Re: [Freeipa-users] Queries on migrating nis netgroups

Martin Kosek wrote: > On 01/05/2016 04:24 PM, Rob Crittenden wrote: >> Martin Kosek wrote: >>> On 01/04/2016 10:41 PM, Rob Crittenden wrote: Martin Kosek wrote: >>> ... > I anyway tried to add externalHost to the shadow hostgroup via ldapmodify > as DM > and it worked: >

Re: [Freeipa-users] Queries on migrating nis netgroups

On 01/05/2016 04:24 PM, Rob Crittenden wrote: > Martin Kosek wrote: >> On 01/04/2016 10:41 PM, Rob Crittenden wrote: >>> Martin Kosek wrote: >> ... I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM and it worked: # ipa netgroup-show masters

Re: [Freeipa-users] FreeIPA 4.x + CentOS 6.4

Hello. I have some questions related to this point : 1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd embedded with ipa-client 4.x ? 2. The ipa-server 4.x can only be installed on RHEL7+,

Re: [Freeipa-users] unable to effectively delete a replica agreement

Karl Forner wrote: > > > > > > It hangs forever. > > How long is forever? > > > officially it's about 15 mns. Do you mean that this delay could be > expected ? Forever is a measurement of patience. I'd have expected a timeout at some point. To really diagnose things we'd probably

Re: [Freeipa-users] FreeIPA 4.x + CentOS 6.4

Thanks. And for the ipa-client package ? Is it installable on Redhat 6.6 ? Or is it only installable on Redhat 7.x ? Best regards. Bahan On Tue, Jan 5, 2016 at 3:31 PM, Lukas Slebodnik wrote: > On (05/01/16 15:11), bahan w wrote: > >Hello. > > > >I have some questions

Re: [Freeipa-users] FreeIPA 4.x + CentOS 6.4

On (05/01/16 15:11), bahan w wrote: >Hello. > >I have some questions related to this point : >1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an >ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd >embedded with ipa-client 4.x ? rhel6.6 has

Re: [Freeipa-users] Queries on migrating nis netgroups

Martin Kosek wrote: > On 01/04/2016 10:41 PM, Rob Crittenden wrote: >> Martin Kosek wrote: > ... >>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify >>> as DM >>> and it worked: >>> >>> # ipa netgroup-show masters >>> Netgroup name: masters >>> Description:

Re: [Freeipa-users] how to force switch to another kdc

Another piece of information: the linux boxes are running ubuntu too, with the same configuration. I have configured 2 dns servers, the first for my main freeipa server (which is down), and rhe second for the replica. After boot, the linux box can resolve addresses just fine, using the secondary

Re: [Freeipa-users] how to force switch to another kdc

On Tue, 05 Jan 2016, Karl Forner wrote: update: modifying the /etc/krb5.conf, and replacing the name of my freeipa master by the replica fixes the problem. So that proves that the kdc is not picked up by discovery. This implies you have explicit line stating the KDC address in your krb5.conf.

Re: [Freeipa-users] how to force switch to another kdc

update: modifying the /etc/krb5.conf, and replacing the name of my freeipa master by the replica fixes the problem. So that proves that the kdc is not picked up by discovery. The problem is that my ubuntu box was enrolled using the ipa-client-install script, and so should be properly configured.

Re: [Freeipa-users] how to force switch to another kdc

Thanks a lot, that works if I comment out the explicit reference to a server name, and that I switch dns_lookup_kdc to true. I think I understand why it was not working from the install: I used the ipa-client-install with the option --server. According to the man page, in the "Failover" section,

Re: [Freeipa-users] how to force switch to another kdc

On Tue, Jan 5, 2016 at 8:14 AM, Jakub Hrozek wrote: > On Tue, Jan 05, 2016 at 12:16:48AM +0100, Karl Forner wrote: > > Hello, > > > > My freeipa master has crashed, and I have a replica running. > > The problem is that I can not use anymore the webapps on my main server > >

Re: [Freeipa-users] how to force switch to another kdc

On Tue, Jan 5, 2016 at 7:31 PM, Natxo Asenjo wrote: > includedir /var/lib/sss/pubconf/krb5.include.d/ > #File modified by ipa-client-install > > [libdefaults] > default_realm = IPA.DOMAIN.TLD > dns_lookup_realm = true > dns_lookup_kdc = true > rdns = false >

Re: [Freeipa-users] FreeIPA 4.x + CentOS 6.4

Lukas Slebodnik wrote: > On (05/01/16 15:11), bahan w wrote: >> Hello. >> >> I have some questions related to this point : >> 1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an >> ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd >> embedded with

Re: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains)

On 6.1.2016 08:25, Petr Spacek wrote: > On 6.1.2016 06:42, Devin wrote: >> I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a >> fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the >> Kerberos domain as LNX.NINJA. Everything installs just fine without any

[Freeipa-users] Importing from shadow: ERROR: Constraint violation: pre-hashed passwords are not valid

Hi, New install of FreeIPA 4.2.0-15.el7.centos.3 on Centos 7.2.1511 (and I'm very new to FreeIPA) Following the advice I got from here: http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords I dumped old shadow into a csv, then wrote a small bash script to import all the

Re: [Freeipa-users] Fwd: NetworkError : invalid continuation byte with utf8 codec

On Mon, Jan 04, 2016 at 03:13:43PM +0100, Domineaux Philippe wrote: > Hello, > > Happy new year. > > So the content of my /etc/locale.conf : > > LANG="fr_FR.UTF-8" > Happy new year to you too, and thanks for the info. I reproduced the issue and there is a now a patch awaiting review. Ticket:

Re: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains)

On 6.1.2016 06:42, Devin wrote: > I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a > fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the > Kerberos domain as LNX.NINJA. Everything installs just fine without any > issues, and even when I log into FreeIPA

[Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains)

I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the Kerberos domain as LNX.NINJA. Everything installs just fine without any issues, and even when I log into FreeIPA and go to the DNS Manager i see that it

Re: [Freeipa-users] how to force switch to another kdc

On Tue, Jan 5, 2016 at 7:22 PM, Karl Forner wrote: > update: > > modifying the /etc/krb5.conf, and replacing the name of my freeipa master > by the replica fixes the problem. > So that proves that the kdc is not picked up by discovery. > > The problem is that my ubuntu box

Re: [Freeipa-users] Queries on migrating nis netgroups

On 05/01/2016 17:17, Rob Crittenden wrote: Martin Kosek wrote: On 01/05/2016 04:24 PM, Rob Crittenden wrote: Martin Kosek wrote: On 01/04/2016 10:41 PM, Rob Crittenden wrote: Martin Kosek wrote: ... I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM and it

Re: [Freeipa-users] Freeipa-users Digest, Vol 90, Issue 9

BlueBolt wrote: > Wow, that's fairly horrifying stuff, Rob. All of my NFS servers (and > current ldap-auth'd clients, which are not migrated to ipa-client) are > constrained to nfs3. I have no plans to v4 any of my nfs infrastructure > apart from one server eventually which will serve mostly

Re: [Freeipa-users] Freeipa-users Digest, Vol 90, Issue 9

Wow, that's fairly horrifying stuff, Rob. All of my NFS servers (and current ldap-auth'd clients, which are not migrated to ipa-client) are constrained to nfs3. I have no plans to v4 any of my nfs infrastructure apart from one server eventually which will serve mostly Macs for acl richness.