I just added a new domain and didn't see the SRV records added for it. There is
a TXT record, but none of the SRV records that are in other DNS domains.
After going to the "Realm Domains tab of the "IPA Server" configuration, I see
that the new domain was already added there, so I removed it and
On second view, I think my brain misfiled this. Maybe the records were not set
up automatically, another DNS domain I thought had the records in fact do not.
As a feature request, it seems like if a domain is added to "Domain Realms", it
should also get the appropriate records for client autodis
On 05/04/2015 07:09 AM, Thomas Lau wrote:
Hi All,
We got a power maintenance soon, so all servers need to shutdown. Is
there have a shutdown / starting up procedure for FreeIPA cluster? We
are currently running two node cluster.
Hello,
as I responded a month ago
(https://www.redhat.com/archi
On 4.5.2015 10:23, Brian Topping wrote:
> On second view, I think my brain misfiled this. Maybe the records were
> not set up automatically, another DNS domain I thought had the records in
> fact do not.
>
> As a feature request, it seems like if a domain is added to "Domain
> Realms", it should a
Hello!
On 2.5.2015 17:12, Nathan Peters wrote:
> The last 3 sentences of my original post refer to me adding the NS records for
> the slave. Is that what you mean?
>
> "I have also ensured that the slave hostname and IP are in FreeIPA DNS. I
> have also added an NS entry pointing to the slave."
thanks, sorry that I missed that message.
On Mon, May 4, 2015 at 4:33 PM, David Kupka wrote:
> On 05/04/2015 07:09 AM, Thomas Lau wrote:
>>
>> Hi All,
>>
>> We got a power maintenance soon, so all servers need to shutdown. Is
>> there have a shutdown / starting up procedure for FreeIPA cluster? W
On 04/30/2015 02:31 PM, Andy Thompson wrote:
It appears that f82 is the user object and f87 is the group object. So you are
right, I don't think f82 is what we were looking for, it just happened to have
the username in it when I grepped without filtering the uniqueid. I'm not
sure why it was
On 04/27/2015 06:06 PM, David Dimovski wrote:
Hi Folks,
does somebody have a best practice, how to access the IPA Web-UI with
different domain names?
Example:
Our IPA 4.1 have two different IPs (extern and intern) with two domain
names. The web gui is only accessible from the domain name, w
On 05/04/2015 12:32 PM, Tomas Babej wrote:
On 04/27/2015 06:06 PM, David Dimovski wrote:
Hi Folks,
does somebody have a best practice, how to access the IPA Web-UI with
different domain names?
Example:
Our IPA 4.1 have two different IPs (extern and intern) with two
domain names. The web
On 05/04/2015 07:53 AM, Petr Spacek wrote:
On 30.4.2015 14:39, Christopher Lamb wrote:
Hi Petr
Thanks, we solved this issue and reported that back on this thread. The
troubleshooting guide has even been updated as a result.
https://www.redhat.com/archives/freeipa-users/2015-April/msg00605.html
On 04/30/2015 06:52 PM, William Graboyes wrote:
I have to agree with Benjamen here.
I guess it is time to get deep into API documentation. This is a hell of a lot
of hoops to jump through just so that users who don't have shell access can
easily change their passwords without having to see a
On 05/02/2015 05:12 PM, Janelle wrote:
Hi all,
Just wondering if there are issues with running CA replicas on all the servers?
Are there maybe performance issues or anything that I might not be aware of?
~Janelle
I do not think we have any data of any negative properties of such setup.
We
Ah, thanks! I see what's going on now. That helps a lot.
I think what I was missing was the reluctance for IPA to serve domains that are
not proper TLDs. I generally maintain internal security domains with an
invented TLD since they are secure by definition. When I tried that today, it
was unab
On 4.5.2015 14:59, Brian Topping wrote:
> Ah, thanks! I see what's going on now. That helps a lot.
>
> I think what I was missing was the reluctance for IPA to serve domains
> that are not proper TLDs. I generally maintain internal security domains
> with an invented TLD since they are secure by d
Hello all!
I believe I may be falling victim to the nsslapd-sizelimit's default
setting of 2,000.
I've been wondering why some JSON calls to IPA (3.0.37, user_find)
have been failing to show all user accounts in the results. Checking
the FreeIPA admin UI, I can clearly find the users in question
Hi folks,
Instead of a self-signed certificate I would like to use an external
CA to sign freeipa's CSR ("ipa-server-install --external-ca").
Question:
Is pathlen:0, e.g.
basicConstraints=critical,CA:TRUE, pathlen:0
sufficient for freeipa's CA certificate?
Regards
Harri
--
Manage yo
Janelle wrote:
> Hi all,
>
> Just wondering if there are issues with running CA replicas on all the
> servers? Are there maybe performance issues or anything that I might not be
> aware of?
The only downside I can think of is resources used (RAM & disk) and
slightly more administration regardin
John Desantis wrote:
> Hello all!
>
> I believe I may be falling victim to the nsslapd-sizelimit's default
> setting of 2,000.
>
> I've been wondering why some JSON calls to IPA (3.0.37, user_find)
> have been failing to show all user accounts in the results. Checking
> the FreeIPA admin UI, I c
Rob,
Thanks for your reply.
My predecessor had wrote code to pull user entries from the realm in
order to verify that:
1.) A home directory is created (if not already) and apply the
correct ownership;
2.) A work directory (Lustre) is created (if not already) and apply
the correct ownership.
G
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account "usera" they get a ticket as
expected. However, if I login to a 6.6 client, it doesn't seem to work.
Both were enrolled the same, obvio
On 05/04/2015 11:49 AM, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account "usera" they get a ticket
as expected. However, if I login to a 6.6 client, it doesn't seem to
I am running a RHEL7 IPA Server ipa-server 3.3.3-28
RHEL6 clients running IPA Client 3.0.0-42
I have setup an AD trust which works great, however I want to make it so the
users don't have to use @realm to login and that their home directory does not
default to /home/realm/username
AD sbx.
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
> Happy Star Wars Day!
> May the Fourth be with you!
>
> So I have a strange Kerberos problem trying to figure out. On a
> CLIENT, (CentOS 7.1) if I login to account "usera" they get a ticket as
> expected. However, if I login to a 6.6 client,
On 5/4/15 1:02 PM, Simo Sorce wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account "usera" they get a ticket as
expected. However,
On 05/04/2015 02:50 PM, Redmond, Stacy wrote:
I am running a RHEL7 IPA Server ipa-server 3.3.3-28
RHEL6 clients running IPA Client 3.0.0-42
I have setup an AD trust which works great, however I want to make it
so the users don't have to use @realm to login and that their home
directory does
freeipa-admintools.x86_64 4.1.4-1.el7.centos
@mkosek-freeipa
freeipa-client.x86_64 4.1.4-1.el7.centos
@mkosek-freeipa
freeipa-python.x86_64 4.1.4-1.el7.centos
@mkosek-freeipa
freeipa-server.x86_64 4.1.4-1.el7.centos
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
> Happy Star Wars Day!
> May the Fourth be with you!
>
> So I have a strange Kerberos problem trying to figure out. On a
> CLIENT, (CentOS 7.1) if I login to account "usera" they get a
> ticket as
> expected. However, if I login to a 6.6 clie
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account "usera" they get a
ticket as
expected. Ho
On 05/04/2015 09:22 PM, Janelle wrote:
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account "u
Good Evening!
I'm running 3.0.0-42 on Centos 6.6.
I setup a number of sudo commands today with regular expressions and
now users seem to be having issues running any sudo command. Are
there any known issues with having regex in sudo commands within the
IPA server?
Here is an example of a sudo r
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account "usera" they get a
ticket as
expected. Ho
Hi
can someone validate this config for bind + split horizon (only the views
part):
acl internal {
127.0.0.1;
172.16.0.0/12;
};
view "internal"
{
match-clients { internal; };
recursion yes;
dynamic-
32 matches
Mail list logo
