On 08/07/16 16:49, Roderick Johnstone wrote:
On 07/07/16 18:06, Roderick Johnstone wrote:
On 07/07/16 16:30, Petr Vobornik wrote:
On 07/07/2016 05:09 PM, Roderick Johnstone wrote:
On 07/07/16 15:02, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 05/07/16 11:52, Roderick Johnstone wrote
On 07/07/16 18:06, Roderick Johnstone wrote:
On 07/07/16 16:30, Petr Vobornik wrote:
On 07/07/2016 05:09 PM, Roderick Johnstone wrote:
On 07/07/16 15:02, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 05/07/16 11:52, Roderick Johnstone wrote:
On 04/07/2016 15:12, Martin Babinsky wrote
On 07/07/16 16:30, Petr Vobornik wrote:
On 07/07/2016 05:09 PM, Roderick Johnstone wrote:
On 07/07/16 15:02, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 05/07/16 11:52, Roderick Johnstone wrote:
On 04/07/2016 15:12, Martin Babinsky wrote:
On 07/04/2016 10:23 AM, Roderick Johnstone
On 07/07/16 15:02, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 05/07/16 11:52, Roderick Johnstone wrote:
On 04/07/2016 15:12, Martin Babinsky wrote:
On 07/04/2016 10:23 AM, Roderick Johnstone wrote:
Hi
I installed my first master ipa server (server1) many months ago
(Redhat
7.1 IIRC
On 05/07/16 11:52, Roderick Johnstone wrote:
On 04/07/2016 15:12, Martin Babinsky wrote:
On 07/04/2016 10:23 AM, Roderick Johnstone wrote:
Hi
I installed my first master ipa server (server1) many months ago (Redhat
7.1 IIRC) and made a replica server2 without problems.
Now I'd like to
On 04/07/2016 15:12, Martin Babinsky wrote:
On 07/04/2016 10:23 AM, Roderick Johnstone wrote:
Hi
I installed my first master ipa server (server1) many months ago (Redhat
7.1 IIRC) and made a replica server2 without problems.
Now I'd like to bring online another replica (server3).
All se
plica_prepare.ReplicaPrepare: DEBUG: The
ipa-replica-prepare command failed, exception: RuntimeError: Certificate
issuance failed
ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR:
Certificate issuance failed
If its of relevance I did change the directory manager password on b
On 30/06/16 14:14, Rob Crittenden wrote:
David Kupka wrote:
On 29/06/16 19:05, Roderick Johnstone wrote:
Hi
If I set a kerberos principal for a user to expire on a given date
using:
ipa user-mod --principal-expiration=DATE
is it possible to later remove this expiration date rather than just
Hi
If I set a kerberos principal for a user to expire on a given date using:
ipa user-mod --principal-expiration=DATE
is it possible to later remove this expiration date rather than just set
it to a time far in the future?
Thanks
Roderick Johnstone
--
Manage your subscription for the
us outputs from ipa commands. However, the ipa man page suggests
the ipa command will go for either the server explicitly set in
/etc/ipa/default.conf or if unavailable use those set in the DNS _SRV_
records.
Maybe there is a better way to do this that I missed altogether?
Roderick Johnstone
Hi again
After further testing, it seems like my problems were caused by the use
of the -F option on the kinit line.
Roderick
On 05/05/2016 22:31, Roderick Johnstone wrote:
Hi Mike
Thanks for sharing your setup. It looks pretty much like mine.
I just tried your kinit command syntax and
x27;ipa', localedir=None): https://ipa1.example.com/ipa/xml,
https://ipa2.example.com/ipa/xml
Can someone advise what I'm doing wrong in this procedure please (some
strings were changed to anonymize the setting)?
For completeness of information, the ipa servers are RHEL 7.2,
ipa-server-
doing wrong in this procedure please (some
strings were changed to anonymize the setting)?
For completeness of information, the ipa servers are RHEL 7.2,
ipa-server-4.2.0-15.el7_2.6.1.x86_64.
Thanks
Roderick Johnstone
--
Manage your subscription for the Freeipa-users mailing list:
https://w
On 29/04/2016 10:27, Martin Basti wrote:
On 29.04.2016 11:02, Martin Basti wrote:
On 28.04.2016 19:16, Roderick Johnstone wrote:
Hi
RHEL7 running ipa-server-4.2.0-15.el7_2.6.1.x86_64
A couple of months ago I updated
/etc/dirsrv/slapd-XXX.XXX.XXX/dse.ldif to customise the cipher suite
in
by a scriplet) since at least one of my
changes was preserved.
Also, if I need to maintain a customised cipher suite for ipa, am I
required to only do yum updates of the ipa-server package by hand and
manually merge back in my changes, or is there a better way?
Thanks
Roderick Johnstone
--
M
On 20/04/16 14:03, Rob Crittenden wrote:
Roderick Johnstone wrote:
Hi
I'm getting the following warning on RHEL7 ipa servers
(ipa-server-4.2.0-15.el7_2.6.1.x86_64).
$ ipa-replica-manage list
ipa: WARNING: session memcached servers not running
aaa.xxx.yyy: master
bbb.xxx.yyy: master
and how to get them running, assuming they are worth having.
Thanks.
Roderick Johnstone
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 29/01/16 12:27, Christian Heimes wrote:
On 2016-01-29 13:03, Roderick Johnstone wrote:
On 29/01/16 10:31, Christian Heimes wrote:
On 2016-01-28 19:56, Roderick Johnstone wrote:
On 28/01/16 13:39, Christian Heimes wrote:
On 2016-01-28 13:51, Roderick Johnstone wrote:
Hi
My netapp filer
On 29/01/16 12:27, Christian Heimes wrote:
On 2016-01-29 13:03, Roderick Johnstone wrote:
On 29/01/16 10:31, Christian Heimes wrote:
On 2016-01-28 19:56, Roderick Johnstone wrote:
On 28/01/16 13:39, Christian Heimes wrote:
On 2016-01-28 13:51, Roderick Johnstone wrote:
Hi
My netapp filer
On 29/01/16 10:31, Christian Heimes wrote:
On 2016-01-28 19:56, Roderick Johnstone wrote:
On 28/01/16 13:39, Christian Heimes wrote:
On 2016-01-28 13:51, Roderick Johnstone wrote:
Hi
My netapp filer is happily doing ldap over ssl lookups for account
information to my RHEL 6.7 testing ipa
On 28/01/16 13:39, Christian Heimes wrote:
On 2016-01-28 13:51, Roderick Johnstone wrote:
Hi
My netapp filer is happily doing ldap over ssl lookups for account
information to my RHEL 6.7 testing ipa server
(ipa-server-3.0.0-47.el6_7.1.x86_64).
However, when I switch the filer to use my RHEL
tell me what ciphers its being requested to use by
the filer?
Thanks
Roderick Johnstone
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
any ideas on how to speed up the nfs
v4 mount on Redhat 7 when the ipa server is running?
Thanks
Roderick Johnstone
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 05/01/2016 17:17, Rob Crittenden wrote:
Martin Kosek wrote:
On 01/05/2016 04:24 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 01/04/2016 10:41 PM, Rob Crittenden wrote:
Martin Kosek wrote:
...
I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM
and it worke
arter for me. Did I understand that correctly?
Thanks
Roderick Johnstone
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 12/11/15 13:01, Mateusz Małek wrote:
Hi,
W dniu 12.11.2015 o 13:35, Roderick Johnstone pisze:
I'd like to find a way to disable an account on a date that we can set
in the account information. ie like the Account Availability option in
Solaris Management Console or the /etc/shadow &qu
s or on the list how to do this in
freeipa.
Does anyone have any suggestions?
Thanks
Roderick Johnstone
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
for auto.master only. The example
dua profile above have this mapping. You may see here for a further
explanation:
https://www.redhat.com/archives/freeipa-users/2015-March/msg00317.html
Regards,
Siggi
On 23 Apr 2015, at 12:59, Roderick Johnstone mailto:r...@ast.cam.ac.uk>> wrot
On 28/04/2015 19:23, Dmitri Pal wrote:
On 04/28/2015 02:12 PM, Roderick Johnstone wrote:
On 23/04/15 14:14, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 23/04/15 04:25, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 22/04/15 14:30, Dmitri Pal wrote:
On 04/21/2015 01:13 PM
On 23/04/15 14:14, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 23/04/15 04:25, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 22/04/15 14:30, Dmitri Pal wrote:
On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
Hi
I also need to integrate Solaris 10 clients with freeipa servers
On 23/04/15 04:25, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 22/04/15 14:30, Dmitri Pal wrote:
On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
Hi
I also need to integrate Solaris 10 clients with freeipa servers.
I've been round many resources, eg freeipa wiki, Fedora and Re
On 22/04/15 14:30, Dmitri Pal wrote:
On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
Hi
I also need to integrate Solaris 10 clients with freeipa servers.
I've been round many resources, eg freeipa wiki, Fedora and Red Hat
manuals, various bug trackers and the freeipa-users mailing list
aybe I am
mistaken.
Am I on the right track? Is anyone familiar with that fix.
Thanks
Roderick Johnstone
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
4) I'm not sure about this one. Things seem to work at the moment. Is
this again about managing the records more easily when we bring on line
replica servers?
It is only about ease of use indeed, if you manage your servers
manually, and keep them properly up to date, all should be fine.
Simo
On 27/02/15 20:04, Simo Sorce wrote:
On Fri, 2015-02-27 at 18:59 +, Roderick Johnstone wrote:
On 27/02/15 18:33, Simo Sorce wrote:
On Fri, 2015-02-27 at 18:19 +, Roderick Johnstone wrote:
Hi
I'm trying to migrate of my NIS databases to freeipa and have got to the
hosts database
On 02/03/15 07:41, Petr Spacek wrote:
On 27.2.2015 21:04, Simo Sorce wrote:
On Fri, 2015-02-27 at 18:59 +, Roderick Johnstone wrote:
On 27/02/15 18:33, Simo Sorce wrote:
On Fri, 2015-02-27 at 18:19 +, Roderick Johnstone wrote:
Hi
I'm trying to migrate of my NIS databases to fr
On 27/02/15 18:33, Simo Sorce wrote:
On Fri, 2015-02-27 at 18:19 +, Roderick Johnstone wrote:
Hi
I'm trying to migrate of my NIS databases to freeipa and have got to the
hosts database.
In NIS a typical entry is:
ipaddress canonical_name [aliases...]
but I don't see how to
osed to be done with the ipa dns commands, but I don't
want freeipa to control the dns as we have an existing external dns
infrastructure to fit into.
How should I configure freeipa to do host lookups for aliases like NIS does?
Thanks
Roderick Johnstone
--
Manage your subscription
On 10/02/2015 14:36, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 10/02/15 07:44, Dmitri Pal wrote:
On 02/09/2015 05:35 PM, Roderick Johnstone wrote:
Hi
I seem to have locked myself out of my ipa admin account (on RHEL
6.6). This is an evaluation instance so not too big a deal, but a
On 10/02/15 07:44, Dmitri Pal wrote:
On 02/09/2015 05:35 PM, Roderick Johnstone wrote:
Hi
I seem to have locked myself out of my ipa admin account (on RHEL
6.6). This is an evaluation instance so not too big a deal, but a good
learning experience. I suspect its some changes that I made to the
er of keys: 4
Key: vno 16, aes256-cts-hmac-sha1-96, Version 5
Key: vno 16, aes128-cts-hmac-sha1-96, Version 5
Key: vno 16, des3-cbc-sha1, Version 5
Key: vno 16, arcfour-hmac, Version 5
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
Thanks for any help in diagnosing this issue or fixing it.
On 29/01/15 21:43, Roderick Johnstone wrote:
On 29/01/2015 17:32, Jakub Hrozek wrote:
On Wed, Jan 28, 2015 at 01:57:28PM +, Roderick Johnstone wrote:
On 28/01/15 10:57, Jakub Hrozek wrote:
On Tue, Jan 27, 2015 at 10:03:37PM +, Roderick Johnstone wrote:
Hi
I'm migrating from a l
On 29/01/2015 17:32, Jakub Hrozek wrote:
On Wed, Jan 28, 2015 at 01:57:28PM +, Roderick Johnstone wrote:
On 28/01/15 10:57, Jakub Hrozek wrote:
On Tue, Jan 27, 2015 at 10:03:37PM +, Roderick Johnstone wrote:
Hi
I'm migrating from a legacy NIS setup to ipa. I have a number o
On 28/01/15 10:57, Jakub Hrozek wrote:
On Tue, Jan 27, 2015 at 10:03:37PM +, Roderick Johnstone wrote:
Hi
I'm migrating from a legacy NIS setup to ipa. I have a number of NIS
netgroups (of hosts) that are being used to export (non-kerberos) nfs shares
to which I would like to migra
s also has information on running the NIS
listener plugin so I'm wondering if perhaps this only works when running
the nis listener. I'm trying to avoid that.
I'd welcome any clarification on how to do non-kerberised nfs exports to
groups of hosts.
Thanks.
Roderick Johnsto
On 19/11/14 15:00, Rob Crittenden wrote:
Rob Crittenden wrote:
Roderick Johnstone wrote:
On 19/11/2014 08:33, Roderick Johnstone wrote:
On 18/11/2014 22:58, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone
On 19/11/2014 08:33, Roderick Johnstone wrote:
On 18/11/2014 22:58, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
Hi
I'm trying to migrate some nis accounts to RHEL 6 IdM while still
keepin
On 18/11/2014 22:58, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
Hi
I'm trying to migrate some nis accounts to RHEL 6 IdM while still
keeping the original passwords.
I followed the instructio
On 18/11/2014 22:56, Jakub Hrozek wrote:
On 18 Nov 2014, at 23:23, Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
Hi
I'm trying to migrate some nis accounts to RHEL 6 IdM while still
keeping the original password
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone wrote:
Hi
I'm trying to migrate some nis accounts to RHEL 6 IdM while still
keeping the original passwords.
I followed the instructions at:
http://www.freeipa.org/page/NIS_accounts_migration_preserving_Pass
like its trying to migrate the
password but failing with an LDAP authentication failure.
I'd appreciate any pointers to how to find out whats going wrong here.
Accounts which I created manually in the web gui are working ok.
Thanks
Roderick Johnstone
Part of sssd log file
===
51 matches
Mail list logo
