On 11/14/2013 08:56 AM, Rob Crittenden wrote:
> Andrea Bontempi wrote:
>>> This is incorrect. To validate a certificate you only need the CA public
>>> keys, not the private ones. Only having the ipa-ca-agent key is right.
>>> This is a temporary database, not the CA database. We are using this
>>>
On 11/14/2013 03:29 AM, Andrea Bontempi wrote:
> I did some tests: The error occurs when I use a CA managed by EJBCA,
> if I use a CA generated by openssl or nss everything works properly.
>
> The problem is that i can't reproduce the bug in an external nss
> db... but maybe I don't follow the sam
On 11/12/2013 11:36 AM, Rob Crittenden wrote:
> This is basically what I saw too. I'm waiting on someone from the NSS
> team to get back to me. This must have something to do with the way that
> OpenSSL validates certs vs NSS. Apparently NSS is being more picky but I
> don't know why yet.
FWIW
On 11/08/2013 08:53 AM, John Dennis wrote:
> FWIW I've authored a set of Python utilities to work with pem files for
> OpenStack. They work just fine with PEM blocks embedded with non-PEM
> text. I was thinking the utilities would also be useful in FreeIPA (in
> fact my experien
On 11/08/2013 04:56 AM, Petr Viktorin wrote:
> On 11/08/2013 09:01 AM, Martin Kosek wrote:
>> Thanks for heads up. You mean by the difference between "O=MW" and
>> "O=MELTWATER.COM"?
>> Petr, is this possible? Can it be validated in the the installer if this is
>> the
>> root cause?
Thats a good
On 09/23/2013 07:55 AM, John Dennis wrote:
> On 09/23/2013 07:19 AM, Arturo Borrero wrote:
>> Hi there!
>>
>> FreeIPA WebUI in spanish has some annoyances in how the text is showed.
>>
>> http://img545.imageshack.us/img545/9016/9eur.png
>>
>> We would l
On 09/23/2013 07:19 AM, Arturo Borrero wrote:
> Hi there!
>
> FreeIPA WebUI in spanish has some annoyances in how the text is showed.
>
> http://img545.imageshack.us/img545/9016/9eur.png
>
> We would like to switch from spanish to standar english in the WebUI.
>
> Could anyone please point me i
On 09/18/2013 01:53 PM, mees virk wrote:
> I do not have a valid support contract, or other contracts with RedHat.
> Doesn't that stop me from opening proper RFE ticket?
>
> In any case, my interest was this time solely for evaluation purposes.
> If I were actively choosing an integrated identity
On 09/05/2013 02:29 AM, Dmitri Pal wrote:
> On 09/05/2013 12:38 AM, Jason Prouty wrote:
>> This is the AV-Pair I would like to implement to pass back to radius.
>>
>>
>> dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com
>> objectClass: radiusObjectProfile
>> objectClass: radiusprofile
>> cn: priv
On 09/04/2013 05:41 PM, Jason Prouty wrote:
> I have the radius.schema file how do I add that into my ldap schema on
> IPA server.
>
> I see several ldif files /etc/dirsrv//schema but they are ldif
> files
>
>
>
> If I can extend my schema integration to free radius should be easy.
Is there a
On 09/03/2013 12:51 AM, Jason Prouty wrote:
> I have IPA-server installed and working for my linux servers
>
> I have several cisco Routers 2821 and juniper FW that I would like to
> authenticate against IPA.
>
> I have a free radius .schema file.
First you have to tell us what authentication pr
On 06/10/2013 04:50 PM, John Dennis wrote:
> Either dump the text form of your CA cert and send it along or send us
> the cert in PEM format and we'll open it up.
Actually in hindsight send us the all the Godaddy certs in PEM format
only, the tools need to read PEM format. Text form
On 06/10/2013 04:32 PM, John Moyer wrote:
> Do you mean doing this? If not let me know.
I'm afraid much of what has been done so far amounts to flailing about.
The information needed to resolve the problem is contained in your cert.
I'm pretty sure I asked for this information previously w
the issuer cert
from godaddy and add it to the database with trust flags turned on.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
;s with modutil
% sudo modutil -add ca_certs -libfile libnssckbi.so -dbdir /etc/httpd/alias
But that's a big hammer, you might be better off just manually just
adding the CA that signed your cert and adding trust for it. Examples
can be found here:
http://www.mozilla.org/projects/securi
d line interface. You can either call the ipa command from a shell
script or you can write your own Python scripts and invoke the IPA API
directly. Be careful though, the type of operations you've described all
require administrator privileges, it's not something a general user ca
l proceed everything should just work. Please let us
know if it doesn't. I'm not surprised we still have some IPv6 bumps to
smooth out, it doesn't get exercised as much as IPv4. FWIW we fully
expect IPv6 enabled systems to be dual stack.
--
John Dennis
Looking to carve out IT
make it work with ipa?
thanks in advance,
Bartek.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
__
the server it
found in your dns srv record. I can't explain that srv record or whether
you've got a valid IPA server running there or not.
I would check the apache config on aurora.
Do you have a:
/etc/httpd/conf.d/ipa.conf
file?
Are there any .rpmew files under /etc/httpd?
Have
On 03/01/2013 04:01 PM, John Dennis wrote:
On 03/01/2013 03:17 PM, KodaK wrote:
On Thu, Feb 28, 2013 at 5:01 PM, John Dennis wrote:
On 02/28/2013 05:34 PM, KodaK wrote:
BTW, why are you parsing diagnostic output?
I haven't actually started yet, I was just getting my bearings.
On 03/01/2013 03:17 PM, KodaK wrote:
On Thu, Feb 28, 2013 at 5:01 PM, John Dennis wrote:
On 02/28/2013 05:34 PM, KodaK wrote:
BTW, why are you parsing diagnostic output?
I haven't actually started yet, I was just getting my bearings.
I was going to wrap the commands in some scripts
On 02/28/2013 05:34 PM, KodaK wrote:
On Thu, Feb 28, 2013 at 3:27 PM, John Dennis wrote:
On 02/28/2013 04:18 PM, KodaK wrote:
When performing an operation with the IPA tools, I get a message every
time similar to this:
ipa: INFO: Forwarding 'hbactest' to server u'https://ip
hod is used, not sure
if this is one of those or not. We were using repr because early on we
were not consistent with whether we used str's or unicode objects and it
was handy to know the difference, it's not so much of an issue any more.
--
John Dennis
Looking to carve out IT
ing certs to which is a significant security issue. This FAQ entry
from cacert will help clarify:
http://wiki.cacert.org/SubRoot
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@
I said it should be easy to find. Look in
that file for obvious problems.
HTH,
I forget the exact version you're running on which OS. If the above is
not specific enough we can get the dogtag folks to jump in.
--
John Dennis
Lookin
g/freeipa/ticket/2695, but apparently
we didn't. Anyway the error message is a red herring, your connection
problems lie elsewhere.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
ning the client
install interactively?
Is the realm EXAMPLE.COM really correct?
Are you able to do a kinit for ipa-b...@example.com on the client
successfully?
Are your kerberos ports open?
--
John Dennis
Looking to carve out IT costs?
www.redhat.co
On 02/15/2013 04:54 PM, Orion Poplawski wrote:
On 02/15/2013 02:34 PM, John Dennis wrote:
On 02/15/2013 04:16 PM, Orion Poplawski wrote:
Hmm, that is the filter in TB for me too, but:
[15/Feb/2013:11:17:21 -0700] conn=931 op=1 SRCH
base="ou=people,dc=nwra,dc=com" scope=2
filte
On 02/15/2013 04:16 PM, Orion Poplawski wrote:
On 02/15/2013 02:02 PM, John Dennis wrote:
On 02/15/2013 03:57 PM, Orion Poplawski wrote:
On 02/15/2013 01:56 PM, John Dennis wrote:
On 02/15/2013 03:46 PM, Simo Sorce wrote:
This is an interesting use case, it would probably be appropriate to
On 02/15/2013 03:57 PM, Orion Poplawski wrote:
On 02/15/2013 01:56 PM, John Dennis wrote:
On 02/15/2013 03:46 PM, Simo Sorce wrote:
This is an interesting use case, it would probably be appropriate to
have a RFE filed to allow to create ipa users marked as 'non-person' so
that th
oblem. But the part of
the requirement is not to have non-humans show up in every client (e.g.
mail clients) that support LDAP directory lookups. That means they have
to modify the filter on every client. That's a tall order :-(
--
John Dennis
Looking to carve out IT costs?
www.redhat.co
Your other alternative is not put these system users in LDAP and instead
use local users & groups managed via some other mechanism (puppet?).
I'm not sure this issue has come up before, it does present some
interesting issues.
John
--
John Dennis
Looking to carve out IT costs?
www.r
On 02/15/2013 01:39 PM, Orion Poplawski wrote:
On 02/15/2013 11:38 AM, John Dennis wrote:
On 02/15/2013 01:35 PM, Rob Crittenden wrote:
John Dennis wrote:
The example cited was the apache user, a system daemon. For system users
bound to system daemons I stand by what I said. If you want to
On 02/15/2013 01:35 PM, Rob Crittenden wrote:
John Dennis wrote:
The example cited was the apache user, a system daemon. For system users
bound to system daemons I stand by what I said. If you want to talk
about other system users not bound to a daemon than state that rather
than confusing the
The example cited was the apache user, a system daemon. For system users
bound to system daemons I stand by what I said. If you want to talk
about other system users not bound to a daemon than state that rather
than confusing the issue.
--
John Dennis
Looking to carve out IT costs
27;s. Also
these system users are automatically created when you install the
package. Thus there is little point in trying to manage them. If you
find yourself with a need to manage them step back and ask yourself why.
--
John Dennis
Looking to carve out IT costs
TA's support this).
Then our config would have a LMTP domain socket pathname, if that
pathname exists and we can connect to it we use, if not we fallback to
not generating any mail.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
hooks" to execute code
when an action occurs. But from everything you've said so far you imply
it does provide such hooks. Perhaps if you could be more specific we
could be more helpful.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
__
On 02/07/2013 08:42 PM, Umarzuki Mochlis wrote:
Hi,
Is it possible to create groups and add users to that group via CLI?
So far, I could not find any sample command on doing that.
The ipa CLI has help
% ipa help user
% ipa help group
% ipa help user-add
etc.
--
John Dennis
Looking to
On 02/05/2013 01:40 PM, Thomas Sailer wrote:
On 02/05/2013 06:32 PM, John Dennis wrote:
% ipactl status
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
pki-cad Service: RUNNING
ipa: INFO: The ipactl
it hard to read.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
e of us can help diagnose it.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
, available CPU, etc.
Things like adding a user, or adding a user to a group are not compute
intensive and should execute quickly. For your intended use I don't see
any issues with the elapsed time for command execution.
--
John Dennis
Looking to carve out IT costs?
www.redh
r IdM triggers a transaction and it
completes within a few seconds is that real time?
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 01/18/2013 10:13 AM, John Dennis wrote:
On 01/18/2013 09:31 AM, Han Boetes wrote:
In the users file
DEFAULT Auth-Type = Kerberos
Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15"
Be careful!
It's almost never a good idea to set the Auth-Type in
he moment.
All I'm trying to say is what you've done above will work only in a very
constrained scenario, it is not a general solution. The FreeRADIUS list
is filled with folks attempts to force an Auth-Type in the users file
only to discover their woes.
-
principal. This is configured in /etc/raddb/modules/krb5, by default it's
krb5 {
keytab = /path/to/keytab
service_principal = name_of_principle
}
How did you configure these?
--
John Dennis
Looking to carve out IT costs?
www
On 01/12/2013 06:52 AM, Umarzuki Mochlis wrote:
2013/1/12 John Dennis :
1) Download the source rpm matching the version you have installed, add the
patch, rebuild the rpm locally, install the locally built rpm.
how do i 'add the patch' to source rpm? any documentation that i can
fo
On 01/11/2013 03:52 PM, Dmitri Pal wrote:
On 01/11/2013 03:27 PM, John Dennis wrote:
On 01/11/2013 03:10 PM, Dmitri Pal wrote:
On 01/10/2013 11:00 AM, John Dennis wrote:
On 01/10/2013 08:15 AM, Petr Spacek wrote:
Hello,
is there any user of CSV support built-in to IPA administration tools
On 01/11/2013 03:10 PM, Dmitri Pal wrote:
On 01/10/2013 11:00 AM, John Dennis wrote:
On 01/10/2013 08:15 AM, Petr Spacek wrote:
Hello,
is there any user of CSV support built-in to IPA administration tools
("ipa"
command)? Do you consider it sane or even useful? Please reply.
I
build a patched RPM.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
would expand to
ipa dnsrecord-add example.test. newrec --txt-rec=1 --txt-rec=2 --txt-rec=3
--txt-rec=4 --txt-rec=5 --txt-rec=6 --txt-rec=7 --txt-rec=8 --txt-rec=9
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 12/19/2012 01:10 PM, Andre Rodrigues wrote:
Thank you all for the answers..
I noticed that I had installed freeipa with incorrect parameters, so I
reinstalled freeipa and I think now default.conf is correct.
answering some questions:
On 12/18/2012, John Dennis wrote:
Please provide the
On 12/19/2012 05:50 AM, Sumit Bose wrote:
On Wed, Dec 19, 2012 at 09:13:21AM +0100, Petr Spacek wrote:
On 12/18/2012 09:56 PM, John Dennis wrote:
ipa: ERROR: unable to parse cookie header
'ipa_session=f963e8e4006fdcd79e1a2a5a989b4d01; Domain=;
Path=/ipa; Expires=Thu, 18 Dec 2012 13:54:3
On 12/18/2012 03:30 PM, Sumit Bose wrote:
On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote:
On 12/18/2012 01:26 PM, Andre Rodrigues wrote:
Hi all,
I'm testing AD trust following this how to:
http://www.freeipa.org/page/IPAv3_testing_AD_trust
but when I set "ipa dnszone-
datetime 'Tue, 18 Dec 2012 18:32:05'
Sorry, someone else will have to help you with the below:
ipa: ERROR: Cannot perform join operation without Samba 4 support installed.
Make sure you have installed
server-trust-ad sub-package of IPA
but I hav
.
1) Make sure F18 is fully updated via yum
2) reboot
3) reboot
Yes, that's right, reboot twice! (Apparently that's needed to get
systemd updates installed and working)
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
(e.g. F17, RHEL 6.3)?
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
IPA
packages and the dogtag packages. You didn't mention which OS you're
using nor the versions of the relevant packages, that would have been
helpful. In any event I would make sure all your packages are up to date.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/
x27;t think we can file a bug at this point, but perhaps we need to
pay attention and see if anyone else gets bitten by this.
John
----
*From:* John Dennis
*To:* a...@redhat.com
*Cc:* george he ;
at's a valid jar? If not can you locate jss4.jar? Is it now under
/var/lib64/java? If so adjust the symbolic link under
/var/lib/pki-ca/common/lib to point to it. Do thinks work now after
restarting?
John
--
John Dennis
Looking to carve out IT costs?
www
pki-ca is running via either
the service or systemctl command. Do you see any errors in the log files
found under /var/log/pki-ca?
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-u
en to
/var/log/httpd/error_log which may have more detailed messages
indicating where things might be going wrong.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@r
is it the correct host? If not then
the server will assume it's co-located on the same machine. Is your CA
on the same machine as your IPA server?
One other thing to check, is the CA running? Do an ipactl status to
verify or an ipactl restart.
--
John Dennis
Looking to car
Thanks for the contribution Chris!
Just as an aside if you know Python you can call the IPA commands
directly and use Python to extract and reformat the data, it might be a
lot simpler than doing the bash/awk dance.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
the SSL/TLS protocols. IPA also makes sure strong
encryption is utilized for those tunnels. Strong authentication is also
required at the endpoints of those tunnels.
It really wouldn't make much sense to design an authentication and
security manager that itself wasn't secure :-)
--
You can however assign users, hosts, etc. to groups. Then use group
membership to control how a particular group of users behaves. It's easy
to automate group membership via automember.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
credentials the automatic SSO process will be applied the
next time you visit the web UI.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
d the
contents of the log to one of the IPA team members directly in a private
email, not to the public freeipa list.
Thanks!
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-
application/json jquery.js:7365
Script 556.94KB 553.40KB 3.84s 2.99s 855ms (2.88s waiting)
json/ipa/session POST 200 Success application/json jquery.js:7365
Script 46.93KB 46.38KB 1.52s 1.51s (1.40s waiting)
Steve
___
Freeipa-users mailing list
Freei
amps used for managing
session timeouts. It wouldn't be too hard to expand this to time how
long it takes a command to execute because it's evaluated for every
command. Combined with timestamping in the UI code we could get a
reasonable idea of where some bottlenecks lie (or don't).
dividually each needs
to be setup separately with lot of pain.
Absolutely, the pain threshold of setting those component up and getting
them to play together is high. One of the primary design goals of
FreeIPA is to eliminate those pain points so you can focus on
administrating your user base.
make it vastly more powerful by layering
a lot of sophisticated functionality on top it which is fully integrated
and easy to use.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users
a facility available to acquire a kerberos ticket.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 04/30/2012 08:27 AM, John Dennis wrote:
Agreed. We should not try to influence family selection.
I will open an IPA trac ticket.
https://fedorahosted.org/freeipa/ticket/2695
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
On 04/30/2012 03:54 AM, Petr Spacek wrote:
On 04/27/2012 02:43 PM, John Dennis wrote:
On 04/27/2012 04:45 AM, Petr Spacek wrote:
On 04/26/2012 11:42 PM, Simo Sorce wrote:
On Thu, 2012-04-26 at 21:18 +, Steven Jones wrote:
Hi,
FYI,
I shutdown IPv6 as we dont do IPv6 and found that IPA
lback to other mechanisms if getaddrinfo is not available)
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 04/03/2012 09:17 PM, Steven Jones wrote:
My gui doesnt have the "logout" button.
:(
It will :-) It's a new feature, currently in beta.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-use
em "logout". Click on the logout and you will be
logged out and then you can log back in as someone else.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
ht
On 04/03/2012 05:58 PM, Steven Jones wrote:
So how do I login without a kerberos ticket?
See attached screenshot snippets
From: John Dennis [jden...@redhat.com]
Sent: Wednesday, 4 April 2012 9:52 a.m.
To: Steven Jones
Cc: Petr Spacek; freeipa-users
What are you trying to accomplish? In IPA 2.2 you can log onto the web
UI without a kerberos ticket by using password based auth, thus the web
UI no longer requires a kerberos ticket. This applies only to the web
UI, not other IPA components (at the moment).
John
--
John Dennis
Looking to
the
client code we weren't aware of and need to fix this. If that's true
would you please file a bug here:
https://fedorahosted.org/freeipa/
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
o the
ipa-and-samba-team-automation list, you can subscribe if you wish.
Archives of the automation list can be found here:
http://post-office.corp.redhat.com/archives/ipa-and-samba-team-automation
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveout
e KDC) enctype. This is so that a client can use the
strongest enctype it has crypto support for.
Sure, that makes sense. But this is new behavior, what changed?
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-
enctypes? Is it to satify forwarding/proxy
when you don't know a prori which enctype the foreign endpoint will require?
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redha
her and would love for one of our Kerberos gurus to provide an
explanation.
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
ty as well as capturing auditable system events. As
yet there hasn't been a consensus. Until such time as a consensus forms
around the methods, tools, and libraries in this domain we won't proceed
further with the A part of IPA. However, we are actively participating
in these discussi
help as I can give you at the moment.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
the files are there, so I assume yum is somehow
confused.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
o lock the repo while it's being populated so
on occasion you may see some odd failures if you happen to hit it while
it's updating.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailin
u took that and ran it through a base64 decoder you'd have DER
format. You can't get DER directly right now. We could probably add
an option to write a file in DER format if you wanted to open an RFE
on our trac instance.
--
John Dennis
Looking to carve out IT costs?
www
convert
PEM to DER. There should be an existing utility to do it. If not it's as
simple as taking the text between the PEM delimiters and base-64
decoding it.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
F
open an RFE (Request for Enhancement) on
https://fedorahosted.org/freeipa/
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 11/17/2011 01:40 PM, Alexander Bokovoy wrote:
On Thu, 17 Nov 2011, John Dennis wrote:
My guess is this is due to the fact these jars changed their location. The
symlinks to the jars are established by pkicreate. We have a bug open to
enchance pkicreate (or add a new tool) which will adjust
On 11/17/2011 11:46 AM, Dan Scott wrote:
On Thu, Nov 17, 2011 at 11:35, John Dennis wrote:
On 11/17/2011 11:25 AM, Adam Young wrote:
To summarise, the errors are:
SEVERE: Error initializing socket factory
java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
SEVERE: Failed to
c links to see if any are dangling. If so adjust
the link to point to it's new location.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 10/05/2011 09:44 AM, Dmitri Pal wrote:
On 10/04/2011 11:14 AM, John Dennis wrote:
On 10/04/2011 10:50 AM, Jimmy wrote:
I've been searching and see a few references to freeRADIUS used with
FreeIPA, but I don't see any substantial information on the subject. Is
there a proced
ure. This presents a design issue
for us to resolve, as such it has been pushed out.
Refer to this chart for more information:
http://deployingradius.com/documents/protocols/compatibility.html
--
John Dennis
Looking to carve out IT costs?
www.redh
On 08/09/2011 12:06 AM, John Dennis wrote:
I believe the fix was incorporated into this RPM, curl-7.21.3-9.fc15 and
was pushed into the stable update at 2011-08-09 01:29:07
xmlrpc-c is dependent on libcurl and is utilized by IPA. I do not
believe there is new version of xmlrpc-c built against
27;re expecting it shortly.
I would recommend you install the new curl version from F15 updates and
I'll appraise you of the status of xmlrpc-c in the morning.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Fre
1 - 100 of 114 matches
Mail list logo