Help ?
Best regards.
Bahan
On Tue, Oct 25, 2016 at 1:00 PM, bahan w <bahanw042...@gmail.com> wrote:
> Re.
>
> There is no time difference between client and server.
>
> I checked the httpd error log and saw no errors.
> Same with the dirsrv error logs.
>
> A
storage which is mentioned in the logs ?
Best regards.
Bahan
On Tue, Oct 25, 2016 at 12:18 PM, Martin Babinsky <mbabi...@redhat.com>
wrote:
> On 10/25/2016 10:27 AM, bahan w wrote:
>
>> Hello everyone !
>>
>> I have an ipa server and an ipa client both in 3.0.0
Hello everyone !
I have an ipa server and an ipa client both in 3.0.0-47.
In order to connect via SSH to the host of the ipa-client, I use root.
When I'm connected to the ipa-client via ssh being root, I do a kinit of a
user with a keytab :
###
kinit -kt /etc/security/keytabs/.headless.keytab
Hello !
I contact you because I have a problem with a filer mounted on a server on
which I installed freeipa client.
I'm using FreeIPA 3.0.0-47 for both client and servers.
The filer is mounted on /myfiler
I have a user defined in freeipa : User1
I have a group defined in freeipa : Group1
I
called selftests.container.instance.SystemC
ertsVerification running at startup FAILED!
###
But nothing else.
Best regards.
Bahan
On Wed, Sep 14, 2016 at 7:27 PM, bahan w <bahanw042...@gmail.com> wrote:
> I tried also the following commands :
> ###
> # ipa cert-show 1
> ipa:
: RUNNING
CA Service: RUNNING
###
I'm checking the /var/log/pki-ca logs to see if I find something.
Best regards.
Bahan
On Wed, Sep 14, 2016 at 7:02 PM, bahan w <bahanw042...@gmail.com> wrote:
> Sorry Martin,
>
> This is not the first time I forgot to add back freeipa users.
&g
mba...@redhat.com> wrote:
> did you restart IPA when you moved time? Is there are more detailed error
> description in output of getcert list?
>
> On 14.09.2016 18:45, bahan w wrote:
>
> I set the date-time when the certificates were valid :
> ###
> # date -s '2016-05-27 1
ABLE
Any idea ?
Best regards.
Bahan
On Wed, Sep 14, 2016 at 6:38 PM, bahan w <bahanw042...@gmail.com> wrote:
> Ok, I managed to restart the IPA service by adding this line in the file
> /etc/httpd/conf.d/nss.conf :
> ###
> NSSEnforceValidCerts off
> ###
>
> But w
###
Best regards.
Bahan
On Wed, Sep 14, 2016 at 6:14 PM, Martin Basti <mba...@redhat.com> wrote:
>
>
> On 14.09.2016 17:59, bahan w wrote:
>
> Hello !
>
> I send you this mail because I cannot restart my test IPA server.
>
> When I try to start it with service ipa
Hello !
I send you this mail because I cannot restart my test IPA server.
When I try to start it with service ipa start, I got the following error
message :
###
# service ipa start
Starting Directory Service
Starting dirsrv:
...[14/Sep/2016:17:57:23 +0200] - SSL alert:
Hello everyone.
Could you explain to me about this field Sent/Skipped please ?
I checked the doc and found this :
###
Sent/Skipped :
The number of changes that were sent from the supplier and the number
skipped in the replication update. The numbers are kept in suppliers’
memory only and are
Le 24 août 2016 18:42, "bahan w" <bahanw042...@gmail.com> a écrit :
> Hey guys.
>
> I rechecked and in fact I also have the same message on the multi master
> setup with one master unsynchronized :
> ###
> Master: :389 ldap://:389/
> Replic
Hey guys.
I performed it :
###
# /usr/bin/repl-monitor.pl -f /tmp/checkconf -s
Directory Server Replication Status (Version 1.1)
Time: Wed Aug 24 2016 18:16:50
Master: :389 ldap://:389/
Replica ID: 4
Replica Root: dc=
Max CSN: 57bdc89700030004 (08/24/2016 18:17:27 3 0)
Receiver: :389
Hello !
I am using IPA 3.0.0 on RedHat 6.6 servers.
I have two masters and this evening, I realized that one of them was
desynchronized, some users and groups were missing.
I was wondering if there was an ipa command to resynchronize replica which
are not sync with the other ?
Thank you in
Hello !
I'm using ipa 3.0.0.47.
I have an architecture where the IPA server is located on a secure zone,
not accessible from anyone.
The IPA server has 2 network interfaces :
- IP1
- IP2
In the secure zone, the IP1 network is used for the communication between
the servers.
The IP2 is used for
Hello everyone.
I'm using ipa 3.0.0-47 on a RHEL6.6 OS (multi-masters).
Today I tried to restart the IPA service with the commande
###
service ipa restart
###
And I got the following warning concerning the pkica service :
###
Since the file '/var/lib/pki-ca/conf/CS.cfg.bak.saved' exists, a
Hello !
I'm running ipa 3.0.0.47 and I have a question related to the password
stored in the ldap.
I was wondering if the users password were natively encrypted ?
if yes, do you know by which mechanism ?
Thank you in advance for your help.
BR.
Bahan
--
Manage your subscription for the
Hello !
I'm using freeipa 3.0.0-47.
I send you this mail concerning the automatic kinit at ssh login ? I wanted
to know if it was possible to deactivate it on a specific server ?
The reason is that I have some of my users who often use another ticket
that their own and this feature can be
Please ignore the character "-" in .
On Fri, May 13, 2016 at 4:09 PM, bahan w <bahanw042...@gmail.com> wrote:
> Hello !
>
> I performed recently an ipa user-add for a new user and when I check in
> the ldap, I can see two entries for it :
> - One in uid=,cn=users,c
Hello !
I performed recently an ipa user-add for a new user and when I check in the
ldap, I can see two entries for it :
- One in uid=,cn=users,cn=compat,dc=
- One in uid=,cn=users,cn=accounts,dc=
Is it normal ?
I know that my user is the one defined in the tree
cn=users,cn=accounts,dc=.
What
Hello everyone.
I send you this mail because I have sometimes a problem when using ipa
passwd to generate a One Time Password and then using kpasswd to set a
strong random password using a password policy.
When I perform the ipa passwd command and just after the kpasswd command, I
got an error
Hello !
I send you this mail for a question about the kerberos logs on the ipa
server.
On the server, there are two configuration files :
- kdc.conf : for the server
- krb5.conf : for the client
In both of these files, we can put a logging section.
In this section, there is 3 parameters :
-
Hello !
I recently installed a replica (master2) in addition of my master (master1)
with IPA 3.0.0-47 on RHEL6.6.
I don't know from when exactly, but the dirsrv (and the whole ipa service)
on master1 crashes regularly with the following logs.
###
[22/Jan/2016:15:38:20 +0100] -
l.log DEBUG log somewhere so
> that
> we can get the full context of the bug? You may also want to open a RHEL-6
> Bugzilla as FreeIPA 3.0.0 is no longer developed upstream, but only
> maintained
> in RHEL-6.x.
>
> Thanks,
> Martin
>
> On 01/20/2016 01:39 PM, bahan w wrote:
>
Ah sorry, for security reasons I didn't want to put the original name and I
made a mistake.
Here we are, for the confusing lines :
###
Assuming realm is the same as domain:
Generated basedn from realm: dc=
Discovery result: NO_ACCESS_TO_LDAP; server=None, domain=,
kdc=None, basedn=dc=
Validated
Hello !
I send you this mail because of the following topic.
I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous
access for security reasons.
But now, I have a problem when I try to enroll a new host.
Here is the command I try :
###
ipa-client-install --domain= --realm=
Hello !
I send you this mail because I have a question relative to the migration
from the IPA distribution to the separate components.
With FreeIPA, we are using only :
- MIT Kerberos
- DS389
- The PKI CA is installed but not used from our side
Is it possible to migrate to the following
com> wrote:
> On 01/13/2016 03:57 PM, bahan w wrote:
> > Re.
> >
> > Thanks both of you for your answers.
> >
> > Simo, MIT Kerberos and OpenLDAP can work on their own and provide the
> same
> > kind of service that we want from IPA, even if it is not embedde
016-01-13 at 14:54 +0100, bahan w wrote:
> > Hello !
> >
> > I send you this mail because I have a question relative to the migration
> > from the IPA distribution to the separate components.
> >
> > With FreeIPA, we are using only :
> > - MIT Kerberos
>
.
Bahan
On Wed, Jan 13, 2016 at 3:33 PM, Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On Wed, 13 Jan 2016, bahan w wrote:
>
>> Hello Simo !
>>
>> For the reason :
>> The production team wants to use only the two components openLDAP and MIT
>>
Hello !
I configured my IPA server 3.0.0.42 without SSL/TLS access to the LDAP and
I would like to enable this for the ldap.
Is there something specific to use with FreeIPA or may I follow the DS389
doc
version of IPA ?
Best regards.
Bahan
On Fri, Jan 8, 2016 at 2:37 PM, Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On Fri, 08 Jan 2016, bahan w wrote:
>
>> Hello Alexander.
>>
>> Thank you for your answer.
>>
> Please don't ask in private, use freeipa-
Re.
I installed the server like this :
###
ipa-server-install -r -n --hostname=
-p '' -a '' --no-ntp --no-ssh --no-sshd -U
###
And for the clients :
###
ipa-client-install --domain= --realm= --fixed-primary
--server= --principal=admin --password=''
--mkhomedir --hostname= --no-ntp --no-ssh
Hello !
I send you this mail, because I have a problem with a user who needs keytab
and password.
I already sent a mail some time ago, and the answer was to use the option
-P of the ipa-getkeytab command.
I'm still running IPA 3.0.0-42 with RHEL 6.6 for specific reasons and I
cannot move to
Hello !
I send you this mail because I am using this topology :
- FreeIPA 3.0.0-42
- RHEL6.6
- Two masters (replicated)
- n clients
My question is the following :
May I use for some clients sssd and for others the couple nscd/nslcd ? I
would like to perform tests to compare both and I wondering
Hello.
I have some questions related to this point :
1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an
ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd
embedded with ipa-client 4.x ?
2. The ipa-server 4.x can only be installed on RHEL7+,
Thanks.
And for the ipa-client package ? Is it installable on Redhat 6.6 ?
Or is it only installable on Redhat 7.x ?
Best regards.
Bahan
On Tue, Jan 5, 2016 at 3:31 PM, Lukas Slebodnik <lsleb...@redhat.com> wrote:
> On (05/01/16 15:11), bahan w wrote:
> >Hello.
> >
>
Hello !
I contact you because I have a question relative to high availbility with
FreeIPA and replications.
In the documentation, we can see information about what to do server side.
But I can't find any information about what to do client side.
Imagine one of the master server crash, how the
Hello !
I'm using IPA 3.0.0 and I have a problem with one of the user I created.
user3
I created this user with the command ipa user-add without specifying any
password.
Then I performed an ipa-getkeytab command with the -P option to have a
keytab and a password.
When I check the ldap server
Hello !
I contact you because I notice something strange with IPA environment.
I created a group :
ipa group-add g1 --desc=my first group
Then I created a user with the GID of g1
GID1=`ipa group-show g1 | awk '/GID/ {printf(%s,$2)}'`
ipa user-add --first=u1 --last=u1 --homedir=/home/u1
Hello !
I send you this mail because I have a noobish question about keytabs.
What is the difference between a service keytab and a headless keytab.
In which keytab do we use a service keytab ?
What is the definition of a service ? Is that a daemon running on a
specific host ?
When we perform a
Hello.
I send you this mail because I'm looking for a way to modify the logging
dir of the different components embedded with FreeIPA.
I already check here :
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/server-config.html
But I cannot see how to modify the logging dir of
Hello.
After an unsuccessfull installation of ipa-server, 3.0.0-42, I try to
uninstall it, but the uninstallation hangs at the following step :
###
ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and
configuration!
Are you sure you want to continue
Wow thank you Alexander for this information !
Best regards.
Gwenael Le Barzic
Le 11 août 2015 08:45, Alexander Bokovoy aboko...@redhat.com a écrit :
On Mon, 10 Aug 2015, bahan w wrote:
Hello.
I don't know if you receive my previous mail, but thank you for your
answer.
I have two
of these three servers is currently
used per server with this krb5.conf ? I need to check how I can
resynchronize the last server.
Best regards.
Bahan
On Fri, Aug 7, 2015 at 11:05 PM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Fri, 07 Aug 2015, bahan w wrote:
Hello !
We are using freeipa version 3
Hello !
I send you this mail because I have a problem linked with SSH and FreeIPA.
I have multiple servers :
- One with FreeIPA server 3.0.0-26
- The others with FreeIPA client 3.0.0-26
They are running on RHEL 6.4.
I configured a root user on each of them.
On one specific server, I created an
Hello everyone.
I modified the /etc/selinux/config file :
#
# This file controls the state of SELinux on the system.
# SELINUX=disabled
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings
May 29 2015 5:37 PM, bahan w bahanw042...@gmail.com
%22bahan%20w%22%20%3cbahanw042...@gmail.com%3E wrote:
Hello everyone.
I send you this mail because I have a problem with the installation of
FreeIPA Server 3.0 on a VM running on RHEL 6.4.
First, when I performed the yum install ipa
Hello everyone.
I send you this mail because I have a problem with the installation of
FreeIPA Server 3.0 on a VM running on RHEL 6.4.
First, when I performed the yum install ipa-server, I got an error but the
installation finished finally with a complete.
Here it is :
49 matches
Mail list logo