On 6.10.2015 14:13, Brendan Kearney wrote:
> On 10/06/2015 07:42 AM, Petr Spacek wrote:
>> On 6.10.2015 03:40, Brendan Kearney wrote:
>>> i have two bind instances in somewhat of a multi-master server arrangement,
>>> where they share the same ldap backend via bind-dyndb-ldap. currently, they
>>>
On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote:
> Andrew E. Bruno wrote:
> > On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
> >> Andrew E. Bruno wrote:
> >>> The replica is not showing up when running ipa-replica-manage list.
> >>>
> >>> # ipa-replica-manage list
Hello Sumit
ipa-client-install hasn't set krb5_realm. I did that.
We're using Chef-Solo to manage our systems and I have /etc/sssd/sssd.conf
in chef. So it overwrote, whatever ipa-client-install put there. And that's
how the mistake happened.
I think the ipa-client-install discovered everything
Andrew E. Bruno wrote:
> On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
>> Andrew E. Bruno wrote:
>>> The replica is not showing up when running ipa-replica-manage list.
>>>
>>> # ipa-replica-manage list
>>> srv-m14-32.cbls.ccr.buffalo.edu: master
>>>
On 09/22/2015 01:03 AM, Craig White wrote:
-Original Message-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: Friday, September 18, 2015 1:44 AM
To: Craig White; Martin Kosek; freeipa-users@redhat.com; Jan Cholasta
Subject: Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA
On 10/06/2015 01:13 PM, Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 12:53:04PM -0400, Mark Reynolds wrote:
On 10/06/2015 10:30 AM, Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote:
Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob
On Tue, Oct 06, 2015 at 02:29:49PM -0400, Mark Reynolds wrote:
>
>
> On 10/06/2015 01:13 PM, Andrew E. Bruno wrote:
> >On Tue, Oct 06, 2015 at 12:53:04PM -0400, Mark Reynolds wrote:
> >>
> >>On 10/06/2015 10:30 AM, Andrew E. Bruno wrote:
> >>>On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob
On 23/09/15 10:35, Michael Lasevich wrote:
Ok, I just went through process of migrating our IPA setup from 4.1.2
running on Fedora 20 (?? may have been 21) to 4.1.4 on CentOS 7 (MKosek
Copr version) and run into a nasty bug. The replica-install crashes during
CA configuration with something
Hi all;
I'm working an initiative to centralize user accounts in Active Directory.
We have a large RHEL (6+) footprint and want to manage these as well. I am
a Red Hat Engineer on the project and, while it is possible to integrate
all of the RHEL clients directly to AD, I have a nagging feeling
Hi all;
I'm working an initiative to centralize user accounts in Active Directory.
We have a large RHEL (6+) footprint and want to manage these as well. I am
a Red Hat Engineer on the project and, while it is possible to integrate
all of the RHEL clients directly to AD, I have a nagging feeling
On 06/10/15 13:14, Rob Crittenden wrote:
Sean Hogan wrote:
Hello,
I have been rolling out an IPA deployment for IBM Watson for the past 3
months. Initially I did not want to take on application ids (linux OS
Ids owning apps). I now have to so I have created the accounts in IPA
however new
Hi,
I am trying to determine what the difference is between the 2 options above in
IPA4.1 and the implications and complications are of using one or other. Also
which one would be the better choice and why?
Can someone explain in simple terms please?
regards
Steven
--
Manage your
Hi
With further debugging, I discovered, that I messed up the
/etc/sssd/sssd.conf file. There, I added:
…
[domain/customer.company.internal]
krb5_realm = customer.company.internal
…
Exactly like that. With "krb5_realm = customer.company.internal"; ie. with
the realm in lowercase letters.
On 5.10.2015 21:57, nat...@nathanpeters.com wrote:
Looking at the log entries, it appears that there may have been a
network
connectivity 'blip' (maybe a switch or router was restarted) at some
point
and even after connectivity was restored, the global forwarding was
On 10/06/2015 07:42 AM, Petr Spacek wrote:
On 6.10.2015 03:40, Brendan Kearney wrote:
i have two bind instances in somewhat of a multi-master server arrangement,
where they share the same ldap backend via bind-dyndb-ldap. currently, they
are authoritative and recursive servers, and i want to
On Mon, Oct 05, 2015 at 02:48:48PM -0400, Rob Crittenden wrote:
> Andrew E. Bruno wrote:
> > On Mon, Oct 05, 2015 at 12:40:42PM +0200, Martin Kosek wrote:
> >> On 10/02/2015 06:00 PM, Andrew E. Bruno wrote:
> >>> On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno wrote:
> What's the
On 6.10.2015 03:40, Brendan Kearney wrote:
> i have two bind instances in somewhat of a multi-master server arrangement,
> where they share the same ldap backend via bind-dyndb-ldap. currently, they
> are authoritative and recursive servers, and i want to change things up a
> bit. i want to move
Thanks for the info, Tomas.
I will definitely try this one out! Couldn’t wait for it to be released
for CentOS if it really does what the changes you mentioned describe :-)
We would like to have hostgroup of 10.000 hostmembers or even more in
one group. We currently split these group into
Andrew E. Bruno wrote:
> On Mon, Oct 05, 2015 at 02:48:48PM -0400, Rob Crittenden wrote:
>> Andrew E. Bruno wrote:
>>> On Mon, Oct 05, 2015 at 12:40:42PM +0200, Martin Kosek wrote:
On 10/02/2015 06:00 PM, Andrew E. Bruno wrote:
> On Fri, Oct 02, 2015 at 09:56:47AM -0400, Andrew E. Bruno
On Tue, Oct 06, 2015 at 11:26:42AM +0200, Alexander Skwar wrote:
> Hi
>
> With further debugging, I discovered, that I messed up the
> /etc/sssd/sssd.conf file. There, I added:
>
> …
> [domain/customer.company.internal]
>
> krb5_realm = customer.company.internal
> …
>
>
>
> Exactly like
Herwono W Wijaya writes:
>
>
> Tomorrow I will try to capture Univention LDAP traffic with
> wireshark, and if possible I will try also this FreeIPA with vCenter
> 6. Since I became one of the private beta testers so I had vCenter
Any updates on this? I am getting the
Sean Hogan wrote:
> Hello,
>
> I have been rolling out an IPA deployment for IBM Watson for the past 3
> months. Initially I did not want to take on application ids (linux OS
> Ids owning apps). I now have to so I have created the accounts in IPA
> however new files created by user wdadeploy are
Hello,
I had assumed sudo rules worked because I have an "allow_all for admins"
sudo rule that seemed to work, but I wonder if there is an implicit rule
for the special group admins ?
Because I have tried to replicate this allow_all rule for for other user
groups, and it does not seem to work
On 10/06/2015 10:30 AM, Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote:
Andrew E. Bruno wrote:
On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
Andrew E. Bruno wrote:
The replica is not showing up when running ipa-replica-manage list.
> Your expectation #1 is correct, but there can be multiple reasons why it
> fails.
>
> Did you try to set forward policy = only as I advised you in the previous
> e-mail? Forward policy 'first' does not make sense when split-DNS is
> involved
> because you can end up with mixture of records from
On Tue, Oct 06, 2015 at 12:53:04PM -0400, Mark Reynolds wrote:
>
>
> On 10/06/2015 10:30 AM, Andrew E. Bruno wrote:
> >On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote:
> >>Andrew E. Bruno wrote:
> >>>On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote:
> Andrew E.
26 matches
Mail list logo