On 01/15/2015 08:56 AM, Nathan Kinder wrote:
On 01/15/2015 12:01 AM, Jan Pazdziora wrote:
...
You need to use --cap-add=SYS_TIME when running the server container
or ntpd will fail.
Thanks for the tip. This works. It would be handy to add this to the
README for your freeipa-server
On 01/15/2015 11:02 AM, Brian Topping wrote:
+1 for a FreeRADIUS integration.
I'd use it to feed the VPN AAA (Vyatta). As it's a very sensitive piece, it
would be ideal if all the best practices were packaged up and known to be there
on deployment.
Can you please formulate requirements and
On 01/15/2015 03:34 AM, Sina Owolabi wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA
clients?
I've tried some instructions/guidelines on the list and they always
fail with the IPA client install being halfway completed and sssd's
configuration file moved
On 01/15/2015 12:01 AM, Jan Pazdziora wrote:
On Wed, Jan 14, 2015 at 08:18:02PM -0800, Nathan Kinder wrote:
Hi,
I'm running into a strange problem related to ntpd when trying to use
IPA in a container. I'm using the adelton/freeipa-server:fedora-21 and
adelton/freeipa-client:fedora-21
On Thu, Jan 15, 2015 at 08:56:29AM -0800, Nathan Kinder wrote:
Even if you do that, SELinux will likely prevent ntpd doing its job
but at least it will stay around so that the client can connect to it.
What is interesting though is the fact that the client hangs
indefinitely instead
On 01/15/2015 09:41 AM, Jan Pazdziora wrote:
On Thu, Jan 15, 2015 at 08:56:29AM -0800, Nathan Kinder wrote:
Even if you do that, SELinux will likely prevent ntpd doing its job
but at least it will stay around so that the client can connect to it.
What is interesting though is the fact that
Rui Gomes wrote:
Hello Guys,
I been seeing planting of email about promoting replicas to masters but does
articles do not seem to apply to ipa 4.1/centos 7 combo.
I had a ipa 3.0 master on centos 6.4 that died recently(I can still access
the file system), and I would like to promote
Hello Guys,
I been seeing planting of email about promoting replicas to masters but does
articles do not seem to apply to ipa 4.1/centos 7 combo.
I had a ipa 3.0 master on centos 6.4 that died recently(I can still access the
file system), and I would like to promote my 4.1 replica to the
+1 for a FreeRADIUS integration.
I'd use it to feed the VPN AAA (Vyatta). As it's a very sensitive piece, it
would be ideal if all the best practices were packaged up and known to be there
on deployment.
On Jan 15, 2015, at 10:49 PM, Dmitri Pal d...@redhat.com wrote:
On 01/15/2015 08:16
On 01/15/2015 08:16 AM, Chris Card wrote:
what's the current status of IPA integration with FreeRADIUS?
This email from 2011,
https://www.redhat.com/archives/freeipa-users/2011-October/msg00026.html, says
Integrating FreeRADIUS with IPA is on the long term roadmap. Is that still
the case?
Hello Rob,
Thank you for the quick reply, I will give it a go, I wasn't sure if the links
would work since most the of configuration for the dogtag in centos7 is
different
and commands like:
getcert list -d /var/lib/pki-ca/alias -n subsystemCert cert-pki-ca | grep
post-save
Do not apply, I
I am migrating an openLDAP tree into ipa, and when I run ipa migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect to 'ldap://10.x.x.x:389':
It has transferred 9762 records, but seems to hit a timeout that causes it to
stop.
I've run it in debug mode, which
Hi,
We are currently piloting FreeIPA4 (RHEL 7.1 IdM) in our environment. We plan
on establishing a trust with AD at some point during the POC. An overview of
the current DNS design:
* FreeIPA runs integrated DNS (ie, ipa.domain.com)
* Servers in our environment (even once joined to IPA)
William,
I don't understand why I would have problems if AD DNS can resolve IPA dns, and
IPA DNS can resolve AD DNS?
The DNS servers that my servers are using can resolve both AD and IPA.
Thanks,
Josh
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
Hi,
KISS
keep it simple and stupid.
What we do is,
AD domain is domain.com and does all its own DNS and Kerberos, all windows
machines point at it etc
IPA domain is ipa.domain.com and all IPA's and indeed all Linux servers point
at IPA for everything incl NTP.
IPA servers use the AD
Josh,
You will have problems if you go with below plan in my opinion. I used
arrangements like the one you listed below when I used freeipa 2.2. This worked
for me only when I had users hosted on freeipa. After upgrading to 3.3 for
trust, it became very unreliable and had to point the ipa
On 01/15/2015 06:31 PM, Quayle, Bill wrote:
I am migrating an openLDAP tree into ipa, and when I run ipa migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect to 'ldap://10.x.x.x:389’:
It has transferred 9762 records, but seems to hit a timeout that causes
On (15/01/15 09:17), Petr Spacek wrote:
On 15.1.2015 03:34, Sina Owolabi wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed
On Wed, Jan 14, 2015 at 08:18:02PM -0800, Nathan Kinder wrote:
Hi,
I'm running into a strange problem related to ntpd when trying to use
IPA in a container. I'm using the adelton/freeipa-server:fedora-21 and
adelton/freeipa-client:fedora-21 docker images. Basically, the client
install
On (15/01/15 09:01), Jan Pazdziora wrote:
On Wed, Jan 14, 2015 at 08:18:02PM -0800, Nathan Kinder wrote:
Hi,
I'm running into a strange problem related to ntpd when trying to use
IPA in a container. I'm using the adelton/freeipa-server:fedora-21 and
adelton/freeipa-client:fedora-21 docker
Sorry for the late response.
I can confirm that with 3.3.3-28.el7_0.3, i'm able to fetch the sub-domains
and to log with its users.
Thank you !
2015-01-04 10:17 GMT+02:00 Alexander Bokovoy aboko...@redhat.com:
--
Hello all.
I'm working on integrating AD trust
On 15.1.2015 03:34, Sina Owolabi wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to
Hi,
Dne 14.1.2015 v 14:54 Brian Topping napsal(a):
Hi Martin, thanks for your response!
What I realize now is the certificate CRL points to the server that
no longer exists and I'd like to get that cleaned up. I found
http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
On Thu, Jan 15, 2015 at 09:06:54AM +0100, Lukas Slebodnik wrote:
I'm continuing to debug this, but I thought I'd share my findings thus
far in case anyone else has seen this or has any ideas for tracking the
problem down. Any ideas?
You need to use --cap-add=SYS_TIME when running the
On 15.1.2015 09:36, Lukas Slebodnik wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA
clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file
On (15/01/15 10:54), Petr Spacek wrote:
On 15.1.2015 09:36, Lukas Slebodnik wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA
clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway
On 15.1.2015 11:04, Lukas Slebodnik wrote:
On (15/01/15 10:54), Petr Spacek wrote:
On 15.1.2015 09:36, Lukas Slebodnik wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA
clients?
I've tried some instructions/guidelines on the list and they always fail
with
what's the current status of IPA integration with FreeRADIUS?
This email from 2011,
https://www.redhat.com/archives/freeipa-users/2011-October/msg00026.html, says
Integrating FreeRADIUS with IPA is on the long term roadmap. Is that still
the case?
Chris
On 15.01.2015 11:54, Petr Spacek wrote:
On 15.1.2015 09:36, Lukas Slebodnik wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA
clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway
29 matches
Mail list logo
