I have a quick question Do I need to configure the forwarders of freeipa-server
4.1.1 when doing the freeipa-install-server?
I forgot the reason why I don't need to because my email suddenly deleted that
message from Martin, and now I can't remember why or how not to include a
forwarder, and how
I've installed freeipa 4.1.1 --setup-dns --no-forwarders so far the
installation went well .. but I need to configure freeipa server as a forwarder
right?
so I used te web UI and added the freeipaserver ip as a forwarder, then I
rebooted the freeipa server.
after the reboot I couldn't access the
I have a quick question Do I need to configure the forwarders of freeipa-server
4.1.1 when doing the freeipa-install-server?
I forgot the reason why I don't need to because my email suddenly deleted that
message from Martin, and now I can't remember why or how not to include a
forwarder, and how
I suddenly started getting errors when I try to use ipa-getkeytab:
[root@ipa1 kerberize]# ipa-getkeytab -s jn01 -p hdfs/jn01 -k
jn01.hdfs.keytab
SASL Bind failed Can't contact LDAP server (-1) !
ldap seems to be answering on the non-SASL port (ei: ldapsearch -x -h
localhost CN=richard works fine)
On 11/19/2014 10:27 PM, Martin Kosek wrote:
Actually no, FreeIPA 4.1 is planned to be included in RHEL-7.1 release
- so you can look forward to that :-)
Very good!
Then everything is good for testing:)
t
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.c
On 11/19/2014 10:24 PM, Tamas Papp wrote:
On 11/19/2014 09:29 PM, Martin Kosek wrote:
Ah, yes. This one is not a problem with the CentOS port, but rather existing
problem in FreeIPA 4.1.1 which will be fixed in FreeIPA 4.1.2 on all
platforms, including Fedora 21 and CentOS.
See upstream ticke
On 11/19/2014 09:29 PM, Martin Kosek wrote:
Ah, yes. This one is not a problem with the CentOS port, but rather
existing problem in FreeIPA 4.1.1 which will be fixed in FreeIPA 4.1.2
on all platforms, including Fedora 21 and CentOS.
See upstream ticket:
https://fedorahosted.org/freeipa/tick
On 11/19/2014 09:23 PM, Tamas Papp wrote:
hi Martin,
Much better:)
Unfortunately not perfect yet.
[...]
Done configuring DNS key synchronization service (ipa-dnskeysyncd).
Restarting ipa-dnskeysyncd
Restarting named
ipa : ERRORNamed service failed to start (Command ''/bin/systemctl'
hi Martin,
Much better:)
Unfortunately not perfect yet.
[...]
Done configuring DNS key synchronization service (ipa-dnskeysyncd).
Restarting ipa-dnskeysyncd
Restarting named
ipa : ERRORNamed service failed to start (Command
''/bin/systemctl' 'restart' 'named-pkcs11.service'' returne
Good news!
To clarify on the selinux-policy side. By not maintaining it for the CentOS I
meant that FreeIPA Copr should not maintain system policy for any system, not
just SELinux.
Ideally, it should have a SELinux policy module that would be compiled for
SELinux only and that would only con
Hi Martin,
Yes, setting selinux to permissive allowed me to install and configure IPA
4.1 on CentOS 7.
:-)
On Wed, Nov 19, 2014 at 11:41 AM, Martin Kosek wrote:
> It is highly probable the issue is caused by SELinux (check for AVCs in
> /var/log/audit/audit.log).
>
> Can you try with SELinux p
It is highly probable the issue is caused by SELinux (check for AVCs in
/var/log/audit/audit.log).
Can you try with SELinux permissive? We specifically did not build
selinux-policy as we do not think we should be the ones maintaining it for
CentOS.
HTH,
Martin
- Original Message -
> F
Hi Marin,
I was able to install from the copr repo now as well. Thank you!
However I wasn't able to finish the install:
[23/27]: configure certmonger for renewals
[24/27]: configure certificate renewals
[error] DBusException: org.fedorahosted.certmonger.bad_arg: The location
"/etc/pki/pki
On 11/19/2014 11:57 AM, Tamas Papp wrote:
> I am good in waiting;)
>
> Thanks for the prompt reply.
Ok Tamas, I think we *finally* got somewhere. Can you please try the
mkosek/freeipa Copr repo now?
I was able to install upstream "freeipa-server" 4.1.1 package on my RHEL-7.0
machine (should be t
Rob Crittenden wrote:
> Roderick Johnstone wrote:
>> On 19/11/2014 08:33, Roderick Johnstone wrote:
>>> On 18/11/2014 22:58, Rob Crittenden wrote:
Roderick Johnstone wrote:
> On 18/11/2014 22:19, Dmitri Pal wrote:
>> On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
>>> Hi
>>>
Roderick Johnstone wrote:
> On 19/11/2014 08:33, Roderick Johnstone wrote:
>> On 18/11/2014 22:58, Rob Crittenden wrote:
>>> Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
> On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
>> Hi
>>
>> I'm trying to migrate so
On 11/19/2014 05:25 AM, Zhong Qiang wrote:
thank you,
It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it
possible to enroll nisclient ? And how to do this?And how to carry out
HBAC RULES for nisclient?I try to use WebUI,but i am not succeed,look
Only SSSD understands IPA H
I am good in waiting;)
Thanks for the prompt reply.
--
Sent from mobile
On November 19, 2014 11:54:40 AM Martin Kosek wrote:
On 11/19/2014 11:37 AM, Tamas Papp wrote:
> hi All,
>
> --> Finished Dependency Resolution
> Error: Package: freeipa-server-4.1.1-1.1.el7.centos.x86_64 (mkosek-freeip
On 11/19/2014 11:37 AM, Tamas Papp wrote:
> hi All,
>
> --> Finished Dependency Resolution
> Error: Package: freeipa-server-4.1.1-1.1.el7.centos.x86_64 (mkosek-freeipa)
>Requires: pki-ca >= 10.2.0-3
>Available: pki-ca-10.0.5-3.el7.noarch (base)
>pki-ca = 10.
hi All,
--> Finished Dependency Resolution
Error: Package: freeipa-server-4.1.1-1.1.el7.centos.x86_64 (mkosek-freeipa)
Requires: pki-ca >= 10.2.0-3
Available: pki-ca-10.0.5-3.el7.noarch (base)
pki-ca = 10.0.5-3.el7
Available: pki-ca-10.1.2-3.el7.cen
thank you,
It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it
possible to enroll nisclient ? And how to do this?And how to carry out HBAC
RULES for nisclient?I try to use WebUI,but i am not succeed,look
like this:
Enrollment
Kerberos Key:
Kerberos Key Not Present
One-Time-Passw
On 19/11/2014 08:33, Roderick Johnstone wrote:
On 18/11/2014 22:58, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
Hi
I'm trying to migrate some nis accounts to RHEL 6 IdM while still
keeping the origin
On 11/18/2014 07:44 PM, Will Sheldon wrote:
No, not resolved yet I did test with GSSAPI (-Y) and like you it
worked. :(
Hello,
Would it be possible to get server1/server2 logs (error/access) and
config (dse.ldif) ?. Turning on replication logs would help (
http://www.port389.org/docs/389ds
On 18/11/2014 22:58, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
Hi
I'm trying to migrate some nis accounts to RHEL 6 IdM while still
keeping the original passwords.
I followed the instructions at:
h
On 18/11/2014 22:56, Jakub Hrozek wrote:
On 18 Nov 2014, at 23:23, Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
Hi
I'm trying to migrate some nis accounts to RHEL 6 IdM while still
keeping the original passwords.
I foll
25 matches
Mail list logo