Re: [Freeipa-users] CA Replication Installation Failing

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Tuesday, December 09, 2014 3:49 PM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] CA Replication Installation Failing On 12/08/201

Re: [Freeipa-users] CA Replication Installation Failing

On 12/08/2014 11:04 PM, Les Stott wrote: Does anyone have any ideas on the below errors when trying to add CA replication to an existing replica? People who might be able to help are or PTO right now. Is your installation older than 2 years? Did you generate a new replica package or use th

Re: [Freeipa-users] CA Replication Installation Failing

Does anyone have any ideas on the below errors when trying to add CA replication to an existing replica? Thanks in advance, Les From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott Sent: Tuesday, 2 December 2014 6:17 PM To: freeipa-users@redha

Re: [Freeipa-users] vSphere 5.1 and FreeIPA 3.3 on CentOS 7 finally works! [How I did it...]

On 12/08/2014 06:50 PM, Gianluca Cecchi wrote: On Mon, Dec 8, 2014 at 7:17 PM, Gianluca Cecchi mailto:gianluca.cec...@gmail.com>> wrote: OK. I will check requirements to write into The wiki When I try to login with my Fedora OpenID account and choose as nickname my real name and press "

Re: [Freeipa-users] vSphere 5.1 and FreeIPA 3.3 on CentOS 7 finally works! [How I did it...]

On Tue, Dec 9, 2014 at 12:50 AM, Gianluca Cecchi wrote: > > Tried from both Chrome and Fedora (on my Fedora 20 system) > > Correct: Tried from both Chrome and Firefox (on my Fedora 20 system) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/l

Re: [Freeipa-users] vSphere 5.1 and FreeIPA 3.3 on CentOS 7 finally works! [How I did it...]

On Mon, Dec 8, 2014 at 7:17 PM, Gianluca Cecchi wrote: > OK. I will check requirements to write into The wiki > When I try to login with my Fedora OpenID account and choose as nickname my real name and press "login" actually it indefinitely remains on the blank page http://www.freeipa.org/page/

Re: [Freeipa-users] DNS configuration

Also, I just realized the AD I'm trying to connect to is of type Windows 2000. Yay! On Mon, Dec 8, 2014 at 5:54 PM, Matthew Herzog wrote: > OK, I deserve a slap. I had forgotten to set up the two-way trust again > since the ipa-server-install --uninstall && reinstall. That's back in place. > > S

Re: [Freeipa-users] DNS configuration

OK, I deserve a slap. I had forgotten to set up the two-way trust again since the ipa-server-install --uninstall && reinstall. That's back in place. So I found Sumit Bose's https://www.youtube.com/watch?v=infot4cmZgM and realized I could not add groups to any new, external user group using the ipa

Re: [Freeipa-users] DNS configuration

On 12/08/2014 02:10 PM, Matthew Herzog wrote: Here are some errors I'm seeing on the client. tail -f sssd_lnx.e-bozo.com.log (Mon Dec 8 14:03:20 2014) [sssd[be[lnx.e-bozo.com ]]] [sbus_dispatch] (0x4000): dbus conn: 0x1e72ad0 (Mon Dec 8 14:03:20 2014) [sssd[be[lnx.e-boz

Re: [Freeipa-users] DNS configuration

OK, I found the generated zoe file in /tmp and it looks sane. Should I add those lines of config to our DNS servers? On Mon, Dec 8, 2014 at 2:10 PM, Matthew Herzog wrote: > Here are some errors I'm seeing on the client. > > tail -f sssd_lnx.e-bozo.com.log > (Mon Dec 8 14:03:20 2014) [sssd[be[ln

Re: [Freeipa-users] DNS configuration

Here are some errors I'm seeing on the client. tail -f sssd_lnx.e-bozo.com.log (Mon Dec 8 14:03:20 2014) [sssd[be[lnx.e-bozo.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x1e72ad0 (Mon Dec 8 14:03:20 2014) [sssd[be[lnx.e-bozo.com]]] [sbus_dispatch] (0x4000): Dispatching. (Mon Dec 8 14:03:20 2014

Re: [Freeipa-users] can't register new clients

I looked through the logs on the server and i see the below error in the apache error log when i try to register a client: [Mon Dec 08 12:20:38 2014] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate I ran ipa-getcert list and everything seem

Re: [Freeipa-users] vSphere 5.1 and FreeIPA 3.3 on CentOS 7 finally works! [How I did it...]

OK. I will check requirements to write into The wiki Il 08/dic/2014 18:36 "Dmitri Pal" ha scritto: > On 12/08/2014 11:44 AM, Gianluca Cecchi wrote: > > Hello, > I finally was able to configure the integration between what in subject. > I have made basic tests and all seems ok. > > If anyone wan

Re: [Freeipa-users] vSphere 5.1 and FreeIPA 3.3 on CentOS 7 finally works! [How I did it...]

On 12/08/2014 11:44 AM, Gianluca Cecchi wrote: Hello, I finally was able to configure the integration between what in subject. I have made basic tests and all seems ok. If anyone wants to test further integration scenarios and also test with vSPhere 5.5, he/she then can report here and I will c

[Freeipa-users] vSphere 5.1 and FreeIPA 3.3 on CentOS 7 finally works! [How I did it...]

Hello, I finally was able to configure the integration between what in subject. I have made basic tests and all seems ok. If anyone wants to test further integration scenarios and also test with vSPhere 5.5, he/she then can report here and I will crosscheck eventually. My environment is based on

Re: [Freeipa-users] DNS configuration

On 8.12.2014 14:44, Matthew Herzog wrote: > Petr said, "You can run ipa-server-install *without* --setup-dns option and > at the end of > installation it will produce DNS records which you have to manually add to > your existing DNS database." > > I can't see how this would be useful or which mach

Re: [Freeipa-users] DNS configuration

On 12/08/2014 10:07 AM, Matthew Herzog wrote: My Linux/LDAP domain is lnx.e-bozo.com . The AD domain is ad.e-bozo.com . This has always been the case. I set up my FreeIPA server in the lnx.e-bozo.com domain using realm LNX.E-B

Re: [Freeipa-users] Problem adding group after update IPA from CentOS 6.6 to 7.0

On Mon, Dec 8, 2014 at 3:47 PM, Gianluca Cecchi wrote: > Hello, > I followed the guide here to migrate IPA from CentOS 6.6 to CentOS 7.0: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html > > Now,

Re: [Freeipa-users] DNS configuration

My Linux/LDAP domain is lnx.e-bozo.com. The AD domain is ad.e-bozo.com. This has always been the case. I set up my FreeIPA server in the lnx.e-bozo.com domain using realm LNX.E-BOZO.COM. In light of this, how should I proceed? On Mon, Dec 8, 2014 at 9:48 AM, Simo Sorce wrote: > On Mon, 08 Dec 20

Re: [Freeipa-users] DNS configuration

On Mon, 08 Dec 2014 08:58:46 -0500 Dmitri Pal wrote: > > Perhaps I should have explained that we are not going to set up a > > new DNS domain for the ipa-managed servers. Note that if you cannot set up a new DNS domain and this domain is the same as the AD domain then you cannot to the stuff Dmi

[Freeipa-users] Problem adding group after update IPA from CentOS 6.6 to 7.0

Hello, I followed the guide here to migrate IPA from CentOS 6.6 to CentOS 7.0: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html Now, adding a group from console with command ipa group-add I get this k

Re: [Freeipa-users] DNS configuration

On 12/08/2014 08:44 AM, Matthew Herzog wrote: Petr said, "You can run ipa-server-install *without* --setup-dns option and at the end of installation it will produce DNS records which you have to manually add to your existing DNS database." I can't see how this would be useful or which machines

Re: [Freeipa-users] DNS configuration

Petr said, "You can run ipa-server-install *without* --setup-dns option and at the end of installation it will produce DNS records which you have to manually add to your existing DNS database." I can't see how this would be useful or which machines I would need to add to our DNS. Perhaps I should

Re: [Freeipa-users] DNS configuration

On 8.12.2014 05:02, Dmitri Pal wrote: > On 12/07/2014 10:10 PM, Matthew Herzog wrote: >> So should the FreeIPA server be authoritative for the Kerb. realm/DNS domain >> or can it/should it be a slave DNS server instead? Or caching only? > > IPA DNS can't be a slave so you either delegate a whole z