[Freeipa-users] FreeIPA Read Only Replica

Team, Is it possible to setup read only replica for use in DMZ for example? Regards, Andrey -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] ipa-replica-conncheck wants listener on port 7389

I'm part way through my CentOS 6 to 7 "upgrade". I've reached the point of trying to set up my new IPA server as a replica of a temporary VM. ipa-replica-conncheck is complaining, because nothing on the temporary server is listening on port 7389. The documentation here: https://access.redhat.c

Re: [Freeipa-users] Ubuntu client 2FA not working

Tommy Nikjoo writes: > I'm having some issues with 2FA PAM config's on Ubuntu clients. > Currently, I'm guessing that the PAM module doesn't know how to talk to > the 2FA protocol. Is anyone able to give an in site into how to get > this working correctly? Can you provide logs what doesn't wor

Re: [Freeipa-users] AD Sites and Trusts

On Mon, Feb 27, 2017 at 01:50:50PM -0600, Jason B. Nance wrote: > Hello, > > I was wondering if this thread regarding AD trusts and sites is still correct: > > https://www.redhat.com/archives/freeipa-users/2015-December/msg00214.html > > (no way to make use of AD sites) Well, you can configure

[Freeipa-users] AD Sites and Trusts

Hello, I was wondering if this thread regarding AD trusts and sites is still correct: https://www.redhat.com/archives/freeipa-users/2015-December/msg00214.html (no way to make use of AD sites) If so, is there already an RFE for this that I can vote for and track? Thanks, j -- Manage your su

Re: [Freeipa-users] New install, unsupported format?

On Mon, Feb 27, 2017 at 5:56 AM, Standa Laznicka wrote: > Sorry for the hold up. Two questions - is this domain level 1 or 0 (you can > run `ipa domainlevel-get` on the master if you don't know)? Did you have a > client installed prior to ipa-replica-install? It's level 1. I did have a couple cl

Re: [Freeipa-users] ID Mapping

Thanks Jakub!! *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com * 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Mon, Feb 27, 2017 at 7:26 AM, Jakub Hrozek wrote: > On Sun, Feb 26, 2017 at 12:12:23PM -0800, Hanoz Elavia wrote: > > H

Re: [Freeipa-users] CentOS 6 -> 7 migration

I've had success going from RHEL6 to RHEL7 and IPA 3.0 to 4.4, without losing any data/objects/clients. It is as you found though, through replication. I've followed this guide for IPA upgrade: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Aut

Re: [Freeipa-users] Ubuntu client 2FA not working

Tommy Nikjoo writes: > I'm having some issues with 2FA PAM config's on Ubuntu clients. > Currently, I'm guessing that the PAM module doesn't know how to talk to > the 2FA protocol. Is anyone able to give an in site into how to get > this working correctly? I'm not finished with my quest, but I

[Freeipa-users] Migration of FreeIPA issue tracker - Trac and git repo to pagure.io

Hello list, today and tomorrow a migration of FreeIPA issue tracker[1] and git repo will take place. It is due to FedoraHosted sunset [2]. Both will be migrated to pagure.io [3]. During this migration it won't be possible to add new tickets and comments to Trac or Pagure. [1] https://fed

[Freeipa-users] Kerberos - Weblogic SSO in IPA

Hi, I'm trying to help a Weblogic admin trying to enable SSO using IPA as a backend in AD trust, and I'm not anywhere near a Java or Weblogic man. The ticket looks OK, and I can kinit it. Klist shows: # klist -ke sso.keytab Keytab name: FILE:sso.keytab KVNO Principal

Re: [Freeipa-users] New install, unsupported format?

On 02/24/2017 08:38 PM, Steve Huston wrote: So, I tried a different tack. Took my bare VM configured as an IPA client, did a 'yum install ipa-server' and edited the cainstance.py file to fix the IPv6 issue. Then, without adding the host to ipaservers in the webui, I simply tried to promote it:

Re: [Freeipa-users] named-pkcs11: option 'serial_autoincrement' is not supported, ignoring

On 26.02.2017 07:35, Jochen Hein wrote: Jochen Hein writes: I'm implementing logcheck on my server and found the following message in my logs: Feb 26 05:30:26 freeipa2 named-pkcs11[4935]: option 'serial_autoincrement' is not supported, ignoring | Updates and Upgrades | | Replace serial_a

Re: [Freeipa-users] named-pkcs11: dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute; cnamerecord': unknown class/type

On 26.02.2017 07:37, Jochen Hein wrote: When reloading named I get the following message 8 times: Feb 26 05:30:27 freeipa2 named-pkcs11[4935]: dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type I do have cnames in my zones, but what is missin