On Monday, July 04, 2016 09:01:29 Petr Spacek wrote:
> On 2.7.2016 22:00, Joshua J. Kugler wrote:
> > Was just playing around with the ipa-backup scripts for a client. Ran ipa-
> > backup, and the backup was successfully placed in /var/lib/ipa/backup/ipa-
> > full-2016-07-02-1
known? Or should I open a bug?
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
--
Manage your subscription for the Freeipa-users mailing list:
Thanks. In a case of extreme PEBKAC, I had copied the example and failed to
update the DN. It works now.
j
On Monday, June 13, 2016 09:35:53 Martin Kosek wrote:
> On 06/10/2016 01:59 AM, Joshua J. Kugler wrote:
> > Howdy!
> >
> > We are trying to set up password sy
er's password is
still set to expired. This is CentOS 7 with the latest FreeIPA there.
What might I be missing?
Thanks!
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.e
for the pointers, and if there is documentation I missed, feel
free to point me in that direction.
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
--
Man
#x27;d prefer to
use the official API if I could. :)
Any assistance would be great!
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
--
Manage your subs
ed.org/cgit/freeipa.git/tree/API.txt so
I'm sure I could work up something with python and requests, but I'd prefer to
use the official API if I could. :)
Any assistance would be great!
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...
inux/7/html-single/Windows_Integration_Guide/index.html#password-sync
Rob -
Thank you! For some reason, I had seen that page, and scanned through it, but
missed that part.
Very grateful!
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@az
eptor can use that password to login and
change the expired password, still giving access.
Is there a way around this? Is there a password synchronization protocol that
can be used to link up systems that need to have common logins?
Thanks for any help you can offer!
j
--
Joshua J. Kugler -- Fa
te rack and replicate to them.
> What do you mean by "to contact for setup" ?
>
> Ludwig
>
> On 08/19/2014 03:12 AM, Joshua J. Kugler wrote:
> > So, we have a need for replication, but the existing push-only methodology
> > doesn't work for us. I suppose our prob
n we could have this:
- Master in DMZs
- Slaves in Internal network can contact Master in DMZ for replica setup and
updates
- Slaves in remote rack can contact Master in DMZ for replica setup and
updates
Any feedback is appreciated, especially if I'm missing something...obvious or
minor.
orking would be required for
that, no?
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
___
Freeipa-users mailin
0.10.0.50
50.0.10.10.in-addr.arpa domain name pointer ipan.lab.whamcloud.com.
[root@ipan ~]# host 10.10.0.4
4.0.10.10.in-addr.arpa domain name pointer ipa0.lab.whamcloud.com.
What config do I need to tweak on the new server to allow it to query the old
server?
Thanks!
j
--
Joshua J. Kugler
, LDAP newbie here).
Feel free to point me to docs on this subject. I do want to learn, just not
sure where to start.
Thank you (again!) for all your help!
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com -
On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote:
> [root@ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI-
> IPA/dse.ldif
> [root@ipa0 slapd-PKI-IPA]#
>
> So, it apparently is not in there at all. There are a couple dse.ldif
> backup configs in that dir, b
On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote:
> [root@ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI-
> IPA/dse.ldif
> [root@ipa0 slapd-PKI-IPA]#
>
> So, it apparently is not in there at all. There are a couple dse.ldif
> backup configs in that dir, b
ecur /etc/dirsrv/slapd-PKI-
IPA/dse.ldif
[root@ipa0 slapd-PKI-IPA]#
So, it apparently is not in there at all. There are a couple dse.ldif backup
configs in that dir, but nothing in them either.
In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see:
nsslapd-security: on
of course.
j
--
Joshu
On Friday, June 21, 2013 14:46:50 Rich Megginson wrote:
> On 06/21/2013 02:39 PM, Joshua J. Kugler wrote:
> > On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote:
> >> We'd need to see /var/log/ipareplica-install.log to see what the LDAP
> >> error is. If you loo
w replica.
No metion the new replica in the error logs. At least not that I can see.
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A2013-06-21T20:11:58Z D
ation via replication (you probably knew that). The Old
master is 2.0.0. The new slave is 3.1.5 (Fedora 18).
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B
On Friday, June 21, 2013 09:30:12 Rob Crittenden wrote:
> Joshua J. Kugler wrote:
> > So, ongoing saga of a FreeIPA 2.x system with an expired cert for the CA
> > server:
> >
> > ca-error: Server failed request, will retry: 907 (RPC failed at server.
> > ca
a
new 3.0 machine (via replication).
Any ideas how to get the CA cert renewed?
I know how to generate a CSR and a cert, but I'm not sure 1) how I would add
it into the cert DB, and 2) how I can add it without invalidating all my other
certs.
Any help would be fantastic!
j
--
On Wednesday, June 19, 2013 16:34:31 Joshua J. Kugler wrote:
> Check SSH connection to remote master
> Execute check on remote master
>
> Remote master check failed with following error message(s):
> bash: /usr/sbin/ipa-replica-conncheck: No such file or directory
>
> Co
ipped with --skip-conncheck
parameter.
HUH?
# ls -l /usr/sbin/ipa-replica-conncheck
-rwxr-xr-x 1 root root 17129 Jun 3 03:40 /usr/sbin/ipa-replica-conncheck
It can't find a file that ls can find? :) This is Fedora 18, and the IPA
packages therein. Any ideas?
j
--
Joshua J. Kugler -
rational.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
LDAP error: PROTOCOL_ERROR
unsupported extended operation
Sgh...I'm about to give up and just bring up a new system and tell
everyone their passwords got reset. :(
Ideas?
j
--
Jos
ched).
It can't create a cert for the replica, because the root CA cert is expired.
:)
Can someone point me to docs that outline the step for renewing the root CA
cert?
I would be most grateful.
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Web
specific IPA server?
> Please note that this procedure works only if your FreeIPA basic settings
> (like REALM) stays intact.
Nope, everything is staying the same.
> Any comments? Does this procedure make sense to you?
It does make sense. Thank you so much for walking me through this. I'
much, much, more complicated than that.
So far, I have the rough steps (see attached). But I don't know for sure if
that will work.
Any ideas or insights?
Thanks!
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber:
28 matches
Mail list logo