http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
http://www.freeipa.org/page/Howto/Promoting_a_self-signed_FreeIPA_CA
On 7/23/14, 11:21 AM, Rob Crittenden wrote:
> John Moyer wrote:
>> Hello All,
>>
>> I was going to promote one of
time period.
Thanks,
----
John Moyer
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
logon and restart sssd on every
>> VM manually.
> Hello Bruno, see my reply to John, if you can capture the sssd logs,
> that would be very welcome in tracking down the problem.
>
>> - Mensagem original -
>>
>> De: "John Moyer"
>> Para: "
> On Mon, Jul 07, 2014 at 11:36:26AM -0400, John Moyer wrote:
>> Hello All,
>>
>> Some of the services in IPA stopped responding and I restarted the
>> service (as I couldn't login to the website or via ssh to any registered
>> hosts). After the restart
sd on.
Any suggestions how to fix the rest without having to go to all of
them to restart sssd?
Thanks,
John Moyer
Director, IT Operations
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redha
Please ignore this problem, I found the problem, embarrassing as this
is, a host file was in place where I didn't expect it, the user was not
created in the correct system.
John
On 6/18/14, 9:02 AM, John Moyer wrote:
> Rob,
>
> That is correct, I just put my ssh key in for tha
information.
On 6/17/14, 11:26 AM, Rob Crittenden wrote:
> John Moyer wrote:
>> Sorry forgot the second part of your question:
>>
>> rpm -qa | grep ipa
>> libipa_hbac-1.9.2-129.el6_5.4.x86_64
>> ipa-server-3.0.0-37.el6.x86_64
>> ipa-pki-ca-theme-9.0.3-7.el6.
-3.0.0-37.el6.x86_64
ipa-admintools-3.0.0-37.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-server-selinux-3.0.0-37.el6.x86_64
John
On 6/17/14, 8:30 AM, John Moyer wrote:
> I'm using ldapsearch. The command I was using was like the one below
> (edited to protect creds/users).
>
7; uid=first.last
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: uid=first.last
# requesting: ALL
#
# search result
search: 3
result: 0 Success
# numResponses: 1
Any help is much appreciated!
Thanks,
John
On 6/16/14, 6:22 PM, Rob Crittenden wrote:
> John Moyer wrote
emove ldapsearch work on new users would
be greatly appreciated!
Thanks,
John Moyer
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/fr
-DIGITALREASONING-COM/
lrwxrwxrwx 1 root root 12 Aug 27 03:21 db -> /dev/shm/db/
At this point I just want confirmation that my data is gone. I was doing
backups, but of the disks not the RAM.
Thanks,
_____
John Moyer
Director, IT Operations
On
.
Thanks,
_
John Moyer
Director, IT Operations
On Feb 13, 2014, at 2:10 PM, Rob Crittenden wrote:
> John Moyer wrote:
>> Hello All,
>>
>> We’ve been running IPA now nicely for a while, and I wrote a script to
>> run some
erver in LDAP:
No master found because of error: {'matched': 'dc=digitalreasoning,dc=com',
'desc': 'No such object'}
Thanks,
_____
John Moyer
Director, IT Operations
signature.asc
Descripti
1000 times or so to do the
sync. The logs didn't show but one search done that didn't have an index
which is why we concluded it wasn't an index issue.
Thanks,
_____
John Moyer
Director, IT Operations
On Sep 4, 2013, at 9:5
Sure, just let me know what needs to be run/applied. I've already rolled back
to LDAP, so if the fix looks like it works I can then roll it out again.
Thanks,
_
John Moyer
Director, IT Operations
On Sep 4, 2013, at 9:12 AM, Dmitri Pal
rver would run circles around IPA even though it was on a smaller
machine. LDAP would run at about 10% maybe 15% CPU when the JIRA sync ran.
IF you need any other information let me know.
Thanks,
_
John Moyer
Director, IT Operations
hanks,
_
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@digitalreasoning.com
Office: 703.678.2311
Mobile: 240.460.0023
Fax:703.678.2312
www.digitalreasoning.com
On Sep 4, 2013, at 3:44 AM, Martin Kosek wrote:
>
I'm sorry that was my top unique filter list not my unindexed list. Please
disregard my last email.
Thanks,
_
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@digitalreasoning.com
Office: 703.678.2311
M
Thanks,
_
John Moyer
Director, IT Operations
On Aug 30, 2013, at 3:41 PM, Rich Megginson wrote:
> On 08/30/2013 01:31 PM, John Moyer wrote:
>> Rob or anyone else,
>>
>> So while struggling along on this server I just grabbed the logs off it and
&
(objectclass=*)
4560(&(objectclass=inetorgperson)(uid=senior.developer.login))
307 (objectclass=krbticketpolicyaux)
292 (uid=*)
Thanks,
_____
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@dig
So this method of search logs is great, and it shows some indexes that would
likely highly increase efficiency with my usage. So, are there instructions
how to do that? or do you know off hand how to do that?
Thanks,
_
John Moyer
SSL Client Binds:0
Failed SSL Client Binds: 0
SASL Binds: 1466
1458 GSSAPI
8 EXTERNAL
Directory Manager Binds: 10
Anonymous Binds: 1476
Other Binds: 60657
Thanks,
_
Is there any way to see what fields are index'ed?
Thanks,
_
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@digitalreasoning.com
Office: 703.678.2311
Mobile: 240.460.0023
Fax:703.678
,
_
John Moyer
Director, IT Operations
On Aug 27, 2013, at 10:14 AM, Rob Crittenden wrote:
> John Moyer wrote:
>> Ok, so we tried to implement this again, and as soon as we put on a
>> server that authenticates heavily the IPA cam
reciated.
Thanks,
_____
John Moyer
Director, IT Operations
On Aug 7, 2013, at 4:08 PM, John Moyer wrote:
>
> Thanks,
> _____
> John Moyer
> Director, IT Operations
> Dig
ervers years ago).
Also is there an easy place to set log rotation settings? (If it's log
rotate just let me know, I just don't want to step on an internal app rotate).
Thanks,
_____
John Moyer
Director, IT Operations
s
Peter,
Did you get this to work, I know this is an old thread, but where did you put
those java parameters? I am trying to get GADS to work for my IPA server and
think this is my problem.
Thanks,
_
John Moyer
On May 7, 2013, at 4:37 AM
sdb]#
Thanks,
_____
John Moyer
Director, IT Operations
On Jun 10, 2013, at 4:42 PM, Rob Crittenden wrote:
> John Moyer wrote:
>> Rob,
>>
>> Do you mean doing this? If not let me know.
>>
>> [root@pki]# ls -la
>> total 32
>>
nks,
_____
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@digitalreasoning.com
Office: 703.678.2311
Mobile: 240.460.0023
Fax:703.678.2312
www.digitalreasoning.com
On Jun 10, 2013, at 4:19 PM, Rob Crittenden wrote:
> John Moyer
hings were
wrong before all of them stemmed from putting in the Godaddy signed cert.
Thanks,
_
John Moyer
Director, IT Operations
On Jun 10, 2013, at 2:30 PM, Dmitri Pal wrote:
> On 06/10/2013 02:17 PM, John Moyer wrote:
>> I don&
ficate
Thanks,
_____
John Moyer
Director, IT Operations
On Jun 10, 2013, at 9:52 AM, John Moyer wrote:
> Rob,
>
> Sorry for the late response I tried the following
>
> [root@etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class
> 2 Certification Autho
.
Peer certificate cannot be authenticated with known CA certificates
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Any additional suggestions?
Thanks,
_____
John Moyer
Director, IT Operations
On May 29, 20
Rolling back changes.
IPA client is not configured on this system.
Thanks,
_____
John Moyer
Director, IT Operations
On May 29, 2013, at 12:20 PM, Rob Crittenden wrote:
> John Moyer wrote:
>> John,
>>
>> I see the follow
! Now I just have the cert
issue, I'll email back after I gather more of the details around the remaining
issues I'm having. Thanks for your help!
Thanks,
_
John Moyer
Director, IT Operations
On May 29, 2013, at 10:24 AM, Petr Spa
ification Authority - ValiCert, Inc.,,
MyIPACTu,Cu,u
Thanks,
_____
John Moyer
Director, IT Operations
On May 29, 2013, at 8:36 AM, John Dennis wrote:
> On 05/29/2013 01:42 AM, John Moyer wrote:
nd to LDAP server failed: Local error
May 29 13:16:15 ip- named[9076]: loading configuration: failure
May 29 13:16:15 ip- named[9076]: exiting (due to fatal error)
Thanks,
_
John Moyer
Director, IT Operations
On May 29, 2013, at 4:11 AM, Petr Spa
2]: loading configuration: failure May 29
05:31:19 ip-10-1-3-5 named[5592]: exiting (due to fatal error)
Any help in a right direction or theory to a right direction would be much
appreciated!
Thanks,
_____
John Moyer
Director, IT Operations
ibcurl failed to execute the HTTP POST transaction.
Peer certificate cannot be authenticated with known CA certificates
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Thanks,
_____
John Moyer
Director
I get the following error:
Enter LDAP Password:
modifying entry "cn=cacert,cn=ipa,cn=etc,dc=digitalreasoning,dc=com"
ldap_modify: Object class violation (65)
additional info: attribute "cacert" not allowed
Anyone have any ideas?
Thanks,
____
Moyer
Director, IT Operations
Digital Reasoning Systems, Inc
On May 23, 2013, at 4:20 PM, Rob Crittenden wrote:
> John Moyer wrote:
>> Dmitri,
>>
>> Here are the corresponding answers, thanks for the quick response.
>>
>>
>> 1. ipa-client-3.0.0-26.el6_4.
T17:45:16Z ERROR Installation failed. Rolling back changes.
2013-05-23T17:45:16Z ERROR IPA client is not configured on this system.
Thanks,
_
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@digitalreasoning.
tials). However, I just
can't add anymore. Does anyone have any ideas? I tried removing the certs
and that made it so I can't start httpd (so I put the cert back).
http://freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
Thanks,
___
So I must have looked at the wrong server name, I just tried to add 4 more
servers and none of them worked. Anymore ideas? The target is specified by
the rule name test-group is the target.
Thanks,
_
John Moyer
On Apr 30, 2013, at 2
Ha! I tried .*build and build.* before contacting you guys, I didn't try
.*build.*
That worked, it automatically added the machine to the group!
Thanks! That will save me s much time!
Thanks,
_
John Moyer
On Apr 30, 201
Thanks,
_
John Moyer
On Apr 30, 2013, at 2:07 PM, JR Aquino wrote:
> On Apr 30, 2013, at 11:02 AM, John Moyer
> wrote:
>
>> It comes back with a ton of stuff the row you are probably interested in is
>> this one:
>>
>>
It comes back with a ton of stuff the row you are probably interested in is
this one:
enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com
Thanks,
_
John Moyer
On Apr 30, 2013, at 1:57 PM, JR Aquino wrote:
> On Apr 30, 2013,
,
_
John Moyer
On Apr 30, 2013, at 1:48 PM, JR Aquino wrote:
> On Apr 30, 2013, at 10:43 AM, John Moyer
> wrote:
>
>> One thing to add is that this build user only has the following access:
>>
>> Host Administrators
>>
there shouldn't be a permissions issue.
Thanks,
_
John Moyer
On Apr 30, 2013, at 1:21 PM, JR Aquino wrote:
>
> On Apr 30, 2013, at 9:30 AM, John Moyer
> mailto:john.mo...@digitalreasoning.com>>
> wrote:
>
> An
Yep, enrolledby is what I'm using, but I have been adding them manually since
it hasn't been working.
Thanks,
_
John Moyer
On Apr 30, 2013, at 1:21 PM, JR Aquino wrote:
>
> On Apr 30, 2013, at 9:30 AM, John Moyer
doesn't work. Do I need to specify more
than just build in the expression area?
Thanks,
_____
John Moyer
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Sorry that's all I have in my notes. I'm sure others will have ideas. Sorry
I couldn't be more help.
Thanks,
_____
John Moyer
On Mar 21, 2013, at 11:50 PM, Brian Cook wrote:
> Those packages are installed. The second part
echo "%admins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
Thanks,
_____
John Moyer
On Mar 21, 2013, at 11:27 PM, Brian Cook wrote:
> Running F18 and following the instructions here:
> http://jhrozek.fedorapeople.org/sssd/1.9.1/man
this group before giving up hope.
Thanks,
_
John Moyer
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
have yielded nothing).
Thanks,
_
John Moyer
Digital Reasoning Systems, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
fd7880"
< Accept-Ranges: bytes
< Content-Length: 1856
< Connection: close
< Content-Type: text/html; charset=UTF-8
Thanks,
_____
John Moyer
On Feb 19, 2013, at 6:35 AM, Jan-Frode Myklebust wrote:
>> ipa :
3-02-19T02:01:37Z DEBUG stdout=
2013-02-19T02:01:37Z DEBUG stderr=
Thanks,
_
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@digitalreasoning.com
Office: 703.678.2311
Mobile: 240.460.0023
Fax:703.678.2312
w
obtain CA certificate
Thanks,
_
John Moyer
On Feb 18, 2013, at 7:24 PM, Peter Brown wrote:
> Hi John,
>
> I ran into a similar issue with setting up a 2.2 client with a 3.1 server.
> It turned out to be that port 80 wasn't op
t is not configured on this system.
Thanks,
_____
John Moyer
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
58 matches
Mail list logo