We have a FreeIPA domain running IPA server 4.1.4 on CentOS 7.
We have no per zone forwarding enabled, only a single global forwarder.
This seems to work fine, but then after a while (several weeks I think)
will randomly stop working.
We had this issue several weeks ago on a different IPA domain
Sorry about this post. I sent this email to the list 3 times over the
last 48 hours and it was finally accepted after the 3rd send when I
changed the subject to something totally not descriptive of my problem.
Original email with original subject also finally posted today :(
> We have a FreeIPA
This issue has occured again and I am once again trying to troubleshoot it.
show forwarder
--
-bash-4.2$ ipa dnsconfig-show
Global forwarders: 10.21.0.14
Allow PTR sync: TRUE
attempt ping
-bash-4.2$ ping stash.externaldomain.net
ping: unknown host stash.externaldoma
We have a FreeIPA domain running IPA server 4.1.4 on CentOS 7.
We have no per zone forwarding enabled, only a single global forwarder.
This seems to work fine, but then after a while (several weeks I think)
will randomly stop working.
We had this issue several weeks ago on a different IPA domain
We have a FreeIPA domain running IPA server 4.1.4 on CentOS 7.
We have no per zone forwarding enabled, only a single global forwarder.
This seems to work fine, but then after a while (several weeks I think)
will randomly stop working.
We had this issue several weeks ago on a different IPA domain
On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno wrote:
> What's the best way to re-initialize a replica?
>
> Suppose one of your replicas goes south.. is there a command to tell
> that replicate to re-initialize from the first master (instead of
> removing/re-adding the replica from the
On Fri, Oct 02, 2015 at 04:28:57PM +0200, Alexander Skwar wrote:
> Hello
>
> How do I get password authentication to work with freeipa-client
> 3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo?
>
> Long version follows :)
>
> We've got an IPA server with the Red Hat Identity Management server
>
On Fri, Oct 02, 2015 at 04:28:57PM +0200, Alexander Skwar wrote:
> Hello
>
> How do I get password authentication to work with freeipa-client
> 3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo?
>
> Long version follows :)
>
> We've got an IPA server with the Red Hat Identity Management server
>
Hello
How do I get password authentication to work with freeipa-client
3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo?
Long version follows :)
We've got an IPA server with the Red Hat Identity Management server
on RHEL 7.1 servers; FreeIPA v4.1.0 is being used there. I configured
users and gr
I only have this:
$ keyctl list @s
1 key in keyring:
641467419: --alswrv 0 65534 keyring: _uid.0
$
On Fri, Oct 2, 2015 at 5:01 PM, Alexander Bokovoy
wrote:
> On Fri, 02 Oct 2015, Fujisan wrote:
>
>> I forgot to mention that
>>
>> $ ipa user-show admin
>> ipa: ERROR: cannot connect to 'htt
On Fri, 02 Oct 2015, Fujisan wrote:
I forgot to mention that
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
This is most likely because of the cached session to your server.
You can check if
keyctl list @s
returns you something like
[root@m
I forgot to mention that
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
On Fri, Oct 2, 2015 at 4:44 PM, Fujisan wrote:
> I still cannot login to the web UI.
>
> Here is what I did:
>
>1. mv /etc/krb5.keytab /etc/krb5.keytab.save
>2. kin
I still cannot login to the web UI.
Here is what I did:
1. mv /etc/krb5.keytab /etc/krb5.keytab.save
2. kinit admin
Password for admin@OPERA:
3. ipa-getkeytab -s zaira2.opera -p host/zaira2.opera@OPERA -k
/etc/krb5.keytab
4. systemctl restart sssd.service
5. mv /etc/httpd/con
On 02/10/15 10:25, Alexander Bokovoy wrote:
On Fri, 02 Oct 2015, Fujisan wrote:
Well, I think I messed up when trying to configure cockpit to use
kerberos.
What should I do to fix this?
I have this on the ipa server:
$ klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---
On Fri, 02 Oct 2015, Fujisan wrote:
Well, I think I messed up when trying to configure cockpit to use kerberos.
What should I do to fix this?
I have this on the ipa server:
$ klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
Well, I think I messed up when trying to configure cockpit to use kerberos.
What should I do to fix this?
I have this on the ipa server:
$ klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
--
2 host/zaira2.op
On Fri, 02 Oct 2015, Simo Sorce wrote:
On 02/10/15 04:06, Alexander Bokovoy wrote:
On Thu, 01 Oct 2015, Simo Sorce wrote:
On 01/10/15 03:15, Petr Spacek wrote:
On 30.9.2015 20:36, Matt Wells wrote:
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting ato
What's the best way to re-initialize a replica?
Suppose one of your replicas goes south.. is there a command to tell
that replicate to re-initialize from the first master (instead of
removing/re-adding the replica from the topology)?
Thanks,
--Andrew
--
Manage your subscription for the Freei
On 10/02/2015 03:41 PM, Andrew Meyer wrote:
works in chrome and not firefox, creating new FF profile.
Hi,
try to remove IPA certificates from firefox in ff settings
Martin
On Friday, October 2, 2015 3:09 AM, Martin Kosek
wrote:
On 10/02/2015 04:15 AM, Andrew Meyer wrote:
>
works in chrome and not firefox, creating new FF profile.
On Friday, October 2, 2015 3:09 AM, Martin Kosek wrote:
On 10/02/2015 04:15 AM, Andrew Meyer wrote:
> I just created a new FreeIPA setup at my home and i'm getting the following:
>
> [Thu Oct 01 14:02:10.082255 2015] [core:n
I tried to clear them out of the preferences. No go.Still getting this:
Secure Connection Failed
An error occurred during a connection to asm-dns01.borg.local. You have
received an invalid certificate. Please contact the server administrator or
email correspondent and give them the following inf
On Fri, 02 Oct 2015, Fujisan wrote:
More info:
I can initiate a ticket:
$ kdestroy
$ kinit admin
but cannot view user admin:
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
$ ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kad
On Fri, 02 Oct 2015, Simo Sorce wrote:
On 02/10/15 04:06, Alexander Bokovoy wrote:
On Thu, 01 Oct 2015, Simo Sorce wrote:
On 01/10/15 03:15, Petr Spacek wrote:
On 30.9.2015 20:36, Matt Wells wrote:
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting ato
Sorry. I'm running the latest one, 4.1.4.
On Fri, Oct 2, 2015 at 3:27 PM, Martin Babinsky wrote:
> On 10/02/2015 02:52 PM, Fujisan wrote:
>
>> More info:
>>
>> I can initiate a ticket:
>> $ kdestroy
>> $ kinit admin
>>
>> but cannot view user admin:
>> $ ipa user-show admin
>> ipa: ERROR: cannot
On 10/02/2015 02:52 PM, Fujisan wrote:
More info:
I can initiate a ticket:
$ kdestroy
$ kinit admin
but cannot view user admin:
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
$ ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
On 02/10/15 04:06, Alexander Bokovoy wrote:
On Thu, 01 Oct 2015, Simo Sorce wrote:
On 01/10/15 03:15, Petr Spacek wrote:
On 30.9.2015 20:36, Matt Wells wrote:
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting atop a Fedora 21 server. The
initial plan
Hi folks,
we recently setup an IPA-Server on Centos 7.1 and connected some Ubuntu 14.04
LTS machines to this server.
The IPA-Realm is just for configuring the clients, such as HBAC and SUDO. The
user information are stored in an AD to which we established a two-way trust.
Our problem is now, th
More info:
I can initiate a ticket:
$ kdestroy
$ kinit admin
but cannot view user admin:
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
$ ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RU
Hello,
I cannot login to the web UI anymore.
The password or username you entered is incorrect.
Log says:
Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes {18 17
16 23 25 26 1 3 2}) 10.0.21.18: NEEDED_PREAUTH: HTTP/zaira2.opera@OPERA for
krbtgt/OPERA@OPERA, Additional pre-auth
On 10/01/2015 07:50 PM, Andrew E. Bruno wrote:
On Thu, Oct 01, 2015 at 05:40:34PM +0200, Martin Basti wrote:
On 10/01/2015 05:28 PM, Andrew E. Bruno wrote:
On Thu, Oct 01, 2015 at 05:09:23PM +0200, Martin Basti wrote:
On 10/01/2015 05:03 PM, Andrew E. Bruno wrote:
Running CentOS 7.1.1503.
Yep! Rebooting is just what I needed.
It just cleaned LDAP from user1. I could create 'user1' again within the
FreeIPA web UI.
$ ldapsearch -x -h ipasrv uid=user1
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: uid=user1
# requesting: ALL
#
# user1, users, compat, mydoma
On 10/02/2015 04:15 AM, Andrew Meyer wrote:
I just created a new FreeIPA setup at my home and i'm getting the following:
[Thu Oct 01 14:02:10.082255 2015] [core:notice] [pid 18792] AH00094: Command
line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Oct 01 14:02:14.742680 2015] [:error] [pid 18795] ipa:
On Thu, 01 Oct 2015, Fujisan wrote:
I get this:
-
$ ldapsearch -D cn=directory\ manager -W -b cn=accounts,dc=mydomain
'(uid=user1*)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (uid=user1*)
# requesting: ALL
#
# search result
On Thu, 01 Oct 2015, Simo Sorce wrote:
On 01/10/15 03:15, Petr Spacek wrote:
On 30.9.2015 20:36, Matt Wells wrote:
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting atop a Fedora 21 server. The initial plan
was to replicate users+passwords with Windows
34 matches
Mail list logo