 AM, Bob wrote: > We use nsupdate to to move the location of so

Re: [Freeipa-users] Bash script to see if user is enabled or disabled?

2014-05-13 Thread Chris Whittle
Thanks everyone... Between what you guys said and some research i ended up doing this http://serverfault.com/questions/594443/how-can-i-force-a-mac-mobile-account-user-to-be-logged-out-or-locked-out-when-th/594773#594773 On Mon, May 12, 2014 at 4:31 PM, Michael ORourke wrote: > I wrote a script