Re: [Freeipa-users] Can't make replica with CA due to LDAP 'replication manager' user not found error

On 05/04/2017 02:01 PM, Chris Dagdigian wrote: Florence Blanc-Renaud wrote: the issue looks similar to ticket 6766 [1] Flo. [1] https://pagure.io/freeipa/issue/6766 Thanks Flo, I agree that this looks like the issue I"m hitting in v4.4 much appreciated! I'm gonna be watching this

Re: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x

While I don't consider myself an expert, I should note that ipa-replica-prepare has not been deprecated. The proposed solution to follow https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrade-6-to-7.html is

Re: [Freeipa-users] Authenticating windows users

I changed the text emphasis so that this is more clear in the future, thanks for noticing. On 03/23/2017 07:52 PM, Jason B. Nance wrote: Thanks Jason, but those documents need AD as the primary authenticator. This is not the case for us. I think you need to read them a bit closer.

Re: [Freeipa-users] Manual Cleanup

Hello Ian, You could do: `ipa-replica-manage del freeipa-dal.bpt.rocks --force --cleanup` Then you may need to check again for the master with `ipa-replica-manage list`. If it's not there anymore, check whether some RUVs are still in place with `ipa-replica-manage list-ruv`. The last

Re: [Freeipa-users] ipa-replica-conncheck wants listener on port 7389

On 02/28/2017 09:59 AM, Tomas Krizek wrote: On 02/27/2017 11:24 PM, Ian Pilcher wrote: I'm part way through my CentOS 6 to 7 "upgrade". I've reached the point of trying to set up my new IPA server as a replica of a temporary VM. ipa-replica-conncheck is complaining, because nothing on the

Re: [Freeipa-users] New install, unsupported format?

On 02/27/2017 04:51 PM, Steve Huston wrote: On Mon, Feb 27, 2017 at 5:56 AM, Standa Laznicka <slazn...@redhat.com> wrote: Sorry for the hold up. Two questions - is this domain level 1 or 0 (you can run `ipa domainlevel-get` on the master if you don't know)? Did you have a client installed

Re: [Freeipa-users] New install, unsupported format?

On 02/24/2017 08:38 PM, Steve Huston wrote: So, I tried a different tack. Took my bare VM configured as an IPA client, did a 'yum install ipa-server' and edited the cainstance.py file to fix the IPv6 issue. Then, without adding the host to ipaservers in the webui, I simply tried to promote it:

Re: [Freeipa-users] New install, unsupported format?

Hello, I don't quite understand your situation - have the error happened during an addition of the host to the "ipaservers" group or during replica installation? Certutil is a wonderful piece of software that returns "(SEC_ERROR_LEGACY_DATABASE)" in about 90% of most common cases but I have

Re: [Freeipa-users] FreeIPA 4.3.1 ipa-replica-install wrong exit code?

On 02/23/2017 08:30 AM, Martin Basti wrote: On 23.02.2017 00:17, Diogenes S. Jesus wrote: We are ansible-playbooking FreeIPA and we don't want to care about if freeipa is installed, we just want to ignore errors if it already is - but for that the exit code is relevant. Either the return code

Re: [Freeipa-users] how to make email as mandatory field before user creation

On 01/03/2017 06:45 PM, Petr Vobornik wrote: On 01/02/2017 08:46 PM, nirajkumar.si...@accenture.com wrote: Hi Prtr, Can you please suggest how to do it with plugins and which plugin I need to use and how to integrate that plugin with freeipa. Thanks Niraj Disclaimer: the example below is

Re: [Freeipa-users] attempting to Import Local Accounts into FreeIPA Server on Fedora 25: ipa: ERROR: Could not get User login interactively

On 11/29/2016 09:35 PM, Robert Kudyba wrote: On Nov 29, 2016, at 11:37 AM, Rob Crittenden > wrote: Robert Kudyba wrote: I知 trying to use the script posted on

Re: [Freeipa-users] ipalib authentication

On 11/24/2016 04:27 PM, Adam Bishop wrote: I'm writing a bit of code using ipalib directly, I'm a little stuck on authentication though. It works fine if grab a Kerberos ticket with kinit then run the code interactively, but I'd like to run this as a daemon which makes maintaining a ticket

Re: [Freeipa-users] ipa automount bug?

Hello, I am no automount expert so I will leave answering those questions to those but see my comment inline. On 10/27/2016 06:16 AM, William Muriithi wrote: Evening, I am trying to import some autos map from a file to FreeIPA LDAP and have noticed two problems that can be considered a bug