[Freeipa-users] Using puppet to add servers to IPA

2014-04-10 Thread Brent Clark
Hello, I'm looking to use puppet to add my servers to IPA automatically. This would be used when building VMs from templates and their first puppet run would add them into IPA. I am wondering if anyone has any success with doing this? Any thing I should consider... any gotchas. Thanks! --

[Freeipa-users] cannot delete PTR DNS records from the command line

2014-02-13 Thread Brent Clark
I have run into a problem where I cannot delete PTR DNS records from the command line. This is something that until recently I have never attempted. IPA version = ipa-server-2.2.0-17.el6_3.1.x86_64 When I try to delete a PTR record I get this message. ipa dnsrecord-del 41.100.10.in-addr-arpa.

Re: [Freeipa-users] cannot delete PTR DNS records from the command line

2014-02-13 Thread Brent Clark
dnszone-show 41.100.10.in-addr-arpa. ipa: ERROR: 41.100.10.in-addr-arpa.: DNS zone not found host 10.100.41.250 250.41.100.10.in-addr.arpa domain name pointer test1.test.com. On Thu, Feb 13, 2014 at 8:23 AM, Petr Spacek pspa...@redhat.com wrote: On 13.2.2014 16:15, Brent Clark wrote: I have

Re: [Freeipa-users] cannot delete PTR DNS records from the command line

2014-02-13 Thread Brent Clark
.in-addr.arpa. Not: 41.100.10.in-addr-arpa. HTH On 13.2.2014 16:40, Brent Clark wrote: Here are the results of the commands asked for. Also attached is a png of the webui showing the zone and record exists that I want to delete. Many Thanks! ipa dnsrecord-find 41.100.10.in-addr-arpa

[Freeipa-users] WebUI questions.

2014-02-13 Thread Brent Clark
When I assign a user the role of User Administrator, when they log into the WebUI, they can see all the role, dns, config, tab and links. They should only see the necessary tabs and links that having that role requires and none of the extra stuff. Is there a way to limit when appears in the

[Freeipa-users] Cisco ASA and Foreman

2013-05-01 Thread Brent Clark
Hello everyone, First I want to say how much help everyone is and that I am migrating servers to FreeIPA clients. :) I also have a couple other devices/applications that are currently set up to query my old LDAP infrastructure for authentication. I have been able to migrate them to FreeIPA, but

Re: [Freeipa-users] Freeipa-users Digest, Vol 57, Issue 66

2013-04-25 Thread Brent Clark
I use the following on my CentOS 6.3 servers for the ssh keys to work from IPA. sshd.conf AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys -- To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Freeipa -ssh keys

[Freeipa-users] Cloned server

2013-04-23 Thread Brent Clark
Question, Using ESXi to run many virtual servers in my environment. Sometimes its necessary to clone a server to a new name to have a copy of it. If the server is a IPA member, so will be the clone (?) until the clones hostname changes. I have done some looking around and I haven't found a

Re: [Freeipa-users] Replication Issue

2013-04-05 Thread Brent Clark
: 49 - LDAP error: Invalid credentials last update ended: 2013-04-04 20:06:55+00:00 On Thu, Apr 4, 2013 at 2:51 PM, Rob Crittenden rcrit...@redhat.com wrote: Brent Clark wrote: Ok, I have done as Steven Jones requested... here is the output from the replica I am able to kinit to admin

Re: [Freeipa-users] Replication Issue

2013-04-05 Thread Brent Clark
:41 AM, Simo Sorce wrote: On Fri, 2013-04-05 at 08:30 -0600, Brent Clark wrote: You were correct, my reverse DNS entries for the master and replica were missing. Odd, since they both existed at one point. Rob, I think we should open a ticket against 389ds, we should never depend on PTR

[Freeipa-users] Replication Issue

2013-04-04 Thread Brent Clark
Ok, I have done as Steven Jones requested... here is the output from the replica I am able to kinit to admin using the password. issuing the ipa-replica-manage command on the replica for the replica replcia.mydomain.com: replica last init status: None last init ended: None last update

[Freeipa-users] Replication Issue

2013-04-03 Thread Brent Clark
I have set up 2 IPA servers. I followed the docs on Redhat site to do so. Everything went smooth and the replica was able to pull everything from the master. I was able to import data from an LDAP server and all my users and groups show up fine. I changed my user id password in the GUI on the