Looks like there are issues with dogtag and tomcat8.
http://pki.fedoraproject.org/wiki/Tomcat_8
On 5 November 2015 at 11:32, Prashant Bapat wrote:
> New issue with upgrade.
>
> I setup a test IPA server. Its on AWS EC2 instance in a VPC. Fedora 21.
> freeipa 4.1.4.
>
> Upgraded OS from F21 --> F
On Wed, Nov 04, 2015 at 05:03:29PM -0800, Prasun Gera wrote:
> Thanks for the ticket information. I would still be interested in
> configuring mod_nss properly (irrespective of whether the certs are ipa
> generated or 3rd party). These are the worrying notes from ssllabs test:
>
> The server suppo
Prasun Gera wrote:
> Thanks for the ticket information. I would still be interested in
> configuring mod_nss properly (irrespective of whether the certs are ipa
> generated or 3rd party). These are the worrying notes from ssllabs test:
>
> The server supports only older protocols, but not the curr
Thanks for the ticket information. I would still be interested in
configuring mod_nss properly (irrespective of whether the certs are ipa
generated or 3rd party). These are the worrying notes from ssllabs test:
The server supports only older protocols, but not the current best TLS 1.2.
Grade cappe
Great idea! Is that possible ? Any documentation on how to do this would be
very helpful.
Thanks.
On 4 November 2015 at 19:17, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On 11/04/2015 10:27 AM, Prashant Bapat wrote:
> >> Ack. But in a live replicated setup wont upgrading from F21->F22 and
On Wed, Nov 04, 2015 at 03:20:22PM -0800, Prasun Gera wrote:
> I'm using idm (4.1.x) on a RHEL 7.1 with the webui accessible publicly. I'm
> using a stock configuration which uses the certs signed by ipa's CA for the
> webui. This is mostly for convenience since it manages renewals seamlessly.
> Th
I'm using idm (4.1.x) on a RHEL 7.1 with the webui accessible publicly. I'm
using a stock configuration which uses the certs signed by ipa's CA for the
webui. This is mostly for convenience since it manages renewals seamlessly.
This, however, requires users to add the CA as trusted to their browser
On 11/04/2015 04:07 PM, Rob Crittenden wrote:
Daryl Fonseca-Holt wrote:
Hi All,
I am testing migration from NIS with a custom MySQL backend to IPA. In
our testing ipa user-add starts out at around 12 seconds per user but
slows down as more users are add. By 5000+ users it is taking 90+
seconds.
Daryl Fonseca-Holt wrote:
> Hi All,
>
> I am testing migration from NIS with a custom MySQL backend to IPA. In
> our testing ipa user-add starts out at around 12 seconds per user but
> slows down as more users are add. By 5000+ users it is taking 90+
> seconds. We have 120,000+ users. I'm looking
Hi All,
I am testing migration from NIS with a custom MySQL backend to IPA. In
our testing ipa user-add starts out at around 12 seconds per user but
slows down as more users are add. By 5000+ users it is taking 90+
seconds. We have 120,000+ users. I'm looking at 155 days to load all the
users
I am trying to re-enroll clients after re-installing their O/S (EL6)
using:
# ipa-client-install --force-join ...
Per http://www.freeipa.org/page/V3/Forced_client_re-enrollment but I am
finding that after doing that for a given host, trying to ssh to it
from another enrolled IPA client I am getti
Cal Sawyer wrote:
> That's terrific, Rob - thanks very much. Users and Groups import
> smoothly with a little additional tweaking
>
> ipa -v migrate-ds --with-compat
> --bind-dn="cn=Manager,dc=ldapdomain,dc=local"
> --user-container="ou=People,dc=blue-bolt,dc=local"
> --group-container="ou=Group,
On 11/04/2015 04:11 PM, Cal Sawyer wrote:
> That's terrific, Rob - thanks very much. Users and Groups import smoothly
> with
> a little additional tweaking
>
> ipa -v migrate-ds --with-compat --bind-dn="cn=Manager,dc=ldapdomain,dc=local"
> --user-container="ou=People,dc=blue-bolt,dc=local"
> --g
That's terrific, Rob - thanks very much. Users and Groups import
smoothly with a little additional tweaking
ipa -v migrate-ds --with-compat
--bind-dn="cn=Manager,dc=ldapdomain,dc=local"
--user-container="ou=People,dc=blue-bolt,dc=local"
--group-container="ou=Group,dc=ldapdomain,dc=local"
--
On Wed, Nov 04, 2015 at 03:34:49PM +0100, Troels Hansen wrote:
> OK, i have gotten my SID generation to run.
> However, on the migrated users I'm unable to do a pdbedit -L
> I get:
>
> pdbedit -Lv th
do you see any more details if you run pdbedit with '-d 255' ?
> doing parameter max log size =
OK, i have gotten my SID generation to run.
However, on the migrated users I'm unable to do a pdbedit -L
I get:
pdbedit -Lv th
doing parameter max log size = 50
doing parameter add machine script = /usr/sbin/smbldap-useradd -w "%u"
doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SND
Cal Sawyer wrote:
> Hi
>
> Very new to IPA and setting up a proof of concept system that i hope
> will replace my existing OpenLDAP 2.3 (no SASL) setup. I'm trying to
> import People, Group ou's into IPA using "ipa migrate-ds". The IPA and
> existing LDAP directories have different BaseDNs (eg i
Hi
Very new to IPA and setting up a proof of concept system that i hope
will replace my existing OpenLDAP 2.3 (no SASL) setup. I'm trying to
import People, Group ou's into IPA using "ipa migrate-ds". The IPA and
existing LDAP directories have different BaseDNs (eg ipadomain.local on
IPA, ld
Gilbert Wilson wrote:
> Apologies ahead of time as this is my first post to the list and interaction
> with the FreeIPA project. If I should be taking this question to a different
> forum please point me in the right direction!
>
> The error condition Im encountering is mentioned a few times on
Martin Kosek wrote:
> On 11/04/2015 10:27 AM, Prashant Bapat wrote:
>> Ack. But in a live replicated setup wont upgrading from F21->F22 and
>> F22->F23 take a long time. I mean couple of hours ?
>
> It will take some outage time, yes. But if you have appropriate number of
> replicas and are upgrad
Hi,
One of our AWS machines was used in an DOS attack last night and I am
looking for possible attack vectors. AWS tells me it was sending UDP port 0
traffic to a cloudflare address.
This instance had an incorrectly configured AWS security group exposing all
ports.
The server in question is a Ce
On 11/04/2015 10:27 AM, Prashant Bapat wrote:
> Ack. But in a live replicated setup wont upgrading from F21->F22 and
> F22->F23 take a long time. I mean couple of hours ?
It will take some outage time, yes. But if you have appropriate number of
replicas and are upgrading one by one, you should be
Ack. But in a live replicated setup wont upgrading from F21->F22 and
F22->F23 take a long time. I mean couple of hours ?
Are there any other ways to do this. Perhaps do a fresh install of F23 and
then restore data from FreeIPA 4.1.4 (F21) ?
On 4 November 2015 at 14:52, Martin Kosek wrote:
> On
On 11/04/2015 10:15 AM, Lukas Slebodnik wrote:
> On (04/11/15 14:37), Prashant Bapat wrote:
>> Hi All,
>>
>> We rolled out freeipa in our setup somewhere in beginning of 2015. Since
>> then there have been couple of new releases. Latest being 4.2.3.
>>
>> The FreeIPA servers are installed on Fedora
On (04/11/15 14:37), Prashant Bapat wrote:
>Hi All,
>
>We rolled out freeipa in our setup somewhere in beginning of 2015. Since
>then there have been couple of new releases. Latest being 4.2.3.
>
>The FreeIPA servers are installed on Fedora 21 hosts and at this point
>there is no direct way of upgr
Hi All,
We rolled out freeipa in our setup somewhere in beginning of 2015. Since
then there have been couple of new releases. Latest being 4.2.3.
The FreeIPA servers are installed on Fedora 21 hosts and at this point
there is no direct way of upgrading to 4.2.3 unless we also upgrade the OS.
The
On Tue, Nov 03, 2015 at 08:06:49PM +0100, Troels Hansen wrote:
> Hi, I got a bit further.
> I fount the error, being that I had some groups from the old LDAP with gid
> aroud 500, and current ID range i IPA sat to start at 2000, which was my
> start UID on the old LDAP.
The SIDs are generated ba
27 matches
Mail list logo