Re: [Freeipa-users] ipa-server-upgrade fails and CA cannot start

2016-05-10 Thread Andrew C. Dingman
On Tue, 2016-05-10 at 10:16 +0200, Petr Vobornik wrote: > On 05/08/2016 09:49 PM, Andrew C. Dingman wrote: > >  > > "getcert list" successfully shows 8 certificate requests being > > tracked. > > Four are in "MONITORING" status, four in "NEED_CA". The NEED_CA > > requests all indicate expiration ba

[Freeipa-users] DHCP plugin (don't get your hopes up)

2016-05-10 Thread Jeffery Harrell
As promised yesterday, here’s the link to my bespoke DHCP plugin. It’s really nothing, just a little thing I whipped up for my own use. https://github.com/jefferyharrell/IPA-dhcp -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-user

[Freeipa-users] Determining the Renewal Master/First Master and backup restore strategies - Problems and Issues

2016-05-10 Thread opensauce .
Hi All, I would like to get right into my current issues. Operating system : CentOS Linux release 7.2.1511 (Core) Kernel Version : 3.10.0-327.10.1.el7.x86_64 IPA server Version : ipa-server-4.2.0-15.el7_2.6.x86_64 VM platform : ProxMox Virtual Environment Version 3.4-9/4b51d87a I have prepared,

[Freeipa-users] AD trust and UPN issue

2016-05-10 Thread Jan Karásek
Hi, thank you for the answer. I have already tried that workaround and still no luck. At the moment this is showstopper for us on two different projects at two different customers. Any chance to get it patch before 7.3 arrives ? Thanks, Jan -

Re: [Freeipa-users] DNS SubjectAltName missing in provisioned certificates

2016-05-10 Thread Youenn PIOLET
Thank you so much Fraser, My PKI is now working perfectly! Cheers -- Youenn Piolet piole...@gmail.com 2016-05-10 15:01 GMT+02:00 Fraser Tweedale : > On Tue, May 10, 2016 at 02:33:43PM +0200, Youenn PIOLET wrote: > > Hi Fraser, thanks a lot for your quick reply! > > > > Could you confirm whethe

Re: [Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread Rob Crittenden
barry...@gmail.com wrote: So now how can i restore the normal status. Can i export those acc out and restore to new server if same schema.? Manual backup restore i test before should work. This is a feature design page. The files there are notes, not a full list of things to backup, and defi

Re: [Freeipa-users] DNS SubjectAltName missing in provisioned certificates

2016-05-10 Thread Fraser Tweedale
On Tue, May 10, 2016 at 02:33:43PM +0200, Youenn PIOLET wrote: > Hi Fraser, thanks a lot for your quick reply! > > Could you confirm whether you are on RHEL / CentOS 7.2, and if so, > > whether it was installed at 7.2 or an upgrade from 7.1 or an earlier > > version? > > > > This is a replica tha

Re: [Freeipa-users] Fwd: AD trust and UPN issue

2016-05-10 Thread Jakub Hrozek
On Tue, May 10, 2016 at 02:17:07PM +0200, Jan Karásek wrote: > Hi all, > I have lab environment with IPA server and trust to Active directory. > IPA server is in a.example.com. > AD DC is in example.com. > We have also child AD subdomain ext.examle.com. > Everything is fine until the users in

Re: [Freeipa-users] DNS SubjectAltName missing in provisioned certificates

2016-05-10 Thread Youenn PIOLET
Hi Fraser, thanks a lot for your quick reply! Could you confirm whether you are on RHEL / CentOS 7.2, and if so, > whether it was installed at 7.2 or an upgrade from 7.1 or an earlier > version? > This is a replica that was previously installed in CentOS 7.1. I don't exactly remember but I think

[Freeipa-users] Fwd: AD trust and UPN issue

2016-05-10 Thread Jan Karásek
Hi all, I have lab environment with IPA server and trust to Active directory. IPA server is in a.example.com. AD DC is in example.com. We have also child AD subdomain ext.examle.com. Everything is fine until the users in AD domain ext.example.com gets the UPN suffix of the root AD domain - ex

Re: [Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread barrykfl
So now how can i restore the normal status. Can i export those acc out and restore to new server if same schema.? Manual backup restore i test before should work. 2016年5月10日 下午8:16 於 "Martin Basti" 寫道: > There is no ipa-restore or ipa-backup commands even on RHEL6.7, centos6.7, > so I have no i

Re: [Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread Martin Basti
There is no ipa-restore or ipa-backup commands even on RHEL6.7, centos6.7, so I have no idea how you got that commands there. If you just copy files manually it is not working as you can see. Martin On 10.05.2016 14:12, Barry wrote: The bottom manual files based backup restore . I remember

Re: [Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread Barry
The bottom manual files based backup restore . I remember there s one for 3.0 And test work before. 2016年5月10日 下午8:00 於 "Petr Vobornik" 寫道: > On 05/10/2016 01:49 PM, Martin Basti wrote: > > No there is not python 2.7 on centos 6.x, maybe there is something wrong > in the > > code, let me check f

Re: [Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread Petr Vobornik
On 05/10/2016 01:49 PM, Martin Basti wrote: > No there is not python 2.7 on centos 6.x, maybe there is something wrong in > the > code, let me check first How did you run the backup and restore? AFAIK it was introduced in FreeIPA 3.2, then it was introduced in ipa 3.3 release on RHEL 7. It is no

Re: [Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread Martin Basti
No there is not python 2.7 on centos 6.x, maybe there is something wrong in the code, let me check first On 10.05.2016 13:34, Barry wrote: Ipa 3.0 e47 Centos 6.5 . Just update python? 2016年5月10日 下午6:58 於 "Martin Basti" > 寫道: On 10.05.2016 12:41, barry...@gm

Re: [Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread Barry
Ipa 3.0 e47 Centos 6.5 . Just update python? 2016年5月10日 下午6:58 於 "Martin Basti" 寫道: > > > On 10.05.2016 12:41, barry...@gmail.com wrote: > > Hi: > > Restore form backup follow the procedure below: > http://www.freeipa.org/page/V3/Backup_and_Restore > > Now server web page launch but canot access

Re: [Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread Martin Basti
On 10.05.2016 12:41, barry...@gmail.com wrote: Hi: Restore form backup follow the procedure below: http://www.freeipa.org/page/V3/Backup_and_Restore Now server web page launch but canot access Sorry you are not allowed to access this service. Starting dirsrv: PKI-IPA...

Re: [Freeipa-users] DNS SubjectAltName missing in provisioned certificates

2016-05-10 Thread Fraser Tweedale
On Tue, May 10, 2016 at 11:51:26AM +0200, Youenn PIOLET wrote: > Hi Fraser, Martin, > > I've got exactly the same problem with no DNS AltName and OU=pki-ipa,O=IPA > in the subject. > Hi Youenn, I'm currently investigating this issue; the state of the system is clear but I'm still trying to work

[Freeipa-users] Restore form backup , start servrer will error but sucess

2016-05-10 Thread barrykfl
Hi: Restore form backup follow the procedure below: http://www.freeipa.org/page/V3/Backup_and_Restore Now server web page launch but canot access Sorry you are not allowed to access this service. Starting dirsrv: PKI-IPA... [ OK ] WISERS-COM.

[Freeipa-users] Upgrade to new IPA

2016-05-10 Thread barrykfl
Hi all: I m using freeipa 3.0 ...is there a fast way to export username / password and migrate to new 4.0 server not inplace upgrade .? Regards Barry -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org

Re: [Freeipa-users] Upgrade to new IPA

2016-05-10 Thread Petr Vobornik
On 05/10/2016 12:36 PM, barry...@gmail.com wrote: > Hi all: > > I m using freeipa 3.0 ...is there a fast way to export username / password > and > migrate to > new 4.0 server not inplace upgrade .? > The recommended method is to do an inplace upgrade to the latest RHEL/CentOS 6. Then migrate

Re: [Freeipa-users] DNS SubjectAltName missing in provisioned certificates

2016-05-10 Thread Youenn PIOLET
Hi Fraser, Martin, I've got exactly the same problem with no DNS AltName and OU=pki-ipa,O=IPA in the subject. ### certprofile $ ipa certprofile-show --out caIPAserviceCert.cfg caIPAserviceCert --- Profile configuration stored in file 'caIPAs

Re: [Freeipa-users] ipa-server-upgrade fails and CA cannot start

2016-05-10 Thread Petr Vobornik
On 05/08/2016 09:49 PM, Andrew C. Dingman wrote: > For those of you who recognize me from non-public lists and chats, this > is a whole different setup from the one we've been discussing there. > > This is on a RHEL 7 system, and unfortunately for me the CA master in > my personal IPA realm. When

Re: [Freeipa-users] server 1 and server 2 cannot replicate now may be ssl cert expire

2016-05-10 Thread barrykfl
Just wonder the freeipa package will have bugs if os too.old. 2016年5月10日 下午3:09 於 "Lukas Slebodnik" 寫道: > On (10/05/16 08:19), barry...@gmail.com wrote: > >Do u meant the error related to OS? > I mean that there are known bugs in FreeIPA components. > 389-ds, sssd > CentOS 6.5 is quite old v

Re: [Freeipa-users] server 1 and server 2 cannot replicate now may be ssl cert expire

2016-05-10 Thread Lukas Slebodnik
On (10/05/16 08:19), barry...@gmail.com wrote: >Do u meant the error related to OS? I mean that there are known bugs in FreeIPA components. 389-ds, sssd CentOS 6.5 is quite old version. I would really recommend to upgrade to the latest CentOS. If there are still problems on latest CentOS then