Re: [Freeipa-users] Samba Server setup

On Thu, 15 Sep 2016, Brook, Andy [CRI] wrote: On 9/15/16, 1:06 PM, "Alexander Bokovoy" wrote: On Thu, 15 Sep 2016, Brook, Andy [CRI] wrote: >All, > I’m working on setting up Samba to serve files from a server attached > to our IPA domain. I followed the

Re: [Freeipa-users] how to revert ipa-adtrust-install...

On Thu, 15 Sep 2016, Rob Crittenden wrote: Alexander Bokovoy wrote: On Thu, 15 Sep 2016, lejeczek wrote: is there any way to tell IPA not to control smb.service? Do not run ipa-adtrust-install on the IPA master. What do you mean control? If you don't want ipactl to manage the smb service,

Re: [Freeipa-users] Samba Server setup

On 9/15/16, 1:06 PM, "Alexander Bokovoy" wrote: On Thu, 15 Sep 2016, Brook, Andy [CRI] wrote: >All, > I’m working on setting up Samba to serve files from a server attached > to our IPA domain. I followed the directions in >

Re: [Freeipa-users] how to revert ipa-adtrust-install...

Alexander Bokovoy wrote: On Thu, 15 Sep 2016, lejeczek wrote: is there any way to tell IPA not to control smb.service? Do not run ipa-adtrust-install on the IPA master. What do you mean control? If you don't want ipactl to manage the smb service, look for an entry in

Re: [Freeipa-users] how to revert ipa-adtrust-install...

On Thu, 15 Sep 2016, lejeczek wrote: is there any way to tell IPA not to control smb.service? Do not run ipa-adtrust-install on the IPA master. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to

Re: [Freeipa-users] how to revert ipa-adtrust-install...

is there any way to tell IPA not to control smb.service? On 15/09/16 20:17, Alexander Bokovoy wrote: On Thu, 15 Sep 2016, lejeczek wrote: ... in a sense so IPA would keep away from local smb services? Not supported. -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] how to revert ipa-adtrust-install...

On Thu, 15 Sep 2016, lejeczek wrote: ... in a sense so IPA would keep away from local smb services? Not supported. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more

[Freeipa-users] how to revert ipa-adtrust-install...

... in a sense so IPA would keep away from local smb services? many thanks L. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Samba Server setup

On Thu, 15 Sep 2016, Brook, Andy [CRI] wrote: All, I’m working on setting up Samba to serve files from a server attached to our IPA domain. I followed the directions in https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA. Everything seems to work and I can access the

Re: [Freeipa-users] Samba Server setup

I too am running into this problem. Looking forward to some feedback regarding this issue. > On Sep 15, 2016, at 7:04 AM, Brook, Andy [CRI] > wrote: > > All, > I’m working on setting up Samba to serve files from a server attached to our > IPA domain. I followed the

[Freeipa-users] Samba Server setup

All, I’m working on setting up Samba to serve files from a server attached to our IPA domain. I followed the directions in https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA. Everything seems to work and I can access the files from another RHEL server attached to the

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

On Thu, Sep 15, 2016 at 1:03 PM, Ben Lipton wrote: > > On 09/15/2016 03:04 AM, Natxo Asenjo wrote: > > Hi Ben, > > On Wed, Sep 14, 2016 at 2:45 PM, Ben Lipton wrote: > > One other note - this could be a permissions issue. NSS seems to produce >> this

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

On 09/15/2016 03:04 AM, Natxo Asenjo wrote: Hi Ben, On Wed, Sep 14, 2016 at 2:45 PM, Ben Lipton > wrote: One other note - this could be a permissions issue. NSS seems to produce this confusing error message when it can't access the

Re: [Freeipa-users] certificates not renewing CA_UNREACHEABLE

On Thu, Sep 15, 2016 at 12:49 PM, Martin Basti wrote: > > > On 15.09.2016 12:44, Natxo Asenjo wrote: > > hi, > > On Thu, Sep 15, 2016 at 12:33 PM, Martin Basti wrote: > >> >> Hello, >> >> usually the most information can be found here >>

Re: [Freeipa-users] certificates not renewing CA_UNREACHEABLE

On 15.09.2016 12:44, Natxo Asenjo wrote: hi, On Thu, Sep 15, 2016 at 12:33 PM, Martin Basti > wrote: Hello, usually the most information can be found here /var/log/pki/pki-tomcat/ca/debug mmm, in this centos 6.8 system that does

Re: [Freeipa-users] certificates not renewing CA_UNREACHEABLE

hi, On Thu, Sep 15, 2016 at 12:33 PM, Martin Basti wrote: > > Hello, > > usually the most information can be found here > /var/log/pki/pki-tomcat/ca/debug > mmm, in this centos 6.8 system that does not exist: # ls -l /var/log/pki/pki-tomcat/ca/debug ls: cannot access

[Freeipa-users] ipa-server-certinstall -w -d mysite.key mysite.crt

Hello, FreeIPA 4.3.1 is it a workaround to install the key and cert with this command I have to insert a password, but the key file have no password? Afterward I have a Error from ipa-server-certinstall ? Thanks for the Help -- mit freundlichen Grüßen / best regards, Günther J.

Re: [Freeipa-users] certificates not renewing CA_UNREACHEABLE

On 15.09.2016 11:29, Natxo Asenjo wrote: hi, one of our master servers has a problem with its certificates: # getcert list Number of certificates and requests being tracked: 8. Request ID '20121107212513': status: CA_UNREACHABLE ca-error: Server failed request, will retry:

[Freeipa-users] certificates not renewing CA_UNREACHEABLE

hi, one of our master servers has a problem with its certificates: # getcert list Number of certificates and requests being tracked: 8. Request ID '20121107212513': status: CA_UNREACHABLE ca-error: Server failed request, will retry: 907 (RPC failed at server. cannot connect to

Re: [Freeipa-users] Issues with FreeIPA SSH Key authentication

Hi Lukas, ssh_config is also same on all servers. Our need is to do it both ways, to be able to login with ssh public keys(uploaded in IPA) and disable password login, and be able to access allhosts within the same IPA domain silently from any host. Hoping the configs will help, I am including

Re: [Freeipa-users] adding replica centos 7 to centos 6 fails [error] ObjectclassViolation: attribute "unhashed#user#password" not allowed

hi, the fact the the usercertificate attribute of uid=admin,ou=people,o=ipaca is expired could this be the cause of these problems as well? How can I renew this certificate? -- Groeten, natxo -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] How to make a FreeIPA node replica become Master?

On 14/09/16 23:19, Sergio Francisco wrote: Hi, We have a deployment of FreeIPA using 3 nodes (Master with more 2 replicas). Recently, the master node had a problem with the process 'ns-slapd' consuming 100% of CPU. During this problem, DNS service wasn't working, IPA admin UI encountered

Re: [Freeipa-users] Issues with FreeIPA SSH Key authentication

On (15/09/16 09:56), Venkataramana Kintali wrote: >Hi Lukas, >Thank you for responding. >I compared the configs.(sshd_config and sssd.conf ),they are same. Is /etc/ssh/ssh_config the same as well? NOTE: (ssh_config is not the same as sshd_config //extra 'd' in name) >sssd and sshd services are

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

Hi Ben, On Wed, Sep 14, 2016 at 2:45 PM, Ben Lipton wrote: One other note - this could be a permissions issue. NSS seems to produce > this confusing error message when it can't access the database, even if the > format of the database is actually fine. > > $ sudo chown

Re: [Freeipa-users] Issues with FreeIPA SSH Key authentication

Hi Lukas, Thank you for responding. I compared the configs.(sshd_config and sssd.conf ),they are same. sssd and sshd services are running on all the servers(IPA clients). PubKey Authentication is enabled on all the servers. I am not able to login with sshkeys. But I am able to ssh to these