October 2018 - FreeIPA-users - Fedora Mailing-Lists

Session Recording - https://www.freeipa.org/page/Session_Recording

by Milos Cuculovic

Hi All, I would like to know if someone is working on the Session Recording implementation on FreeIPA? If so, what’s the status? https://www.freeipa.org/page/Session_Recording Thank you in advance. Milos Cuculovic

5 years, 1 month

2
2
0 / 0

using freeipa with an AWS elastic load balancer

by ridha.zorgui＠infor.com

I set up a FreeIPA master and replica behind an elastic load balancer in AWS cloud. FreeIPA Clients will be contacting the replica and the master sever through the load balancer so the dns name used when configurting the clients is the ELB CNAME. The problem is when retreiving ldap data and during the authentication, the SSL handshake fails as the certificate sent back from the master or replica has a hostname different than the one used in the sssd ( the ELB CNAME). so the connection is terminated. There is a workaround which is the use reqcert=allow but this bring a security issue with a MITM attack. another solution i found is the use SAN. I was able to add the ELB DNS as a SAN in freeipa servers certificate. i made sure it is there by downloading the certificate and checking that the elb san exist but when testing it the same problem remain. Please help.

5 years, 1 month

3
3
0 / 0

Freeipa The host 'ipa-eastus.xxxxx.com' does not exist to add a service to

by Melnychuk, Konstantin (KRLDS)

Hi everyone Can anybody help, me, please? Overview. My error message: The host 'ipa-eastus.xxxxx.com' does not exist to add a service to I have a task to install two Freeipa servers with replication, in Kubernetes and restore there some data from backup. So I did set up first Freeipa 4.3.3 server in Kubernetes with this official docker file https://github.com/freeipa/freeipa-container/blob/master/Dockerfile.fedor... . After that I uploaded backup into pod. I entered inside pod and restored my backup according to official manual with restore utility: ipa-restore --data /my_backup_folder First server works perfectly, I can access web UI, make ldap queries, manage users, groups, etc. Then I did set up another Freeipa in another region. I also installed it in Kubernetes with the same docker file as above. Finally I tried to install replica and got issue. My steps on second server: 1. Remove initial set up ipa-server-install -U --uninstall 2. Install ipa client: ipa-client-install --debug -U --domain xxxxx.com --realm XXXXXXX.COM --server first-ipa.xxxxxx.com -p admin -w <password> --hostname ipa-eastus.xxxxxx.com --request-cert --no-ntp After this step I can successfully run such command as ipa host-find, ipa service-find, etc. So IPA client works fine. 3. Install ipa replica: ipa-replica-install --debug -U -w <password> --hostname ipa-eastus.xxxxxxx.com During this step it verifies network connection between servers, network is fine, then it fetches some info from first server and in the middle of progress fails with ipa.ipalib.plugins.rpcclient.rpcclient: DEBUG Destroyed connection context.rpcclient_140224155653136 ipa : DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 1222, in __get_ds_keytab force_service_add=True) File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 1141, in install_service_keytab version=u'2.112' # All the way back to 3.0 servers File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 986, in forward return self._call_command(command, params) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 963, in _call_command return command(*params) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1115, in _call return self.__request(name, args) File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1109, in __request raise error_class(message=error['message']) NotFound: The host 'ipa-eastus.xxxxxxx.com' does not exist to add a service to. ipa : DEBUG [error] NotFound: The host 'ipa-eastus.xxxxxxx.com' does not exist to add a service to. [error] NotFound: The host 'ipa-eastus.xxxxxxx.com' does not exist to add a service to. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Can anyone help me with this? I am confused, because after step 2 - the host "ipa-eastus.xxxxxxx.com" is added to first server, I don't understand why it tells that host doesn't exist. All DNS names are configured properly. Many thanks --- Kos Kantar Disclaimer<http://www.kantar.com/disclaimer.html>

5 years, 1 month

2
1
0 / 0

Re: CA private key quick question

by Rob Crittenden

Andrey Bondarenko wrote: > Thank you, that's very helpful for me. So currently all FreeIPA nodes > are completely equal? Only if they all have a CA installed as well. rob > > On Fri, Oct 12, 2018 at 3:29 PM Rob Crittenden <rcritten(a)redhat.com > <mailto:rcritten@redhat.com>> wrote: > > Andrey Bondarenko via FreeIPA-users wrote: > > Hello, > > > > Do we have private key on all nodes of the FreeIPA cluster? I am > > confused with comment > > > > create_pkcs12 tells us whether we should create a PKCS#12 file > > of the CA or not. If we are running on a replica then we won't > > have the private key to make a PKCS#12 file so we don't need to > > do that step. > > > > in the certs.py. > > > > This is a legacy option from IPA 2.0. In that version there was a > file-based self-signed CA installation option (mostly for development). > This created a single CA on the initial master only. There was no way to > setup a clone of it, that is what the reference is. > > The option can probably be dropped altogether. > > rob > > > > -- > > > With best regards, Andrey Bondarenko mail:me@andreybondarenko.com > <mailto:mail%3Ame@andreybondarenko.com> https://andreybondarenko.com > <https://andreybondarenko.com/> skype:andrey.bondarenko phone, Telegram, > WhatsApp, etc:+420-773-591-443 > > > 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B > > > >

5 years, 1 month

1
0
0 / 0

CA private key quick question

by Andrey Bondarenko

Hello, Do we have private key on all nodes of the FreeIPA cluster? I am confused with comment create_pkcs12 tells us whether we should create a PKCS#12 file of the CA or not. If we are running on a replica then we won't have the private key to make a PKCS#12 file so we don't need to do that step. in the certs.py. -- With best regards, Andrey Bondarenkomail:me@andreybondarenko.comhttps://andreybondarenko.com skype:andrey.bondarenko phone, Telegram, WhatsApp, etc:+420-773-591-443 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B

5 years, 1 month

2
1
0 / 0

ipa command always takes 30 seconds

by Perry Smith

I've installed freeipa on Ubuntu 18.04. The Web UI as well as kinit and logging in via ssh work fine. There is no noticeable delays. But the "ipa" command from the command line always takes 30 or 60 seconds. For example: ipa user-find admin will take 30 seconds. Creating users (using "ipa") takes 30 seconds, etc. (This is after logging in via kinit.) I have not turned on debug yet but the log files are not helping so far. Any ideas or suggestions? I have tried with a DNS and without a DNS. With the DNS I've tried various forwarding options. Nothing I've tried has had a positive effect. Currently I have a DNS with a forwarder to the original DNS server. The Kerberos realm and DNS domain are more or less just made up -- if that matters. Thank you, Perry Smith

5 years, 1 month

3
6
0 / 0

conflicting hostname requirement from SAP

by Dan Haskell

Per the FreeIPA quickstart guide: The rule about /etc/hosts is that the fully-qualified name must come first. It should look like: 10.0.0.1 ipa.example.com ipa Our servers run SAP, which requires the reverse. An SAP server's canonical name must be its short name. :( Is there any way to get freeipa to work with short names? I know it says "must be fully qualified" several times in the docs... Suggestions? Workarounds? Kludges? Dan

5 years, 1 month

3
4
0 / 0

Unable to install freeipa-client on Ubuntu 16.04 LTS

by Milos Cuculovic

When trying to install freeipa-client on Ubuntu 16.04 LTS, the installation is not working. Command used: sudo apt install freeipa-client Final error: Errors were encountered while processing: freeipa-client E: Sub-process /usr/bin/dpkg returned an error code (1) The installation output is as follows sudo apt install freeipa-client Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: bind9utils certmonger cracklib-runtime freeipa-common ieee-data ldap-utils libbasicobjects0 libc-ares2 libcollection4 libcrack2 libcurl3-nss libdhash1 libini-config5 libldb1 libnss-sss libnss3-tools libopts25 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 libref-array1 libsmbclient libsss-idmap0 libsss-nss-idmap0 libsss-sudo libtalloc2 libtdb1 libtevent0 libwbclient0 libwebp5 libwebpmux1 libxmlrpc-core-c3 ntp oddjob oddjob-mkhomedir python-cffi python-dbus python-decorator python-dnspython python-gi python-gssapi python-imaging python-ipaclient python-ipalib python-jwcrypto python-ldap python-memcache python-netaddr python-nss python-pil python-ply python-pycparser python-qrcode python-sss python-talloc python-usb python-yubico samba-libs sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy Suggested packages: libpam-krb5 ntp-doc python-dbus-doc python-dbus-dbg python-gi-cairo python-ldap-doc memcached ipython python-netaddr-docs python-pil-doc python-pil-dbg python-ply-doc sssd-tools libsasl2-modules-ldap The following NEW packages will be installed: bind9utils certmonger cracklib-runtime freeipa-client freeipa-common ieee-data ldap-utils libbasicobjects0 libc-ares2 libcollection4 libcrack2 libcurl3-nss libdhash1 libini-config5 libldb1 libnss-sss libnss3-tools libopts25 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 libref-array1 libsmbclient libsss-idmap0 libsss-nss-idmap0 libsss-sudo libtalloc2 libtdb1 libtevent0 libwbclient0 libwebp5 libwebpmux1 libxmlrpc-core-c3 ntp oddjob oddjob-mkhomedir python-cffi python-dbus python-decorator python-dnspython python-gi python-gssapi python-imaging python-ipaclient python-ipalib python-jwcrypto python-ldap python-memcache python-netaddr python-nss python-pil python-ply python-pycparser python-qrcode python-sss python-talloc python-usb python-yubico samba-libs sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 0 upgraded, 70 newly installed, 0 to remove and 0 not upgraded. Need to get 363 kB/13.2 MB of archives. After this operation, 59.8 MB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://ch.archive.ubuntu.com/ubuntu xenial/universe amd64 freeipa-common all 4.3.1-0ubuntu1 [247 kB] Get:2 http://ch.archive.ubuntu.com/ubuntu xenial/universe amd64 freeipa-client amd64 4.3.1-0ubuntu1 [116 kB] Fetched 363 kB in 0s (6,096 kB/s) Extracting templates from packages: 100% Selecting previously unselected package libwbclient0:amd64. (Reading database ... 171682 files and directories currently installed.) Preparing to unpack .../libwbclient0_2%3a4.3.11+dfsg-0ubuntu0.16.04.16_amd64.deb ... Unpacking libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.16) ... Selecting previously unselected package libopts25:amd64. Preparing to unpack .../libopts25_1%3a5.18.7-3_amd64.deb ... Unpacking libopts25:amd64 (1:5.18.7-3) ... Selecting previously unselected package ntp. Preparing to unpack .../ntp_1%3a4.2.8p4+dfsg-3ubuntu5.9_amd64.deb ... Unpacking ntp (1:4.2.8p4+dfsg-3ubuntu5.9) ... Selecting previously unselected package libtalloc2:amd64. Preparing to unpack .../libtalloc2_2.1.5-2_amd64.deb ... Unpacking libtalloc2:amd64 (2.1.5-2) ... Selecting previously unselected package libtevent0:amd64. Preparing to unpack .../libtevent0_0.9.28-0ubuntu0.16.04.1_amd64.deb ... Unpacking libtevent0:amd64 (0.9.28-0ubuntu0.16.04.1) ... Selecting previously unselected package libtdb1:amd64. Preparing to unpack .../libtdb1_1.3.8-2_amd64.deb ... Unpacking libtdb1:amd64 (1.3.8-2) ... Selecting previously unselected package libldb1:amd64. Preparing to unpack .../libldb1_2%3a1.1.24-1ubuntu3_amd64.deb ... Unpacking libldb1:amd64 (2:1.1.24-1ubuntu3) ... Selecting previously unselected package python-talloc. Preparing to unpack .../python-talloc_2.1.5-2_amd64.deb ... Unpacking python-talloc (2.1.5-2) ... Selecting previously unselected package samba-libs:amd64. Preparing to unpack .../samba-libs_2%3a4.3.11+dfsg-0ubuntu0.16.04.16_amd64.deb ... Unpacking samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.16) ... Selecting previously unselected package libsmbclient:amd64. Preparing to unpack .../libsmbclient_2%3a4.3.11+dfsg-0ubuntu0.16.04.16_amd64.deb ... Unpacking libsmbclient:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.16) ... Selecting previously unselected package bind9utils. Preparing to unpack .../bind9utils_1%3a9.10.3.dfsg.P4-8ubuntu1.11_amd64.deb ... Unpacking bind9utils (1:9.10.3.dfsg.P4-8ubuntu1.11) ... Selecting previously unselected package libcrack2:amd64. Preparing to unpack .../libcrack2_2.9.2-1ubuntu1_amd64.deb ... Unpacking libcrack2:amd64 (2.9.2-1ubuntu1) ... Selecting previously unselected package cracklib-runtime. Preparing to unpack .../cracklib-runtime_2.9.2-1ubuntu1_amd64.deb ... Unpacking cracklib-runtime (2.9.2-1ubuntu1) ... Selecting previously unselected package ieee-data. Preparing to unpack .../ieee-data_20150531.1_all.deb ... Unpacking ieee-data (20150531.1) ... Selecting previously unselected package ldap-utils. Preparing to unpack .../ldap-utils_2.4.42+dfsg-2ubuntu3.3_amd64.deb ... Unpacking ldap-utils (2.4.42+dfsg-2ubuntu3.3) ... Selecting previously unselected package libcurl3-nss:amd64. Preparing to unpack .../libcurl3-nss_7.47.0-1ubuntu2.9_amd64.deb ... Unpacking libcurl3-nss:amd64 (7.47.0-1ubuntu2.9) ... Selecting previously unselected package libnss3-tools. Preparing to unpack .../libnss3-tools_2%3a3.28.4-0ubuntu0.16.04.3_amd64.deb ... Unpacking libnss3-tools (2:3.28.4-0ubuntu0.16.04.3) ... Selecting previously unselected package libpwquality-common. Preparing to unpack .../libpwquality-common_1.3.0-0ubuntu1_all.deb ... Unpacking libpwquality-common (1.3.0-0ubuntu1) ... Selecting previously unselected package libpwquality1:amd64. Preparing to unpack .../libpwquality1_1.3.0-0ubuntu1_amd64.deb ... Unpacking libpwquality1:amd64 (1.3.0-0ubuntu1) ... Selecting previously unselected package libpam-pwquality:amd64. Preparing to unpack .../libpam-pwquality_1.3.0-0ubuntu1_amd64.deb ... Unpacking libpam-pwquality:amd64 (1.3.0-0ubuntu1) ... Selecting previously unselected package libxmlrpc-core-c3. Preparing to unpack .../libxmlrpc-core-c3_1.33.14-1ubuntu1_amd64.deb ... Unpacking libxmlrpc-core-c3 (1.33.14-1ubuntu1) ... Selecting previously unselected package oddjob. Preparing to unpack .../oddjob_0.34.3-2_amd64.deb ... Unpacking oddjob (0.34.3-2) ... Selecting previously unselected package oddjob-mkhomedir. Preparing to unpack .../oddjob-mkhomedir_0.34.3-2_amd64.deb ... Unpacking oddjob-mkhomedir (0.34.3-2) ... Selecting previously unselected package python-ply. Preparing to unpack .../python-ply_3.7-1_all.deb ... Unpacking python-ply (3.7-1) ... Selecting previously unselected package python-pycparser. Preparing to unpack .../python-pycparser_2.14+dfsg-2build1_all.deb ... Unpacking python-pycparser (2.14+dfsg-2build1) ... Selecting previously unselected package python-cffi. Preparing to unpack .../python-cffi_1.5.2-1ubuntu1_all.deb ... Unpacking python-cffi (1.5.2-1ubuntu1) ... Selecting previously unselected package python-dbus. Preparing to unpack .../python-dbus_1.2.0-3_amd64.deb ... Unpacking python-dbus (1.2.0-3) ... Selecting previously unselected package python-decorator. Preparing to unpack .../python-decorator_4.0.6-1_all.deb ... Unpacking python-decorator (4.0.6-1) ... Selecting previously unselected package python-dnspython. Preparing to unpack .../python-dnspython_1.12.0-1_all.deb ... Unpacking python-dnspython (1.12.0-1) ... Selecting previously unselected package python-gi. Preparing to unpack .../python-gi_3.20.0-0ubuntu1_amd64.deb ... Unpacking python-gi (3.20.0-0ubuntu1) ... Selecting previously unselected package python-gssapi. Preparing to unpack .../python-gssapi_1.1.3-2ubuntu1_amd64.deb ... Unpacking python-gssapi (1.1.3-2ubuntu1) ... Selecting previously unselected package libwebp5:amd64. Preparing to unpack .../libwebp5_0.4.4-1_amd64.deb ... Unpacking libwebp5:amd64 (0.4.4-1) ... Selecting previously unselected package libwebpmux1:amd64. Preparing to unpack .../libwebpmux1_0.4.4-1_amd64.deb ... Unpacking libwebpmux1:amd64 (0.4.4-1) ... Selecting previously unselected package python-pil:amd64. Preparing to unpack .../python-pil_3.1.2-0ubuntu1.1_amd64.deb ... Unpacking python-pil:amd64 (3.1.2-0ubuntu1.1) ... Selecting previously unselected package python-imaging. Preparing to unpack .../python-imaging_3.1.2-0ubuntu1.1_all.deb ... Unpacking python-imaging (3.1.2-0ubuntu1.1) ... Selecting previously unselected package python-jwcrypto. Preparing to unpack .../python-jwcrypto_0.2.1-1_all.deb ... Unpacking python-jwcrypto (0.2.1-1) ... Selecting previously unselected package python-ldap. Preparing to unpack .../python-ldap_2.4.22-0.1_amd64.deb ... Unpacking python-ldap (2.4.22-0.1) ... Selecting previously unselected package python-memcache. Preparing to unpack .../python-memcache_1.57-1_all.deb ... Unpacking python-memcache (1.57-1) ... Selecting previously unselected package python-netaddr. Preparing to unpack .../python-netaddr_0.7.18-1_all.deb ... Unpacking python-netaddr (0.7.18-1) ... Selecting previously unselected package python-qrcode. Preparing to unpack .../python-qrcode_5.0.1-1_all.deb ... Unpacking python-qrcode (5.0.1-1) ... Selecting previously unselected package python-usb. Preparing to unpack .../python-usb_1.0.0~b2-2_all.deb ... Unpacking python-usb (1.0.0~b2-2) ... Selecting previously unselected package python-yubico. Preparing to unpack .../python-yubico_1.3.1-1_all.deb ... Unpacking python-yubico (1.3.1-1) ... Selecting previously unselected package certmonger. Preparing to unpack .../certmonger_0.78.6-3_amd64.deb ... Unpacking certmonger (0.78.6-3) ... Selecting previously unselected package freeipa-common. Preparing to unpack .../freeipa-common_4.3.1-0ubuntu1_all.deb ... Unpacking freeipa-common (4.3.1-0ubuntu1) ... Selecting previously unselected package python-nss. Preparing to unpack .../python-nss_0.16.0-1_amd64.deb ... Unpacking python-nss (0.16.0-1) ... Selecting previously unselected package python-ipalib. Preparing to unpack .../python-ipalib_4.3.1-0ubuntu1_amd64.deb ... Unpacking python-ipalib (4.3.1-0ubuntu1) ... Selecting previously unselected package python-ipaclient. Preparing to unpack .../python-ipaclient_4.3.1-0ubuntu1_all.deb ... Unpacking python-ipaclient (4.3.1-0ubuntu1) ... Selecting previously unselected package python-sss. Preparing to unpack .../python-sss_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking python-sss (1.13.4-1ubuntu1.11) ... Selecting previously unselected package libsss-idmap0. Preparing to unpack .../libsss-idmap0_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking libsss-idmap0 (1.13.4-1ubuntu1.11) ... Selecting previously unselected package libc-ares2:amd64. Preparing to unpack .../libc-ares2_1.10.0-3ubuntu0.2_amd64.deb ... Unpacking libc-ares2:amd64 (1.10.0-3ubuntu0.2) ... Selecting previously unselected package libdhash1:amd64. Preparing to unpack .../libdhash1_0.5.0-1_amd64.deb ... Unpacking libdhash1:amd64 (0.5.0-1) ... Selecting previously unselected package libbasicobjects0:amd64. Preparing to unpack .../libbasicobjects0_0.5.0-1_amd64.deb ... Unpacking libbasicobjects0:amd64 (0.5.0-1) ... Selecting previously unselected package libcollection4:amd64. Preparing to unpack .../libcollection4_0.5.0-1_amd64.deb ... Unpacking libcollection4:amd64 (0.5.0-1) ... Selecting previously unselected package libpath-utils1:amd64. Preparing to unpack .../libpath-utils1_0.5.0-1_amd64.deb ... Unpacking libpath-utils1:amd64 (0.5.0-1) ... Selecting previously unselected package libref-array1:amd64. Preparing to unpack .../libref-array1_0.5.0-1_amd64.deb ... Unpacking libref-array1:amd64 (0.5.0-1) ... Selecting previously unselected package libini-config5:amd64. Preparing to unpack .../libini-config5_0.5.0-1_amd64.deb ... Unpacking libini-config5:amd64 (0.5.0-1) ... Selecting previously unselected package libsss-nss-idmap0. Preparing to unpack .../libsss-nss-idmap0_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking libsss-nss-idmap0 (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd-common. Preparing to unpack .../sssd-common_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd-common (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd-ad-common. Preparing to unpack .../sssd-ad-common_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd-ad-common (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd-krb5-common. Preparing to unpack .../sssd-krb5-common_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd-krb5-common (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd-ad. Preparing to unpack .../sssd-ad_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd-ad (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd-ipa. Preparing to unpack .../sssd-ipa_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd-ipa (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd-krb5. Preparing to unpack .../sssd-krb5_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd-krb5 (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd-ldap. Preparing to unpack .../sssd-ldap_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd-ldap (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd-proxy. Preparing to unpack .../sssd-proxy_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd-proxy (1.13.4-1ubuntu1.11) ... Selecting previously unselected package sssd. Preparing to unpack .../sssd_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking sssd (1.13.4-1ubuntu1.11) ... Selecting previously unselected package freeipa-client. Preparing to unpack .../freeipa-client_4.3.1-0ubuntu1_amd64.deb ... Unpacking freeipa-client (4.3.1-0ubuntu1) ... Selecting previously unselected package libnss-sss:amd64. Preparing to unpack .../libnss-sss_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking libnss-sss:amd64 (1.13.4-1ubuntu1.11) ... Selecting previously unselected package libpam-sss:amd64. Preparing to unpack .../libpam-sss_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking libpam-sss:amd64 (1.13.4-1ubuntu1.11) ... Selecting previously unselected package libsss-sudo. Preparing to unpack .../libsss-sudo_1.13.4-1ubuntu1.11_amd64.deb ... Unpacking libsss-sudo (1.13.4-1ubuntu1.11) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for man-db (2.7.5-1) ... Processing triggers for systemd (229-4ubuntu21.4) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for dbus (1.10.6-1ubuntu3.3) ... Setting up libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.16) ... Setting up libopts25:amd64 (1:5.18.7-3) ... Setting up ntp (1:4.2.8p4+dfsg-3ubuntu5.9) ... Setting up libtalloc2:amd64 (2.1.5-2) ... Setting up libtevent0:amd64 (0.9.28-0ubuntu0.16.04.1) ... Setting up libtdb1:amd64 (1.3.8-2) ... Setting up libldb1:amd64 (2:1.1.24-1ubuntu3) ... Setting up python-talloc (2.1.5-2) ... Setting up samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.16) ... Setting up libsmbclient:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.16) ... Setting up bind9utils (1:9.10.3.dfsg.P4-8ubuntu1.11) ... Setting up libcrack2:amd64 (2.9.2-1ubuntu1) ... Setting up cracklib-runtime (2.9.2-1ubuntu1) ... Setting up ieee-data (20150531.1) ... Setting up ldap-utils (2.4.42+dfsg-2ubuntu3.3) ... Setting up libcurl3-nss:amd64 (7.47.0-1ubuntu2.9) ... Setting up libnss3-tools (2:3.28.4-0ubuntu0.16.04.3) ... Setting up libpwquality-common (1.3.0-0ubuntu1) ... Setting up libpwquality1:amd64 (1.3.0-0ubuntu1) ... Setting up libpam-pwquality:amd64 (1.3.0-0ubuntu1) ... Setting up libxmlrpc-core-c3 (1.33.14-1ubuntu1) ... Setting up oddjob (0.34.3-2) ... Setting up oddjob-mkhomedir (0.34.3-2) ... Setting up python-ply (3.7-1) ... Setting up python-pycparser (2.14+dfsg-2build1) ... Setting up python-cffi (1.5.2-1ubuntu1) ... Setting up python-dbus (1.2.0-3) ... Remove stale byte-compiled files... Setting up python-decorator (4.0.6-1) ... Setting up python-dnspython (1.12.0-1) ... Setting up python-gi (3.20.0-0ubuntu1) ... Setting up python-gssapi (1.1.3-2ubuntu1) ... Setting up libwebp5:amd64 (0.4.4-1) ... Setting up libwebpmux1:amd64 (0.4.4-1) ... Setting up python-pil:amd64 (3.1.2-0ubuntu1.1) ... Setting up python-imaging (3.1.2-0ubuntu1.1) ... Setting up python-jwcrypto (0.2.1-1) ... Setting up python-ldap (2.4.22-0.1) ... Setting up python-memcache (1.57-1) ... Setting up python-netaddr (0.7.18-1) ... Setting up python-qrcode (5.0.1-1) ... Setting up python-usb (1.0.0~b2-2) ... Setting up python-yubico (1.3.1-1) ... Setting up certmonger (0.78.6-3) ... insserv: warning: current start runlevel(s) (empty) of script `certmonger' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `certmonger' overrides LSB defaults (0 1 6). Setting up freeipa-common (4.3.1-0ubuntu1) ... Setting up python-nss (0.16.0-1) ... Setting up python-ipalib (4.3.1-0ubuntu1) ... Setting up python-ipaclient (4.3.1-0ubuntu1) ... Setting up python-sss (1.13.4-1ubuntu1.11) ... Setting up libsss-idmap0 (1.13.4-1ubuntu1.11) ... Setting up libc-ares2:amd64 (1.10.0-3ubuntu0.2) ... Setting up libdhash1:amd64 (0.5.0-1) ... Setting up libbasicobjects0:amd64 (0.5.0-1) ... Setting up libcollection4:amd64 (0.5.0-1) ... Setting up libpath-utils1:amd64 (0.5.0-1) ... Setting up libref-array1:amd64 (0.5.0-1) ... Setting up libini-config5:amd64 (0.5.0-1) ... Setting up libsss-nss-idmap0 (1.13.4-1ubuntu1.11) ... Setting up sssd-common (1.13.4-1ubuntu1.11) ... Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode Warning failed to create cache: usr.sbin.sssd sssd.service is a disabled or a static unit, not starting it. Setting up sssd-ad-common (1.13.4-1ubuntu1.11) ... Setting up sssd-krb5-common (1.13.4-1ubuntu1.11) ... Setting up sssd-ad (1.13.4-1ubuntu1.11) ... Setting up sssd-ipa (1.13.4-1ubuntu1.11) ... Setting up sssd-krb5 (1.13.4-1ubuntu1.11) ... Setting up sssd-ldap (1.13.4-1ubuntu1.11) ... Setting up sssd-proxy (1.13.4-1ubuntu1.11) ... Setting up sssd (1.13.4-1ubuntu1.11) ... Setting up freeipa-client (4.3.1-0ubuntu1) ... dpkg: error processing package freeipa-client (--configure): subprocess installed post-installation script returned error exit status 1 Setting up libnss-sss:amd64 (1.13.4-1ubuntu1.11) ... Setting up libpam-sss:amd64 (1.13.4-1ubuntu1.11) ... Setting up libsss-sudo (1.13.4-1ubuntu1.11) ... Checking NSS setup... Processing triggers for libc-bin (2.23-0ubuntu10) ... Errors were encountered while processing: freeipa-client E: Sub-process /usr/bin/dpkg returned an error code (1)

5 years, 1 month

1
0
0 / 0

Announcing freeIPA 4.7.1

by Rob Crittenden

The FreeIPA team would like to announce FreeIPA 4.7.1 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 29 and Fedora 28 will be available in the official [https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-7/ COPR repository]. == Highlights in 4.7.1 == * In Web UI now more pages can be in local languages, including a login page * Complete drop of support for domain level 0 (DL0) * FreeIPA is compatible with with Samba 4.9 * Support FIPS mode for trust to AD * Remove Python 2 support packages * Update licenses of 389-ds plugins to be in line with 389-ds * New advises to ease management of systems with Cockpit * Better test coverage for Web UI and certificate management === Enhancements === FreeIPA 4.7.1 provides an easy way to allow administrators to perform management operations on all enrolled machines by creating a set of SUDO and HBAC rules with a new FreeIPA advise available in ipa-advise tool. Support for Domain Level 0 is removed. If you need to upgrade to FreeIPA 4.7, please consider first to upgrade masters and replicas to FreeIPA 4.4-4.6, raise domain level to 1, and then upgrade to FreeIPA 4.7.1. Web UI localization was rewritten. Now Web UI allows to localize pre-login static pages and localization can be more flexible in the way how terms could be placed in non-English locales. Also Russian and Ukrainian translations are complete now. Support for Python 2 packages is removed from the provided RPM spec files. Next releases will only support Python 3. In FIPS mode under some conditions trust to Active Directory forest is failing. Now FreeIPA will exclude RC4 cipher from the list of supported ciphers when establishing trust under FIPS mode. As result, in FIPS mode FreeIPA 4.7.1 will not be able to interoperate with Windows Server 2003 versions. Samba 4.9 made implicit requirement to have BUILTIN\Guests group mapped to POSIX environment. FreeIPA 4.7.1 is mapping this mandatory SMB group to `nobody` group. === Known Issues === === Bug fixes === FreeIPA 4.7.1 is a stabilization release for the features delivered as a part of 4.7.0. There are more than 20 bug-fixes details of which can be seen in the list of resolved tickets below. == Upgrading == Upgrade instructions are available on [[Upgrade]] page. == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...) or #freeipa channel on Freenode. == Resolved tickets == * 7711 python 3 fallout in ipa-server-install * 7710 Update spec file to require sssd-ipa, not an sssd meta-package * 7680 Detect Python interpreter during configure * 7679 [WebUI] all validation items are rendered on each key typing at login form * 7678 [WebUI] JS error of 'reset' view * 7674 client install fails on Fedora 29 * 7662 SELinux is preventing /usr/sbin/httpd from write access on the directory /etc/httpd/alias/ * 7661 SELinux is preventing /usr/sbin/httpd from getattr access on the file /usr/lib/systemd/system/fedora-domainname.service * 7657 Leaving IPA domain fails: Failed to remove krb5/LDAP configuration: expected str, bytes or os.PathLike object, not NoneType * 7656 ipa-replica-install on DL0 doesn't completely honor --no-host-dns * 7650 client installer uses invalid format in chmod (0x...) * 7649 error shown when options are added to an existing sudo rule * 7641 [Translation] ipa/migration/{error,index,invalid}.html are not translated * 7640 [Translation] ipa/config/{unauthorized,ssbrowser}.html are not translated * 7628 ipa ca-show <ca> --certificate-out=/tmp/ca fails with python type error * 7625 ipa-client-install fails with ScriptError(rval=CLIENT_INSTALL_ERROR) * 7621 [Translation] sync otp page is not translated completely * 7619 [Translation] reset password page is not translated * 7608 FreeIPA 4.6.3 install fails when `/proc/sys/crypto` is absent * 7538 sudo rule for "admins" members should be created by default == Detailed changelog since 4.7.0 == === Armando Neto (3) === * Add test for client installation with empty keytab file * Fix certificate type error when exporting to file * Delete empty keytab during client installation === Alexander Bokovoy (8) === * Update list of contributors * Import updated translations from Zanata * Re-sort the translations before importing new ones from Zanata * When stripping PO files, sort the output * Support Samba 4.9 * ipasam: do not use RC4 in FIPS mode * Move fips_enabled to a common library to share across different plugins * ipa-extdom-extop: Update licenses to GPLv3 or later with exceptions === Alexander Scheel (2) === * Add missing docstrings to kernel_keyring.py * Add docstring to verify_kdc_cert_validity === Christian Heimes (21) === * Fix zonemgr encoding issue * Py3: Replace six.moves imports * Lint yaml and RPM spec * Py3: Replace six.bytes_type with bytes * Py3: Replace six.text_type with str * Py3: Replace six.integer_types with int * Py3: Replace six.string_types with str * Require sssd-ipa instead of sssd meta pkg * Py3: Remove subclassing from object * Sprinkle raw strings across the code base * Workaround for pyasn1 0.4 * Remove Python 2 support and packages * Don't check for systemd service * Refactor os-release and platform information * Generate scripts from templates * Rename Python scripts and add dynamic shebang * Detect and prefer platform Python * Disable DL0 specific tests * Rename pytest_plugins to ipatests.pytest_ipa * Add convenient template for temp commits * Fix topology configuration of nightly runs === Felipe Barreto (1) === * Making nigthly test definition editable by FreeIPA's contributors === Florence Blanc-Renaud (21) === * ipatests: remove TestReplicaManageDel (dl0) * ipatests: mark known failure for installation_TestInstallWithCA2 * ipa-server-upgrade: fix inconsistency in setup_lightweight_ca_key_retrieval * Tests: remove dl0 tests from nightly definition * ipatests: mark known failures as xfail * tests: add test for uninstall with incomplete sysrestore.state * authselect: harden uninstallation of ipa client * ipa-advise: configure pam_cert_auth=True for smart card on client * Test: scenario replica install/uninstall should restore ssl.conf * ipa-replica-install: properly use the file store * Tests: test successful PKINIT install on replica * ipa-replica-install: fix pkinit setup * tests: add test for server install with --no-dnssec-validation * ipa-server-install: do not perform forwarder validation with --no-dnssec-validation * DS replication settings: fix regression with <3.3 master * Test: test ipa-* commands when IPA is not configured * ipa commands: print 'IPA is not configured' when ipa is not setup * ipautil.run: add test for runas parameter * uninstall -v: remove Tracebacks * PRCI: extend timeouts for gating * Tests: add integration test for password changes by dir mgr === Fraser Tweedale (1) === * Fix writing certificate chain to file === Ganna Kaihorodova (1) === * Add check for occuring traceback during uninstallation ipa master === Michal Reznik (8) === * bump PRCI template version to 0.1.9 * add strip_cert_header() to tasks.py * tests: sssd_ssh fd leaks when user cert converted into SSH key * bump PRCI template version to 0.1.8 * Add "389-ds-base-legacy-tools" to requires. * test: client uninstall fails when installed using non-existing hostname * ipa_tests: test ssh keys login * prci_definitions: fix wrong indentation in the nightly yaml === Mohammad Rizwan Yusuf (2) === * Test if WSGI worker process count is set to 4 * Check if user permssions and umask 0022 is set when executing ipa-restore === Orion Poplawski (1) === * ipaclient-install: chmod needs octal permissions === Pavel Picka (3) === * PRCI failures fix * PR-CI extend timeouts * WebUI Tests stabilize === Petr Vobornik (3) === * webui: redable color of invalid fields on login-screen-like pages * webui: remove mixed indentation in App and LoginScreen * webui: change indentation of freeipa/_base/debug.js === Rob Crittenden (11) === * Add entry for Serhii to mailmap * Fix identifier typo in UI * Add uninstallation tests to night master and rawhide * Fix uninstallation test, use different method to stop dirsrv * Try to resolve the name passed into the password reader to a file * Advise plugin for enabling sudo for members of the admins group * Update required version of dogtag to detect when FIPS is available * Retrieve certificate subject base directly instead of ipa-join * Honor no-host-dns when creating client host in replica install * Convert members into types in sudorule-*-option * Set development version to 4.7.90 === Robbie Harwood (2) === * Add cmocka unit tests for ipa otpd queue code * Clear next field when returnining list elements in queue.c === Stanislav Levin (115) === * Add title to 'add' dialog for 'association_table' widget of Topology entity * Add title to 'add' dialog for 'association_table' widget of Vaults entity * Add title to 'add' dialog for 'association_table' widget of Certificates entity * Add title to 'add' dialog for 'association_table' widget of SELinux User Maps entity * Add title to 'add' dialog for 'association_table' widget of Sudo entity * Add title to 'add' dialog for 'association_table' widget of HBAC entity * Add title to 'add' dialog for 'association_table' widget of Groups entity * Add title to 'add' dialog for 'association_table' widget of Services entity * Add title to 'add' dialog for 'association_table' widget of Hosts entity * Drop concatenated title of add dialog for association_table widget * Add title to 'add' dialog for details of 'RBAC' entity * Add title to 'add' dialog for details of 'OTP Tokens' entity * Add title to 'add' dialog for details of 'Sudo' entity * Add title to 'add' dialog for details of 'HBAC' entity * Add title to 'add' dialog for details of 'ID Views' entity * Add title to 'add' dialog for details of 'Groups' entity * Add title to 'add' dialog for details of 'Services' entity * Add title to 'add' dialog for details of 'Hosts' entity * Add title to 'add' dialog for details of 'Users' entity * Add title to 'add' dialog for details of 'Certificate' entity * Drop concatenated title of 'Add' dialog for details of entity * Add title to 'add' dialog for 'Topology' entity * Add title to 'add' dialog for 'Trusts' entity * Add title to 'add' dialog for 'ID Ranges' entity * Add title to 'add' dialog for 'RBAC' entity * Add title to 'add' dialog for 'Vault' entity * Add title to 'add' dialog for 'DNS' entity * Add title to 'add' dialog for 'Automount' entity * Add title to 'add' dialog for 'Certificate Identity' entity * Add title to 'add' dialog for 'RADIUS' entity * Add title to 'add' dialog for 'Certificates' entity * Add title to 'add' dialog for 'Password Policies' entity * Add title to 'add' dialog for 'SELinux' entity * Add title to 'add' dialog for 'Sudo' entity * Add title to 'add' dialog for 'HBAC' entity * Add title to 'add' dialog for 'Automember' entity * Drop concatenated title of 'add' dialog for 'attribute_table' widget * Add title to 'add' dialog for 'ID Views' entity * Add title to 'add' dialog for 'Groups' entity * Add title to 'add' dialog for 'Service' entity * Add title to 'add' dialog for 'Host' entity * Add title to 'add' dialog for 'OTP' entity * Add title to 'add' dialog for 'Users' entity * Drop concatenated title of 'add' dialog * Add jslint check to PR CI tests * Fix javascript 'errors' found by jslint * Add title to remove dialog of 'DNS' entity * Add title to 'unprovision' dialog * Add title to 'Remove' dialog for 'association_table' widget of 'Vault' entity * Add title to 'Remove' dialog for 'association_table' widget of 'Topology' entity * Add title to 'Remove' dialog for 'association_table' widget of 'CA' entity * Add title to 'Remove' dialog for 'association_table' widget of 'SELinux' entity * Add title to 'Remove' dialog for 'association_table' widget of 'Sudo' entity * Add title to 'Remove' dialog for 'association_table' widget of 'HBAC' entity * Add title to 'Remove' dialog for 'association_table' widget of 'Automember' entity * Allow having a custom title of 'Remove' dialog for 'attribute_table' widget * Add title to 'remove' dialog for 'association_table' widget of 'Groups' entity * Add title to 'remove' dialog for 'association_table' widget of 'Services' entity * Add title to 'remove' dialog for 'association_table' widget of 'Hosts' entity * Drop concatenated title of remove dialog * Fix loading 'freeipa/text' at production mode * Add a title to 'remove' dialog for details of 'Trusts' entity * Add a title to 'remove' dialog for details of 'RBAC' entity * Add a title to 'remove' dialog for details of 'OTP Tokens' entity * Add a title to 'remove' dialog for details of 'Sudo' entity * Add a title to 'remove' dialog for details of 'HBAC' entity * Add a title to 'remove' dialog for details of 'Groups' entity * Add a title to 'remove' dialog for details of 'Services' entity * Add a title to 'remove' dialog for details of 'Hosts' entity * Add a title to 'remove' dialog for details of 'Users' entity * Drop concatenated title of remove dialog * Add title to remove dialog of 'Trusts' entity * Add title to remove dialog of 'Topology' entity * Add title to remove dialog of 'ID Ranges' entity * Add title to remove dialog of 'RBAC' entity * Add title to remove dialog of 'DNS' entity * Add title to remove dialog of 'Automount Locations' entity * Add title to remove dialog of 'Certificate Identity Mapping Rules' entity * Add title to remove dialog of 'RADIUS Servers' entity * Add title to remove dialog of 'OTP Tokens' entity * Add title to remove dialog of 'Certificates' entity * Add title to remove dialog of 'Password Policies' entity * Add title to remove dialog of 'SELinux User Maps' entity * Add title to remove dialog of 'Sudo' entity * Add title to remove dialog of 'HBAC' entity * Add title to remove dialog of 'Automember' entity * Add title to remove dialog of 'ID Views' entity * Add title to remove dialog of 'Groups' entity * Add title to remove dialog of 'Services' entity * Add title to remove dialog of 'Hosts' entity * Add title to remove dialog of 'Users' entity * Drop concatenated title of remove dialog * Add tests for LoginScreen widget * Add "bounce" logic from "reset_password.js" * Fix translations of messages in LoginScreen widget * Clean up reset_password.js file from project * Use "login" plugin instead of standalone JS file * Add "reset_and_login" view to LoginScreen widget * Replace the direct URL with config's one * Add basic tests to web pages which are located at /ipa/config/ * Fix translation of "ssbrowser.html" Web page * Fix translation of "unauthorized.html" Web page * Fix render validation items on keypress event at login form * Reindex 'key_indicies' after item delete * Fix "get_key_index" to fit caller's expectations * Add basic tests for "migration" end point * Clean up migration "error" and "invalid" pages from project * Provide translatable messages for MigrateScreen widget * Integrate "migration" page to IPA Web framework. * Return the result of "password migration" procedure * Add "migrate" Web UI plugin * Add MigrateScreen widget * Fix translation of "SyncOTPScreen" widget * Fix translation of "sync_otp" plugin * Replace the direct URL with config's one === Serhii Tsymbaliuk (1) === * Replace logo images with new one (version 4.7) === Serhii Tsymbaliuk (15) === * Change Web UI tests setup flow * Fix UI_driver.has_class exception. Handle situation when element has no class attribute * Increase some timeouts in Web UI tests * Remove unnecessary session clearing in some Web UI tests * Add cookies clearing for all Web UI tests * Generate CSR for test_host::test_certificates (Web UI test) * Add SAN extension for CSR generation in test_cert (Web UI tests) * Fix unpermitted user session in test_selfservice (Web UI test) * Fix test_user::test_login_without_username (Web UI test) * Use random realmdomains in test_webui/test_realmdomains.py * Fix test_realmdomains::test_add_single_labeled_domain (Web UI test) * Increase request timeout for WebUI tests * Use random IPs and domains in test_webui/test_host.py * Fix hardcoded CSR in test_webui/test_cert.py * Replace old login screen logo with new one === Thierry Bordaz (1) === * In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange === Tibor Dudlák (3) === * Do not set ca_host when --setup-ca is used * Add assert to check output of upgrade * Re-open the ldif file to prevent error message === Thomas Woerner (40) === * Remove DL0 specific code from ipatests/test_integration/test_caless.py * Remove DL0 specific code from ipatests/pytest_ipa/integration/tasks.py * Remove DL0 specific tests from ipatests/test_integration/test_replica_promotion.py * Remove replica_file knob from ipalib/install/service.py * Remove replica_file from ClientInstall class in ipaclient/install/client.py * Remove options.promote from install in ipaserver/install/server/install * Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER * Remove DL0 specific code from custodiainstance in ipaserver/install * Remove create_replica_config from installutils in ipaserver/install * Remove DL0 specific code from replicainstall in ipaserver/install/server * Remove DL0 specific code from __init__ in ipaserver/install/server * Remove DL0 specific code from ipa_replica_install in ipaserver/install * Remove unused promote arg in krbinstance.create_replica in ipaserver/install * Remove DL0 specific code from kra in ipaserver/install * Remove DL0 specific code from dsinstance ipaserver/install * Remove DL0 specific code from ipa_kra_install in ipaserver/install * Remove DL0 specific code from cainstance and ca in ipaserver/install * Remove DL0 specific code from ipa-ca-install * Remove ipa-replica-prepare script and man page * Adapt freeipa.spec.in for latest Fedora, fix python2 ipatests packaging bug * replicainstall: Make sure that domain fulfills minimal domain level requirement * ipatests/test_xmlrpc/tracker/server_plugin.py: Increase hard coded mindomainlevel * ipaserver/install/adtrust.py: Do not use DOMAIN_LEVEL_0 for minimum * ipatests/test_ipaserver/test_install/test_installer.py: Drop tempfile import * ipatests: Drop test_password_option_DL0 * Move DL0 raises outside if existing conditionals to calm down pylint * Remove "at DL1" from ipa-server-install man page * Remove "at DL1" from ipa-replica-manage man page * Remove DL0 specific sections from ipa-replica-install man page * Remove support for replica_file option from ipa-kra-install * Remove support for replica_file option from ipa-ca-install * Raise error if DL is set to 0 or DL0 options are used * Mark replica_file option as deprecated * Increase MIN_DOMAIN_LEVEL to DOMAIN_LEVEL_1 * Do not install ipa-replica-prepare * ipaclient: Remove --no-sssd and --no-ac options * ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X * httpinstance: Restore SELinux context of session_dir /etc/httpd/alias * ipaserver/plugins/cert.py: Added reason to raise of errors.NotFound * Fix $-style format string in ipa_ldap_init (util/ipa_ldap.c)

5 years, 1 month

4
9
0 / 0

Can't delete DNS entry

by Bret Wortman

I've got a DNS entry that really isn't there. # nslookup sys001 ;; connection timed out; no servers could be reached # ipa dnsrecord-find my.net sys001 --all --raw dn: idnsname=sys001+nsuniqueid=7523898c-b29311e8-85ddf5f7-bbec4d04,idnsname=my.net.,cn=dns,dc=my,dc=net idnsname: sys001 arecord: 192.168.75.50 objectClass: top objectClass: idnsrecord # ldapdelete -D "cn=DirectoryManager" -W -p 389 -h ipa.my.net -x uid=nsuniqueid=7523898c-b29311e8-85ddf5f7-bbec4d04,cn=dns,dc=my,dc=net That last command just goes off into the weeds and never returns. I picked it up from this article: https://access.redhat.com/documentation/en-us/red_hat_directory_server/10... but the format seems a bit different so I'm concerned that I'm not getting the delete command right. How can I get rid of this entry-that's-not-an-entry? We'd like to reuse this IP but can't. -- photo *Bret Wortman* Founder, Damascus Products, LLC 855-644-2783 <tel:855-644-2783> | bret(a)wrapbuddies.co <mailto:bret@wrapbuddies.co> http://wrapbuddies.co/ 10332 Main St Suite 319 Fairfax, VA 22030 <http://facebook.com/wrapbuddiesco> <http://www.linkedin.com/in/bretwortman> <http://twitter.com/wrapbuddiesco> <http://instagram.com/wrapbuddies>

5 years, 1 month

2
3
0 / 0

2023

2022

2021

2020

2019

2018

2017

FreeIPA-users October 2018