PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB`  i>Kw>*>>?\#?H?k? 5ABAgA?B 5CBCC DxD2ENEt-FCFFGGHRH#RIvIIIIIIJ-JHJcJ}J!J JJJK0KNKfKK%KK!KpLsL,:M2gM*M:MHN8INJN>N4 O<AO>~O:O8OL1PF~PJP>Q8OQFQ@QJR@[R<R:R0S.ES8tS6S:S0T8PT4T0T.T/U4NU<UTUXV4nVEV0V.WIW0]W<WAW X*X:XUXE^X^X8Y!Ǘ* 5DZ o |,[͘#)MV eVrə5Й*D1_v+֚,@(ȝ&&?!ž)  &C[qΟ .(@#i#4&  #ID( ǡԡ 0Q c&m2Ǣ89UZO`2ã1@(i x %"դHGAKJեL KmML%T&z()ʧ'()E)o')*&'=,e'&'& )0&Z().Ԫ'&+)R'|''̫)&(E(n'&$ )A J"V$y }/?o  ͮ#ڮ 0&9H`I$C*nv' հ  (Ie"y%'±,<!Y{ɲ)ز1'BijԳ 6 C P ^i y )<43,`#w  ʵܵ;1E Ze u 7 ޶%-ȷ-4$AY-ɸݸR  ^~i!q Vĺ& B L3Z}  # 2 =9G\޼'?<-|+ֽ  ((%Qw2ƾ$پ  '(P+e.!1BV '2 BNU r~ #>Se v#2FYn! 9L[u )=Ul  ) 7 E!Qs$%9_ }& ?^'|$ &$/#T!x&!5Sp9&U-|# :CRfU@S! $0$Ud\A! ; \}   +@X!n:E +79qz%%7Oi!!;=MDPOR3'6U&o,-20B"s+.$''>!f&(:<%P'v&"!4 '?"g!,"/0,*]%)*)'-.U-*C !W.+"#02J'}22&"FI.+P)< ft@  E O c n< "++Wo   1 BOcz # $1Vs$  $@\ ep!!WVM,#PV*t)-I1f{  " 6@ P [&f ;4 1:?6z  !1S ky   T!%vR8 ?C31 ?V t#)M$m<0,Iv0F%G m xI%&"(I&r)"%$ "1T!q);  3!8 Zfy&   ;(1$Z% $F=(Jf &5.03_ X,(U hs  ( 8 D1d !sT{0@R es   ";B!b 7    ) 3=.Z   9G\ t %/ " '=4 rA )4 H$T&y   O !7Yi*z$ 3 T"g DM]u{ ;>'6^x,  <Zy AP 6;A+} .>N^ t~  lu?  UU g |     * # # : N )c . / -   7  A O _ h @z @ 0 - B Y 3s      3&Jq"/.(>1g  *"#F]y6Ng#" #(L.[,QP ZJx#M/V$3+,Xk{2      /4: oy       D  P]&v)I'H4p#LA%_0 % X+  +@V_ v$ + (%2'X"-:2PX/A ,N {    }~     & 0  @ )a &    = '!/!8!=> 3>=>L[>> > >>>>?C ?d?5??????@85@*n@@-@+@A&A@AWApAAAAAuA'qBBB BB BBB B C3C2BC4uC3CCCD,DFDaDsDDD+DiD8[EEEE E EJE1F49F2nF>F;FGG=dGG=G G GGH #H0HCH`HpHHHHHHH`HFIII JJ"J +J8J GJSJ rJJ J JJ J J J=J K&K'/KWKiK(yKKKK&K L"%L!HL jLLLLMMwuNuN8cO.O OOOP#P3PGPWP>hP P5P3PQ%8Q^QtQ7}QQ!QQQQR.'RVR5jR RCRRPSSSbSrSwS8SS S<SuTETT;T8!UZUiUUBU+UVV:*V$eV VVVVV V VGV(>WgW#xWW/WWWW X+X 4X ?X#JXRnXXXdX KY&WY~Y YYYYYZZ+Z FZ7gZ Z>ZZ Z [[&[6[Q[k[[ [[[ [ [ [[ [[ \\.\>\O\a\s\\\\\\\\\ ]],];]L]^]n]}]]]]]]]]^^#^>5^*t^@^ ^0^ _ -_8_N_U_*k_`__ `` 3` ?`K` ]`i`q` ```5```a%a3a($bMbab|bb4b8b4cGCc:ccc4c9-d gdsdd:d1d(e"1e;Te3e#e e" f#,f>Pf*f:ff g g2)g'\g*g>g3g5"h.Xh'hh hh! i/iOiki*i;i1i%!jGj$cj(j%j*jk!k4@kuk5k3k1k50lAfl.l&l*l6)m(`m%m%m4m* n45n7jn*n%n;n8/o5ho%o>opp!p#0p%Tp#zppp%p"pq=qUqrqqqqq,q !r~-rrr6r<s8XsQs1s t tx8y>Py;y9y:z?@z;z=zGzCB{{{!{J{+|E|%e|#|*|||1}/2}Mb}\} ~a%~~~~~/~~  &&1X@_   A   '1C5I  (+̀ !(6 _l' 543S cp<//-0]Ƀ%7,sd9؄ # 1 =H Yg  ƅ Ѕ ۅ)$5Ldz   ̆ ݆    .IYiy 4 :6=LgKNψ2Qe uΉ# !;2U ϊ.H^%u !ދ0!Mo,/֌6K c!#č+2.G1v-2֎* .45c14ˏ051-g5/7&8^67Α82?:r;9:#^.u-+ғ1200c,110%.V453/$4T9.Ֆ3-81f4-͗16-0d47ʘ03Kbu/2%$053f73Қ62=7p:695T:Ŝݜ1,-^0,140Q3/4-,@ mz  ȟٟ" 2 ?Jhqv@W[R  ͡ >B2I |   Ѣ)ݢ##+OWh(|]4 @Tcs#$ޤ)D W!dCSHJfCD: CQaev~ 7B7z Ȩͨ ި  (5 Qr#ȩ*4H b/o  Ҫ* $L/4|@$4Rj } ( Ԭ,?],x ƭ ѭݭ &-B@  %ʮ3F fr  %ٯ%,4<D^ r Ͱ      #-@n} ʱ Ա! , :Fb+},+ֲ   ' .8"J8m  6ٳ/LTc,t !ʹ8 Ե;^&)"b>q)ȸ)*:We4+2-QGMǺH^j&L޼<S;1)ܽ5v<Z!0(JsϿ*1GEe(5, 7&F m0x %808iJ& &4![}&D%j6(%'+SYh x -=y-85E\k*  >I5H.& 0 4A*J7u*#*BCm'.c"lu-#2Q#9W<:w'(&7^)|,"$D"Vy    7 S] m z*A9 > IU]7l  O k! "  , 7AS iw-9KOXsy   #3D%X~      4< O[`'q& &L]dc0# D^2@8sp#&A*hY   ("9\/r'+8RN%=S#Hw%4=T3M "1D Xf&u+ !"'C_L{$&$$!IPkQ"!1DS,H$#3W?o25,>/k%8(*#-N$|'S(+F#rK"),/$\'25,/?$o7'h%e4+/%);#e   $(!@70x4 7 'A)iS* *8#c;"'1O$ .D J1V B     6Z@ 0X9.?(n  F8( F"g# *#C ^3-.&7Vi r|' 6J d q}   +7M$]:   6Kdu$)'>Q q%! %FYO % 1?#q"$. %*WP% \/%CA8WmAP,Bo xT  ##,&Pw% % (#L]'qD "$1 VasH4D1K&} R ":3Fn"%J4I0~    O'ws;CKTl  H/I!d$4 9- g    = 9 '  H U h |          -$ KR # * 6 T$  y          " B ` Dg <  16SjoB"C.;,j  [%]jY"f,!bN _FWPF>lFCe5S; #L #8MG8 Q o  #    !"!1!C! ^!Mk!z! 4"@">I""""R";&#Vb# $t$S:%% r&&z ''X' ' (d(2I)|)0*6*+;(+%d++++++,*,E,`,{,,,!,, -&&-M-h-- --- -p.W.../!./ P/q/"////0!/0Q0*p0(0"001#'1$K1'p1'11112-2L2k222!222353!N3'p3'33!33464I4$b4@44445< 5W]5455-5%-6/S6!6"6 6#6 747>M77 77777 7 8 >8 _88888899+9@9[9 v9 99 999 9::':$<:%a:/:::1:9;O; o; {;(;E;";r<<z= >?0A*9A!dA!AAAAA"B!#B!EB!gB!B$B BB#BsCuC!CED dD<qD'DDD D D EE )E3ECEZE _EViEEESE2FAF PF \FcfF FF F FFG G$G+G 2G ?G LGYGxGG#GGGGGH $H)EHoH H HHH0H3H0!I6RIIIII6I(J CJPJ `J mJ6zJ/J3J-K!CK eK"KKKKL$LCLbL*L#L&LL$M8MQMpMMMMM'M-NLN3eN-N$N6NV#O!zO%OOOOO5P*PP{P P9P1P'Q',Q3TQ3Q"QQ!Q! RBR!^RRR(RHR-S!LS'nS'S'S5S-T'JT!rT!T T!T'T! U/U4LU3U7U@U3.V*bV&VV1V-V1'W:YW$WWW#W X(XHXgX!XXXXXY);Y'eYY!YY"Y&Z&7Z#^Z&Z&Z&Z+Z)#[#M[ q[[[[[[&\&A\/h\&\,\\]"]=] U]v]&]&] ] ^ !^B^]^u^^^^^^^^_$ _E_2L_2___0_ `K`h`*` `8`D` 7a$DaKiaQaKbQSbb bbb'b cc3c :c$Gc$lcc$cuc3Id!}dd d d dd d ddyeyeef1 f+Rf~ffff;fg!0g3Rgg!gg!gh!'h!Ih$kh3hh!hi!$i5Fi$|i i'ii*i'j ;j\j cj mjnzjjj,k)3k]kmkkk k k k kkkl.l7lJl&cl lfl l m-m-Lm zmmmmmmmm n"n;nTnmn nnn nn(nn#o4o:oYo_oyo&oooopp02pcpvppp0pppp& q 3q>qOq ^q lqwq'qkqr y"Yy |yyy yyyy y z' z$3zXz2tz3zzzDz+{$;{3`{<{ {{{{ |$|;|5Z|8|8|;}>>};}}?}H}%B~&h~(~)~'~( )3)]')*&'+,S'&'π&)&H(o).'&)@'j'')& (3(\' ʃ׃  !:SZ~m!'@SZaw!$<؅BX n6 ƆІ*!=(Z$''Ї$'3'[Ԉ'5O i vƉ։dW t    ʊԊ  &>"-a*"ϋ   .7>v   ʌ ڌ>#*:JZ  $*E8p!ˎێK MsZ}Ώ%L r N$  %12odԑݑ 4 P? ђJ*3'^   ɓ! 'GW p|!ߔ**@k{$ +5<C an!ؖ 1EYo!$"9OhØ!֘0F6Yҙ0Me}ǚ! !?!a"   ʛ+#F jɜ!)Fc )ݝ'/!Np"&#ٞ&&$Kf~֟ -Hc {&&ޠ  &Gb}BTS@<Ѣ آ* 8?+Q}N4ӣ8Rl s    դ*F(`2Aե $$IPg#Ħ'  ;V t55˧NNPNN=Pg{-Щ!!!3U'k'*ת!!=_{!ի- -;i֬'!<Rn "ǭ (Fe#'Ǯ3  ?\L#ͯ*1G"y)ư'ٰB (cB!&6*a is9 ɲײ޲- 2?F_!f ʳѳ     ")?Rhz(ʴ %29P#k'̵ " @at  ʶ$ݶT!]v!Է$9$Uz&$- 3NK ι۹   2 ? L m w='$ :4T ϻ!&< VcsӼ O`xJ1ݽ5,E,rʾ5I`y ޿ 2>?~%#1D<X*  E3Po !7P!f6*'. ?Lkr y #,07V?]?N ,096j'< 5B[R*   2>*B m w*-  0CgST  *@D W c o {        :!Y {1        .* Y do    '8 IT*j  0    39 m z    34Miy&  ,HX w &?Fb/~/ !-OXajy2M# X1 - 5N ^l }   ffY  M gtgw  ''#=&a''   5*4`#$':Pn!!-.A Wx*6 )4 ^h&<Rex 0'@!h>=1 Q"^M/.+>j8}& * E O \ f p z'     &0 F R^>g##0EE,&E"h}  * * 0R;     $. >HOV]y$ 0&@G]*s$L 'X0'     #/ 6oCu ) 3 ?K T a!2 2<C J-W  9=9w.26FR0.C Yct     , @ J T^n ~  A )3,:Yg" -@!Vx   / ' >K[k~    <[!z )'@h!%""(4&]#&<Zu   8Az ! ,B![} 3L$e"'=Si!|4Qk!!$ATm!R [ h'r@  &5 J V b n(x k,"Oc t =/5E{8<       # 6@[n~ +*cJ`5Njz--+<h x(  $<:w<     >^K~$0  0 = D V l  $  ) & * @ S l      U : X  \  f p      / , / ,E r   -     ( *; Yf /     -G7-*43=H58    ,6Ib s Q6   *:V r |   B   ( 5'Bj }"5ki%0  ! . ; H5R-6 :0Ar  7 -37 k?x   - '-.c\: 64? t~?+ 60gz    L&<On"  ?OVOo $ #9Lb~< -"  P \  n z          ! ! #!0!B!R!d!x!!!!!!!""."A"Y"l"~"""""""##-#@#S#f#{######4#*$9E$$!$$$$$ $$U%V% i%v% % %% %%% %%%!&&& 6&C&S&-&'('P'i'''3'3'3(>G(9(((-(9 ) Z)g) |)9)2)3)-**3X*-**%**+1=+-o+9+++ +1 ,'<,'d,$,3,3,--"G-j-$-$-!--!.0.(O.5x.-.'.!/&/*B/$m/$/!/'/10!304U0303070F*11q1-111:2'>2&f2&2,2&2.3,73#d3 383#3/4 642W44 44 4445-5$F5k55555556/6*M6x6x66 7%70>70o7K7)7 8 858J8 f8 s8 }888)8 88 889$9*@9?k9999 99-9':+E:0q:':,:4:+,;*X;/;3;-;'<-=<*k<(<)<.<*=,C=6p=2===!>?">$b>> >>>> ?'?!;?F]?T??S@b@ i@v@ }@'@@@ @ @ @@AH ATA [A hA rAA*A A A AAA;A 1B >BKB-gB&BBBB-CDC]C*yCC=C@CC9D }D DDDDD?E/AE1qE1EE E EFF 4FAF*`FOFBFG .G8G HG RG _GiGyGGG GG G G$GG HH/HEH[HkH H H HH H H H H H H HH I I I +I7I II.UIIII;II IIJHJEaJ+JJ JJ K#K6K!LKnKKK*KKKKL/LLLcLwLL!LLLLM.MLM!kM!MM&M)M N)N?NON_NuNNN*N+N$O*Q-oQ1Q0Q0R11R3cR0R4R3R31S4eSS$S$S!S.T-HT-vT*T.T'T'&U$NU1sU0U0U-V15VgV)wV0V0V-W01W0bW-W3W3W0)X3ZX3X0XXYY#Y-3Y0aYYY'Y*Y4Z-RZ3Z0Z4Z7[0R[6[3[7[&\<\O\e\.u\'\-\*\.%]1T]*]0]-]1^B^ R^"_^ ^^^ ^ ^^ ^ ^^^ _ $_ 1_ ;_H_ d_n_u___;_5_5` S` ]` g`q` ``>` `5` 2a?aOa_aua a%a%a!a b b#b3bObQVb6b b b b c cc6cRcecxccc cc cc9cP(dyd6d6d6d1e 8e EeReYe ieseeete9-f8gff ffff ff g g'g=gYgugggg*g hh+1h]h dh qh~hh$hh hEh$i?iDOiiiiii i j jj.j MjZj vjjjjj$jk+k 2k ?kLk dkqkkk k+kk k kkll 4lAlWlpll l l l ll llm!m@m GmQmXmlm }m m m mmm m m m m n nn1nPn`nynnn nnnn n oo"o3oSo!so oo ooooo)o p )p6p3Op!pppp p$p qq2q)qrrr3Ls s!ssEs+%t Qt'^tt&ttTt(@uiu*uuIuLv*`vv["w7~ww-w;w9xOxnx'xexEyayyyyyyyz&$zKz>fz*z9z' { 2{?{ W{:d{ { {!{*{|| !|M.|||||||*|! }B}'U}}}}}} } }4}}$~ 8~ E~R~3p~~~ ~ ~ ~ ~'~#3**0 >T d q~  ŀҀ ـ <W0 M// 3 =+J4v,ɂ  22STăZ1!*Ʉ3TC6υ!0&H$o'؆ 3 :*Gr'LJއ % @ JW"m  ÈЈ$ 02c j t~;҉     *37k  ӊ )9 LYl!|$0Ë 7Sfy  Ɍ ͌ ׌     ( 2 < F P Zg k u   Ǎ"" %-BSH0- 1!;l]gʏ*29]g$%$*J[u ёܑ  !A"Tw2Ȓ9ޒJc+9Z3@t$(ߔ$?-m}ƕ)ٕ+ /<SmN  $"GfHHȗ-9I'E 6/fy11..-J0x--ך-*3*^V--<H[*Ü***D1o1.ӝ.*1-\*.-=W t'!˟ҟٟ$'+;2Q$Ƞؠ+'".JZyԡ $0G2e6 -$ ӣ' )<R7Y   ΤRؤ + 5-?Im-+(;DSi|DȦ %=Pfy$'ç,J erè(ڨ!0%Vu ͩ% "2;Te y    ʪ ת "/ ?M4i ѫ,H[qʬ5Uu-֭ R q{, Ԯ'8T$o Aͯ . M[Rw$ʰEC5!y ϱ; !E/!u T +"G)j, ȳ ճ,18?#Sw*EŴ  ,E^exC9ϵ= /G'w5  *=?}#?(1#U\cs¸Ӹ</ARQù ֹ  7I\oӺ-ں(9D~  ,) * 5 CQk   ɼԼۼ< M!Z%|Z,< C P Z dqQ3F0`ǿ7߿$QC-/  (26U  H B yk" f^    8T4 ` BA  CS  Z   !3  g 2 E B A O/  x>}g = z ' [upf  OJ [  )V K Y" c ( l)  x @X   Kn G0 4 F< ` 38 o @wI c   =}{ R :e T     .{Y` n, 2  0  K J l  a p  5 #P   A   u B >  H== i /  + { z   D R   [  e   B ;   b ;  N @  > :  $_ y ;O~ Ql`+ @ >r U r c N e  Jy  VZ[ 9 P 97 :x t49 =[\   O u! _  oM   .BB <  7 p  Z~ ( z,  e   %; n i $ o] W  6.WY 4 S2 2 N 5 7 #U | c;lm9 '< 8X "AO ? NQQ > v   CS = H z 9 ? yq { r !o     < d   )   _ k `i /a  D 8U *j, 974T 5 ms ha vD:P w p b\ C ,? T%aMM 4Mm 7 ^ x DU / 8 r ? 3 7 ~ w {E=9 ^f 4 m9   ]4f *c} 4 o | He IE"S-+ Q{ gh ; i  t  & pD Fcg e U> g: D qS f . L _ U  z`FYBw, {M  = d 2  b + 5-62   M y@ Rj Y&9 U qk ty  :   " & I v +V  ] \ S K:a  G~U]  n&  Rat . fI Z b<*" F I G - w ' Oa  ( Y> N 0n, O`I 3 $ eH #. k .  x\W /O1`j O G w g *hJ G@ m CH n E f v 8#1h /   ~ A    r   X u < U & L P > f } r3  0 % :|!  .# L I 6  %  C  Z X-u  t{ A M d  3  5 b   Dr  N! Wc C  T[  N 8*  ) N   i| + %% h  f | u {  "G o .I   Y Q!<  4E 7 EV+R6   _' #  j _ f < > s {IK R v B|   ]d " u X ~]#AW8  T W0 (m)h o()1u S, $ K K  a|L q  K | UxC /g ~ Y  K V j n Gr {j5s `p6u $3 3 NJ L :nd  -  h =d k  &  " - DP<m 1 &  32  J F m  d  6 F #  @ 7 ?O n h' (Cy A l * f P u 0 B $" W `  ' p$ x 1 &   ' -X A ^ ie Wu !T o'k d ;8   0 p  \  ^  ^ u5 6 ) x|   $ 0 qG @[ !L )7 T 7 o n  k   j ; .z R Z m T jp   ( ( *  X 0}   p zv# > j g  u_ vesa ),] aU 'Y  l7 K H J q - Vqiy @ 5  1  Vy> C Gg k  9% 2E|`h^k MLw k \Nbc H&  l bD  M d/X *  M, D] v  U^,(Tj V L z: Q !JJ  , } , m gF }#a %i F  V  %   @ 605  :]h R ? * [z Q p M 0- s btF z ~[  5< s Y ~ 1 r}Fq H 2 A _    *ly+?   V / LnC+ ]  X I  l\?( O  [ J Y 8 *  =l = # G tf A   Lb   & kW Z2  )r o I6wTZ ?"! ^7} ;y 6 i ]Q q  L D  M s ( ) G l 3 S 2, qF  E H @P g  C 3 q  "9  ' %v; X  \x 5 _-!   W GT\ Q 9 z ? k[  h m D - M+XL  $A SRz  > 1?  l m h- !6 Z  T H b <v    6 * +s   'd2w   <  J  .   8 !  ; 4 & r   } / X*hA p flVM  )>WB ss|" P t8FK$   ~ /  }'  Ky 25 z]LH I\ Iy f NT&,  t  & 4Z  { io w  r t H %: d 8 ` 3  6 @ N5m Kb 7"   q1Q Q$  P cg / g =R_ J ev #j :'1!  s  h QH /  { P  ZF G } >  E  x `S$ Qj? P  N P$ E   ^ x k [  } +  ^ 9 R=~  w c d  p 5 kK <(  Zn( 3 J bx 0 -.qU q  _S  F(Y Qo ePES p o|AJ o  cw v# a`C 2 ]l 1  _ ^  t 8 # E md  ;a R G$ 4| \ Lw 4  ~ . IE0&b* ^i   r | {) y C@  ;c - zv 7 c]Y 'Bx B Yi N  x. Z ~ ;V S R ?V t  Xj   O   0  \ R  \ 6O ?  + D 3Oi[ B  :   i  %  n  ^[w dUjb c ~ a g s _  W V/e 1 = P Z   S %  v  _ss t1 e e<E\tr} uW X+  C D W %  @ n ) 9 1  EXAMPLES: Vault Container object. Vault object. Add a new token: ipa otptoken-add-yubikey --owner=jdoe --desc="My YubiKey" * A permission grants access to read, write, add, delete, read, search, or compare. * A privilege combines similar permissions (for example all the permissions needed to add a user). * A role grants a set of privileges to users, groups, hosts or hostgroups. * The host must exist * The service must exist (or you use the --add option to automatically add it) A certificate is stored with a service principal and a service principal needs a host. A condition is a regular expression used by 389-ds to match a new incoming entry with an automember rule. If it matches an inclusive rule then the entry is added to the appropriate group or hostgroup. A default group or hostgroup could be specified for entries that do not match any rule. In case of user entries this group will be a fallback group because all users are by default members of group specified in IPA config. A permission is made up of a number of different parts: 1. The name of the permission. 2. The target of the permission. 3. The rights granted by the permission. A permission may not contain other permissions. A rule is directly associated with a group by name, so you cannot create a rule without an accompanying group or hostgroup. API Schema Additionally, there are the following convenience options. Setting one of these options will set the corresponding attribute(s). 1. type: a type of object (user, group, etc); sets subtree and target filter. 2. memberof: apply to members of a group; sets target filter 3. targetgroup: grant access to modify a specific group (such as granting the rights to manage group membership); sets target. All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA prevents it from issuing certificates but does not affect the validity of its certificate. An order can be added to a sudorule to control the order in which they are evaluated (if the client supports it). This order is an integer and must be unique. Asymmetric vault is similar to the standard vault, but it pre-encrypts the secret using a public key before transport. The secret can only be retrieved using the private key. Auto Membership Rule. Based on the ownership there are three vault categories: * user/private vault * service vault * shared vault Based on the security mechanism there are three types of vaults: * standard vault * symmetric vault * asymmetric vault Baseuser This contains common definitions for user/stageuser CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its signing certificate to be revoked and its private key deleted. Certificate requests exist in the form of a Certificate Signing Request (CSR) in PEM format. Certificates may be searched on by certificate subject, serial number, revocation reason, validity dates and the issued date. DNS server configuration Dates are treated as GMT to match the dates in the certificates. Deleting or renaming a managed permission, as well as changing its target, is not allowed. Domain Name System (DNS) EXAMPLES: FreeIPA provides a means to configure the various aspects of Sudo: Users: The user(s)/group(s) allowed to invoke Sudo. Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke Sudo. Allow Command: The specific command(s) permitted to be run via Sudo. Deny Command: The specific command(s) prohibited to be run via Sudo. RunAsUser: The user(s) or group(s) of users whose rights Sudo will be invoked with. RunAsGroup: The group(s) whose gid rights Sudo will be invoked with. Options: The various Sudoers Options that can modify Sudo's behavior. Get information about installed IPA servers. Get status of roles (DNS server, CA, etc.) provided by IPA masters. IPA certificate operations IPA locations IPA server roles IPA servers IPA supports the use of OTP tokens for multi-factor authentication. This code enables the management of OTP tokens. IPA supports the use of an external RADIUS proxy server for krb5 OTP authentications. This permits a great deal of flexibility when integrating with third-party authentication services. Implements a set of commands for managing server SSL certificates. In order to request a certificate: Joining an IPA domain Manage Certificate Authorities Manage DNS zone and resource records. Manage OTP tokens. Manage RADIUS Proxy Servers. Manage YubiKey tokens. Manage vaults. Managed permissions Manipulate DNS locations Manipulate DNS server configuration Misc plug-ins Note that reason code 7 is not used. See RFC 5280 for more details: Note the distinction between attributes and entries. The permissions are independent, so being able to add a user does not mean that the user will be editable. OTP Tokens Permissions Plugins not accessible directly through the CLI, commands used internally Provides API introspection capabilities. RADIUS Proxy Servers Raise the IPA Domain Level. Removal of '%(hostname)s' leads to disconnected topology in suffix '%(suffix)s': %(errors)s Replication topology in suffix '%(suffix)s' is disconnected: %(errors)s Rights define what operations are allowed, and may be one or more of the following: 1. write - write one or more attributes 2. read - read one or more attributes 3. search - search on one or more attributes 4. compare - compare one or more attributes 5. add - add a new entry to the tree 6. delete - delete an existing entry 7. all - all permissions are granted SEARCHING: Standard vault uses a secure mechanism to transport and store the secret. The secret can only be retrieved by users that have access to the vault. Subordinate Certificate Authorities (Sub-CAs) can be added for scoped issuance of X.509 certificates. Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. Sudo Rules Symmetric vault is similar to the standard vault, but it pre-encrypts the secret using a password before transport. The secret can only be retrieved using the same password. The automember-rebuild command can be used to retroactively run automember rules against existing entries, thus rebuilding their membership. The date format is YYYY-mm-dd. The dogtag CA uses just the CN value of the CSR and forces the rest of the subject to values configured in the server. The following revocation reasons are supported: There are a number of allowed targets: 1. subtree: a DN; the permission applies to the subtree under this DN 2. target filter: an LDAP filter 3. target: DN with possible wildcards, specifies entries permission applies to This code is an extension to the otptoken plugin and provides support for reading/writing YubiKey tokens directly. Topology Management of a replication topology at domain level 1. User vaults are vaults owned used by a particular user. Private vaults are vaults owned the current user. Service vaults are vaults owned by a service. Shared vaults are owned by the admin but they can be used by other users or services. Vaults Verify replication topology for suffix. Checks done: 1. check if a topology is not disconnected. In other words if there are replication paths between all servers. 2. check if servers don't have more than the recommended number of replication agreements YubiKey Tokens Alternatively, following servers are capable of running this command: %(masters)s"%s" is not a valid permission type"%s" is not an object type${count} certificate(s) present${count} item(s) added${count} item(s) deleted${count} item(s) disabled${count} item(s) enabled${count} item(s) removed${count} option(s) removed${count} user(s) activated${count} user(s) restored${count} users(s) staged${entity} ${primary_key} Settings${entity} ${primary_key} updated${entity} successfully added${primary_key} applies to:${primary_key} is a member of:${primary_key} is managed by:${primary_key} members:${primary_key} overrides:${product}, version: ${version}%(attr)s does not contain '%(value)s'%(attr)s: Invalid syntax.%(attr)s: Only one value allowed.%(container)s LDAP search did not return any result (search base: %(search_base)s, objectclass: %(objectclass)s)%(count)d %(type)s record skipped. Only one value per DNS record type can be modified at one time.%(count)d %(type)s records skipped. Only one value per DNS record type can be modified at one time.%(count)d ACI matched%(count)d ACIs matched%(count)d CA ACL matched%(count)d CA ACLs matched%(count)d CA matched%(count)d CAs matched%(count)d DNS server matched%(count)d DNS servers matched%(count)d Group ID override matched%(count)d Group ID overrides matched%(count)d HBAC rule matched%(count)d HBAC rules matched%(count)d HBAC service group matched%(count)d HBAC service groups matched%(count)d HBAC service matched%(count)d HBAC services matched%(count)d ID View matched%(count)d ID Views matched%(count)d ID override matched%(count)d ID overrides matched%(count)d IPA location matched%(count)d IPA locations matched%(count)d IPA server matched%(count)d IPA servers matched%(count)d OTP token matched%(count)d OTP tokens matched%(count)d RADIUS proxy server matched%(count)d RADIUS proxy servers matched%(count)d SELinux User Map matched%(count)d SELinux User Maps matched%(count)d Sudo Command Group matched%(count)d Sudo Command Groups matched%(count)d Sudo Command matched%(count)d Sudo Commands matched%(count)d Sudo Rule matched%(count)d Sudo Rules matched%(count)d User ID override matched%(count)d User ID overrides matched%(count)d automount key matched%(count)d automount keys matched%(count)d automount location matched%(count)d automount locations matched%(count)d automount map matched%(count)d automount maps matched%(count)d certificate matched%(count)d certificates matched%(count)d delegation matched%(count)d delegations matched%(count)d group matched%(count)d groups matched%(count)d host matched%(count)d hosts matched%(count)d hostgroup matched%(count)d hostgroups matched%(count)d netgroup matched%(count)d netgroups matched%(count)d permission matched%(count)d permissions matched%(count)d plugin loaded%(count)d plugins loaded%(count)d privilege matched%(count)d privileges matched%(count)d profile matched%(count)d profiles matched%(count)d range matched%(count)d ranges matched%(count)d role matched%(count)d roles matched%(count)d rules matched%(count)d rules matched%(count)d segment matched%(count)d segments matched%(count)d selfservice matched%(count)d selfservices matched%(count)d service delegation rule matched%(count)d service delegation rules matched%(count)d service delegation target matched%(count)d service delegation targets matched%(count)d service matched%(count)d services matched%(count)d topology suffix matched%(count)d topology suffixes matched%(count)d trust matched%(count)d trusts matched%(count)d user matched%(count)d users matched%(count)d variables%(count)d vault matched%(count)d vaults matched%(count)s server role matched%(count)s server roles matched%(cver)s client incompatible with %(sver)s server at '%(server)s'%(filename)s: file not found%(host)s failed%(host)s failed: %(error)s%(info)s%(key)s cannot be deleted because %(label)s %(dependent)s requires it%(key)s cannot be deleted or disabled because it is the last member of %(label)s %(container)s%(label)s %(key)s cannot be deleted/modified: %(reason)s%(name)s certificate is not valid%(obj)s default attribute %(attr)s would not be allowed!%(oname)s with name "%(pkey)s" already exists%(operation)s is not supported for %(principal_type)s principals%(otype)s "%(oname)s" not found%(parent)s: %(oname)s not found%(pkey)s: %(oname)s not found%(port)s is not a valid port%(reason)s%(task)s LDAP task timeout, Task DN: '%(task_dn)s'%(type)s category cannot be set to 'all' while there are allowed %(objects)s%(user)s is not a POSIX user%(value)s%i CA added.%i CA removed.%i CAs added.%i CAs removed.%i host or hostgroup added.%i host or hostgroup removed.%i hosts or hostgroups added.%i hosts or hostgroups removed.%i profile added.%i profile removed.%i profiles added.%i profiles removed.%i service added.%i service removed.%i services added.%i services removed.%i user or group added.%i user or group removed.%i users or groups added.%i users or groups removed.%s Record%s is not a valid attribute.%s record%s to add%s to exclude from migration%s to remove%s: group not found%s: user is already preserved'${port}' is not a valid port'%(attr)s' already contains one or more values'%(command)s' is deprecated. %(additional_info)s'%(entry)s' doesn't have a certificate.'%(name)s' is required'%(option)s' option is deprecated. %(additional_info)s'%(required)s' must not be empty when '%(name)s' is set'%s' is a required part of DNS record'add' option(deprecated)(see RFC %s for details). Check GID of the existing group. Use --group-overwrite-gid option to overwrite the GID7 is not a valid revocation reason One-Time-Password(OTP): Generate new OTP code for each OTP field. To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and configured the browser correctly, then click Login. To login with username and password, enter them in the corresponding fields, then click Login.

Implicit method (password) will be used if no method is chosen.

Password + Two-factor: LDAP and Kerberos allow authentication with either one of the authentication types but Kerberos uses pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, but LDAP never does. LDAP only recognize the password and two-factor authentication options.

Per-user setting, overwrites the global setting if any option is checked.

Password + Two-factor: LDAP and Kerberos allow authentication with either one of the authentication types but Kerberos uses pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, but LDAP never does. LDAP only recognize the password and two-factor authentication options.

A IP AddressA SYSTEM permission may not be modified or removedA description of this RADIUS proxy serverA description of this auto member ruleA description of this commandA description of this hostA description of this host-groupA description of this role-groupA dictionary representing an LDAP entryA group may not be a member of itselfA group may not be added as a member of itselfA host willing to act as a key exchangerA host willing to act as a mail exchangerA hostname which this alias hostname points toA list of ACI valuesA list of LDAP entriesA list of SELinux users delimited by $ expectedA list of global forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"A list of per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"A managed group cannot have a password policy.A problem was encountered when verifying that all members were %(verb)s: %(exc)sA recordA space separated list of attributes which are removed from replication updates.A string searched in all relevant object attributesA6 Record dataA6 recordAAAA IP AddressAAAA recordACI nameACI of permission %s was not foundACI prefixACI prefix is requiredACI with name "%s" not foundACIsACL nameAD DC was unable to reach any IPA domain controller. Most likely it is a DNS or firewall issueAD Trust setupAD domain controllerAD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for exampleAFSDB HostnameAFSDB SubtypeAFSDB recordAPI BrowserAPI Version number was not sent, forward compatibility not guaranteed. Assuming server's API version, %(server_version)sAPL recordAboutAccess DeniedAccess GrantedAccess granted: %sAccess this hostAccess timeAccessingAccountAccount SettingsAccount StatusAccount disabledAccount disabled: %(disabled)sActionsActivateActivate a stage user "%(value)s"Activate a stage user.Active Directory domainActive Directory domain administratorActive Directory domain administrator's passwordActive Directory domain rangeActive Directory domain with POSIX attributesActive Directory trust range with POSIX attributesActive directory domain administrator's passwordActive usersActive zoneAddAdd ${entity}Add ${entity} ${primary_key} into ${other_entity}Add ${other_entity} Managing ${entity} ${primary_key}Add ${other_entity} into ${entity} ${primary_key}Add Allow ${other_entity} into ${entity} ${primary_key}Add CAs to a CA ACL.Add Condition into ${pkey}Add Custom AttributeAdd Custom Authentication IndicatorAdd Deny ${other_entity} into ${entity} ${primary_key}Add Kerberos Principal AliasAdd ManyAdd OTP TokenAdd PermissionAdd RuleAdd RunAs ${other_entity} into ${entity} ${primary_key}Add RunAs Groups into ${entity} ${primary_key}Add a manager to the stage user entryAdd a manager to the user entryAdd a new DNS server.Add a new Group ID override.Add a new HBAC service group.Add a new HBAC service.Add a new ID View.Add a new ID override.Add a new IPA location.Add a new IPA new service.Add a new IPA service.Add a new OTP token.Add a new RADIUS proxy server.Add a new User ID override.Add a new YubiKey OTP token.Add a new delegation.Add a new group password policy.Add a new host.Add a new hostgroup.Add a new netgroup.Add a new permission.Add a new privilege.Add a new role.Add a new segment.Add a new self-service permission.Add a new topology suffix to be managed.Add a new user.Add a permission for per-forward zone access delegation.Add a permission for per-zone access delegation.Add a system permission without an ACIAdd a system permission without an ACI (internal command)Add an attribute/value pair. Format is attr=value. The attribute must be part of the schema.Add an automember rule.Add an option to the Sudo Rule.Add and Add AnotherAdd and CloseAdd and EditAdd certificates to host entryAdd commands and sudo command groups affected by Sudo Rule.Add conditions to an automember rule.Add custom valueAdd domainAdd forward record for nameserver located in the created zoneAdd hosts and hostgroups affected by Sudo Rule.Add hosts that can manage this host.Add hosts that can manage this service.Add member to a named service delegation rule.Add member to a named service delegation target.Add members to Sudo Command Group.Add members to a group.Add members to a hostgroup.Add members to a netgroup.Add members to a permission.Add members to a privilege.Add members to a role.Add members to a vault.Add members to an HBAC service group.Add migrated users without a group to a default group (default: true)Add new DNS resource record.Add new certificates to a serviceAdd new principal alias to a serviceAdd new principal alias to host entryAdd new principal alias to the user entryAdd one or more certificates to the idoverrideuser entryAdd one or more certificates to the user entryAdd owners to a vault container.Add owners to a vault.Add permissions to a privilege.Add principalAdd privileges to a role.Add profiles to a CA ACL.Add services to a CA ACL.Add services to an HBAC rule.Add source hosts and hostgroups from a HBAC rule.Add target hosts and hostgroups to a CA ACL.Add target hosts and hostgroups to an HBAC rule.Add target hosts and hostgroups to an SELinux User Map rule.Add target to a named service delegation rule.Add target to a named service delegation.Add the host to DNS with this IP addressAdd to default groupAdd users and groups affected by Sudo Rule.Add users and groups to a CA ACL.Add users and groups to an HBAC rule.Add users and groups to an SELinux User Map rule.Add users that can manage this token.Added %(map)sAdded %(src)s to %(dst)sAdded Active Directory trust for realm "%(value)s"Added CA ACL "%(value)s"Added Group ID override "%(value)s"Added HBAC rule "%(value)s"Added HBAC service "%(value)s"Added HBAC service group "%(value)s"Added ID View "%(value)s"Added ID override "%(value)s"Added ID range "%(value)s"Added IPA location "%(value)s"Added OTP token "%(value)s"Added RADIUS proxy server "%(value)s"Added SELinux User Map "%(value)s"Added Sudo Command "%(value)s"Added Sudo Command Group "%(value)s"Added Sudo Rule "%(value)s"Added User ID override "%(value)s"Added automember rule "%(value)s"Added automount indirect map "%(value)s"Added automount key "%(value)s"Added automount location "%(value)s"Added automount map "%(value)s"Added certificates to host "%(value)s"Added certificates to idoverrideuser "%(value)s"Added certificates to service principal "%(value)s"Added certificates to user "%(value)s"Added condition(s) to "%(value)s"Added delegation "%(value)s"Added group "%(value)s"Added host "%(value)s"Added hostgroup "%(value)s"Added netgroup "%(value)s"Added new DNS server "%(value)s"Added new aliases to host "%(value)s"Added new aliases to the service principal "%(value)s"Added new aliases to user "%(value)s"Added option "%(option)s" to Sudo Rule "%(rule)s"Added permission "%(value)s"Added privilege "%(value)s"Added role "%(value)s"Added segment "%(value)s"Added selfservice "%(value)s"Added service "%(value)s"Added service delegation rule "%(value)s"Added service delegation target "%(value)s"Added stage user "%(value)s"Added system permission "%(value)s"Added topology suffix "%(value)s"Added user "%(value)s"Added vault "%(value)s"Additional instructions:Address not valid, can't redirectAdministrative accountAdministrator e-mail addressAdvertised by serversAgreements deletedAlgorithmAllAll attributes to which the permission appliesAll commands should at least have a resultAllowAllow ${other_entity} to create keytab of ${primary_key}Allow ${other_entity} to retrieve keytab of ${primary_key}Allow PTR syncAllow access from the trusted domainAllow adding external non-IPA members from trusted domainsAllow dynamic updates.Allow falling back to AD DC LDAP when resolving AD trusted objects. For two-way trusts only.Allow in-line DNSSEC signingAllow inline DNSSEC signing of records in the zoneAllow queryAllow synchronization of forward (A, AAAA) and reverse (PTR) recordsAllow synchronization of forward (A, AAAA) and reverse (PTR) records in the zoneAllow transferAllow use of IPA resources by the domain of the trustAllow users, groups, hosts or host groups to create a keytab of this host.Allow users, groups, hosts or host groups to create a keytab of this service.Allow users, groups, hosts or host groups to retrieve a keytab of this host.Allow users, groups, hosts or host groups to retrieve a keytab of this service.Allowed TargetAllowed to ImpersonateAllowed to create keytabAllowed to retrieve keytabAllows migration despite the usage of compat pluginAlready registeredAlternative UPN suffixesAltitudeAlways askAmbiguous search, user domain was not specifiedAn IPA master host cannot be deleted or disabledAn error has occurred (${error})An error occurred while fetching dns zones.An id range already exists for this trust. You should either delete the old range, or exclude --base-id/--range-size options from the command.An interval between regular polls of the name server for new DNS zonesAnchor '%(anchor)s' could not be resolved.Any CAAny CommandAny GroupAny HostAny ProfileAny ServiceAnyoneApplied to hostsApplies ID View to specified hosts or current members of specified hostgroups. If any other ID View is applied to the host, it is overridden.Applies ID View to specified hosts or current members of specified hostgroups. If any other ID View is applied to the host, it is overriden.ApplyApply ACI to your own entry (self)Apply ID View ${primary_key} on hosts of ${entity}Apply ID view ${primary_key} on ${entity}Apply to host groupsApply to hostsArchive data into a vault.Archived data into vault "%(value)s"Are you sure you want to ${action} the user?
The change will take effect immediately.Are you sure you want to activate ${object}?Are you sure you want to activate selected users?Are you sure you want to add permission for DNS Zone ${object}?Are you sure you want to delete ${object}?Are you sure you want to delete selected entries?Are you sure you want to disable ${object}?Are you sure you want to disable selected entries?Are you sure you want to enable ${object}?Are you sure you want to enable selected entries?Are you sure you want to proceed with the action?Are you sure you want to rebuild auto membership?Are you sure you want to remove permission for DNS Zone ${object}?Are you sure you want to restore ${object}?Are you sure you want to restore selected users?Are you sure you want to stage ${object}?Are you sure you want to stage selected users?Are you sure you want to un-apply ID view from selected entries?Are you sure you want to unlock user ${object}?As WhomAsks for a non-random password to use for the principalAssigned ID ViewAssigned manager of the token (default: self)Assigned user of the token (default: self)At least the domain or IP address should be specifiedAttributeAttribute KeyAttribute breakdownAttribute to filter via regex. For example fqdn for a host, or manager for a userAttributesAttributes for total updateAttributes to be ignored for group entries in DSAttributes to be ignored for user entries in DSAttributes to replicateAttributes to which the permission applies by defaultAttributes to which the permission applies.AuditAuthenticationAuthentication IndicatorsAuthentication indicatorAuthentication indicatorsAuthoritative nameserverAuthoritative nameserver changeAuthoritative nameserver domain nameAuthority IDAuto Membership RuleAuto Membership is not configuredAuto member rule: %s not found!AutogeneratedAutomatic update of DNS system records failed. Please re-run update of system records manually to get list of missing records.AutomemberAutomember RuleAutomember rebuild membership task completedAutomember rebuild membership task startedAutomountAutomount KeyAutomount KeysAutomount LocationAutomount Location SettingsAutomount LocationsAutomount MapAutomount MapsAutomount key name.Automount key object.Automount location name.Automount map name.Automount master file.AvailableBIND update policyBackBack to TopBad format in credentials cacheBad or unsupported salt type. Bad search filterBad search filter %(info)sBase DNBase DN on remote LDAP serverBase IDBase-64 encoded certificate.Base-64 encoded host certificateBase-64 encoded server certificateBase-64 encoded service certificateBase-64 encoded user certificateBase64 decoding failed: %(reason)sBind DNBind failed: %s Bind password required when using a bind DN. Bind rule typeBrief description of this profileCA '%s' is disabledCA categoryCA category cannot be set to 'all' while there are allowed CAsCA category the ACL applies toCA certificateCA is not configuredCAs cannot be added when CA category='all'CERT AlgorithmCERT Certificate TypeCERT Certificate/CRLCERT Key TagCERT recordCIFS credentials objectCIFS server %(host)s denied your credentialsCIFS server communication error: code "%(num)s", message "%(message)s" (both may be "None")CIFS server denied your credentialsCLI nameCNAME HostnameCNAME recordCNAME record is not allowed to coexist with any other record (RFC 1034, section 3.6.2)CancelCannot create reverse record for "%(value)s": %(exc)sCannot decode file '%(filename)s': %(exc)sCannot establish LSA connection to %(host)s. Is CIFS server running?Cannot establish a trust to AD deployed in the same domain as IPA. Such setup is not supported.Cannot find specified domain or server nameCannot perform SID validation without Samba 4 support installed. Make sure you have installed server-trust-ad sub-package of IPA on the serverCannot perform external member validation without Samba 4 support installed. Make sure you have installed server-trust-ad sub-package of IPA on the serverCannot perform join operation without own domain configured. Make sure you have run ipa-adtrust-install on the IPA server firstCannot perform the selected command without Samba 4 instance configured on this machine. Make sure you have run ipa-adtrust-install on this server.Cannot perform the selected command without Samba 4 support installed. Make sure you have installed server-trust-ad sub-package of IPA.Cannot read file '%(filename)s': %(exc)sCannot resolve KDC for requested realmCannot retrieve trusted domain GC listCannot search in trusted domains without own domain configured. Make sure you have run ipa-adtrust-install on the IPA server firstCannot store permission ACI to %sCannot use %(old_name)s with %(new_name)sCar LicenseCertificateCertificate Association DataCertificate AuthoritiesCertificate AuthorityCertificate Hold RemovedCertificate ProfileCertificate Profile to useCertificate ProfilesCertificate Profiles to addCertificate Profiles to removeCertificate RevokedCertificate TypeCertificate UsageCertificate for ${entity} ${primary_key}Certificate format error: %(error)sCertificate in base64 or PEM formatCertificate operation cannot be completed: %(error)sCertificate profiles cannot be renamedCertificate requestedCertificate subject base is: %s Certificate with serial number %(serial)s issued by CA '%(ca)s' not foundCertificate(s) stored in file '%(file)s'Certificate/CRLCertificatesChange current Domain Level.Change passwordChange to POSIX groupChange to external groupChanged password for "%(value)s"Character classesCheck DNSCheck connection to remote IPA server.Check the status of a certificate signing request.Checking if record exists.Checks if any of the servers has the CA service enabled.Checks if any of the servers has the DNS service enabled.CityClassClears ID View from specified hosts or current members of specified hostgroups.Click to ${action}Client credentials may be delegated to the serviceClient is not configured. Run ipa-client-install.Client version. Used to determine if server will accept request.Clock intervalClock offsetCloseClosing keytab failed Collapse AllComma separated encryption types listComma-separated list of attributesComma-separated list of attributes to be ignored for group entries in DSComma-separated list of attributes to be ignored for user entries in DSComma-separated list of objectclasses to be ignored for group entries in DSComma-separated list of objectclasses to be ignored for user entries in DSComma-separated list of objectclasses used to search for group entries in DSComma-separated list of objectclasses used to search for user entries in DSComma-separated list of permissions to grant (read, write). Default is write.Comma-separated list of permissions to grant (read, write, add, delete, all)Comma-separated list of raw A recordsComma-separated list of raw A6 recordsComma-separated list of raw AAAA recordsComma-separated list of raw AFSDB recordsComma-separated list of raw APL recordsComma-separated list of raw CERT recordsComma-separated list of raw CNAME recordsComma-separated list of raw DHCID recordsComma-separated list of raw DLV recordsComma-separated list of raw DNAME recordsComma-separated list of raw DNSKEY recordsComma-separated list of raw DS recordsComma-separated list of raw HIP recordsComma-separated list of raw IPSECKEY recordsComma-separated list of raw KEY recordsComma-separated list of raw KX recordsComma-separated list of raw LOC recordsComma-separated list of raw MX recordsComma-separated list of raw NAPTR recordsComma-separated list of raw NS recordsComma-separated list of raw NSEC recordsComma-separated list of raw NSEC3 recordsComma-separated list of raw NSEC3PARAM recordsComma-separated list of raw PTR recordsComma-separated list of raw RP recordsComma-separated list of raw RRSIG recordsComma-separated list of raw SIG recordsComma-separated list of raw SPF recordsComma-separated list of raw SRV recordsComma-separated list of raw SSHFP recordsComma-separated list of raw TA recordsComma-separated list of raw TKEY recordsComma-separated list of raw TSIG recordsComma-separated list of raw TXT recordsCommand '%(name)s' has been deprecatedCommand categoryCommand category the rule applies toCommand nameCommand not implementedCommandsCommon NameConditions that could not be addedConditions that could not be removedConfigurationConfigure your tokenConfigure your token by scanning the QR code below. Click on the QR code if you see this on the device you want to configure.Configured administrative server limit exceededConfigured size limit exceededConfigured time limit exceededConfirm (password)ConfirmationConnectivityConsecutive failures before lockoutContact SettingsContact this specific KDC ServerContinueContinuous mode: Don't stop on errors.Continuous operation mode. Errors are reported but the process continuesContinuous operation mode. Errors are reported but the process continues.Convert on serverCould not get %(name)s interactivelyCould not read UPG Definition originfilter. Check your permissions.CounterCounter-based (HOTP)Create Stage user in from a delete userCreate a CA.Create a new CA ACL.Create a new HBAC rule.Create a new SELinux User Map.Create a new automount key.Create a new automount location.Create a new automount map.Create a new group.Create a new indirect mount point.Create a new service delegation rule.Create a new service delegation target.Create a new vault.Create as a non-POSIX groupCreate dns recordCreate new ACI.Create new DNS forward zone.Create new DNS zone (SOA record).Create new Sudo Command Group.Create new Sudo Command.Create new Sudo Rule.Create reverseCreate reverse record for this IP AddressCreated ACI "%(value)s"Created CA "%(value)s"Creating record.Credentials cache permissions incorrectCross-realm trusts are not configured. Make sure you have run ipa-adtrust-install on the IPA server firstCurrent DNS record contents: Current PasswordCurrent domain level:Current password is requiredCustom valueDHCID recordDLV AlgorithmDLV DigestDLV Digest TypeDLV Key TagDLV recordDN commonName does not match user's loginDN emailAddress does not match any of user's email addressesDN of container for groups in DS relative to base DNDN of container for users in DS relative to base DNDN of the started taskDN to bind as if not using kerberosDNAME TargetDNAME recordDNSDNS Forward ZoneDNS Forward ZonesDNS Global ConfigurationDNS RR type "%s" is not supported by bind-dyndb-ldap pluginDNS Resource RecordDNS Resource RecordsDNS ServerDNS Server nameDNS ServersDNS ZoneDNS Zone SettingsDNS ZonesDNS check failed: Expected {%(expected)s} got {%(got)s}DNS classDNS configuration optionsDNS forward zoneDNS forward zonesDNS forwarder semantics changed since IPA 4.0. You may want to use forward zones (dnsforwardzone-*) instead. For more details read the docs.DNS is not configuredDNS label cannot be longer than 63 charactersDNS label cannot be longer that 63 charactersDNS record was deleted because it contained no data.DNS record(s) of host %(host)s could not be removed. (%(reason)s)DNS records can be only updated one at a timeDNS resource recordDNS resource record typeDNS resource recordsDNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this serverDNS serverDNS server %(server)s does not support DNSSEC: %(error)s. If DNSSEC validation is enabled on IPA server(s), please disable it.DNS server %(server)s does not support EDNS0 (RFC 6891): %(error)s. If DNSSEC validation is enabled on IPA server(s), please disable it.DNS server %(server)s: %(error)s.DNS serversDNS zoneDNS zone %(zone)s not foundDNS zone for each realmdomain must contain SOA or NS records. No records found for: %sDNS zone root record cannot be renamedDNS zonesDNSKEY recordDNSSEC support is experimental. %(additional_info)sDNSSEC validation failed: %(error)s. Please verify your DNSSEC configuration or disable DNSSEC validation on all IPA servers.DS AlgorithmDS DigestDS Digest TypeDS Key TagDS recordDS record must not be in zone apex (RFC 4035 section 2.4)DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC 4035 section 2.4)DataDebugging outputDefaultDefault (fallback) GroupDefault PAC typesDefault SELinux userDefault SELinux user when no match is found in SELinux map ruleDefault Trust View cannot be applied on hostsDefault Trust View cannot contain IPA usersDefault attributesDefault e-mail domainDefault fromDefault group for new usersDefault group for new users is not POSIXDefault group for new users not foundDefault group objectclassesDefault group objectclasses (comma-separated list)Default host groupDefault location of home directoriesDefault shellDefault shell for new usersDefault ticket policy could not be readDefault time to liveDefault types of PAC supported for servicesDefault types of supported user authenticationDefault user authentication typesDefault user groupDefault user objectclassesDefault user objectclasses (comma-separated list)Default users groupDefines a whitelist for Authentication Indicators. Use 'otp' to allow OTP-based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA authentications. Other values may be used for custom configurations.DelegationDelegation nameDelegationsDeleteDelete %(name)s '%(value)s'?Delete ACI.Delete DNS forward zone.Delete DNS record entry.Delete DNS resource record.Delete DNS zone (SOA record).Delete IPA server.Delete Key, UnprovisionDelete ServerDelete Sudo Command Group.Delete Sudo Command.Delete Sudo Rule.Delete a CA ACL.Delete a CA.Delete a Certificate Profile.Delete a DNS serverDelete a RADIUS proxy server.Delete a SELinux User Map.Delete a delegation.Delete a group password policy.Delete a host.Delete a hostgroup.Delete a netgroup.Delete a permission.Delete a privilege.Delete a role.Delete a segment.Delete a self-service permission.Delete a stage user.Delete a topology suffix.Delete a trust.Delete a userDelete a user, keeping the entry available for future useDelete a user.Delete a vault container.Delete a vault.Delete all associated recordsDelete all?Delete an Group ID override.Delete an HBAC rule.Delete an HBAC service group.Delete an ID View.Delete an ID override.Delete an ID range.Delete an IPA location.Delete an IPA service.Delete an OTP token.Delete an User ID override.Delete an automember rule.Delete an automount key.Delete an automount location.Delete an automount map.Delete an existing HBAC service.Delete domainDelete group.Delete modeDelete service delegation target.Delete service delegation.Deleted ACI "%(value)s"Deleted CA "%(value)s"Deleted CA ACL "%(value)s"Deleted DNS forward zone "%(value)s"Deleted DNS server "%(value)s"Deleted DNS zone "%(value)s"Deleted Group ID override "%(value)s"Deleted HBAC rule "%(value)s"Deleted HBAC service "%(value)s"Deleted HBAC service group "%(value)s"Deleted ID View "%(value)s"Deleted ID override "%(value)s"Deleted ID range "%(value)s"Deleted IPA location "%(value)s"Deleted IPA server "%(value)s"Deleted OTP token "%(value)s"Deleted RADIUS proxy server "%(value)s"Deleted SELinux User Map "%(value)s"Deleted Sudo Command "%(value)s"Deleted Sudo Command Group "%(value)s"Deleted Sudo Rule "%(value)s"Deleted User ID override "%(value)s"Deleted automember rule "%(value)s"Deleted automount key "%(value)s"Deleted automount location "%(value)s"Deleted automount map "%(value)s"Deleted delegation "%(value)s"Deleted group "%(value)s"Deleted host "%(value)s"Deleted hostgroup "%(value)s"Deleted netgroup "%(value)s"Deleted permission "%(value)s"Deleted privilege "%(value)s"Deleted profile "%(value)s"Deleted record "%(value)s"Deleted role "%(value)s"Deleted segment "%(value)s"Deleted selfservice "%(value)s"Deleted service "%(value)s"Deleted service delegation "%(value)s"Deleted service delegation target "%(value)s"Deleted stage user "%(value)s"Deleted topology suffix "%(value)s"Deleted trust "%(value)s"Deleted user "%(value)s"Deleted vault "%(value)s"Deleted vault containerDeleting a managed group is not allowed. It must be detached first.Deleting a server removes it permanently from the topology. Note that this is a non-reversible action.Deleting this server is not allowed as it would leave your installation without a CA.Deleting this server will leave your installation without a DNS.DenyDepartment NumberDeprecated optionsDeprecated; use %sDeprecated; use extratargetfilterDescriptionDescription of the purpose of the CADetached group "%(value)s" from user "%(value)s"DetectDetermine whether Schema Compatibility plugin is configured to serve trusted domain users and groupsDetermine whether ipa-adtrust-install has been run on this systemDict of I18N messagesDict of JSON encoded IPA CommandsDict of JSON encoded IPA MethodsDict of JSON encoded IPA ObjectsDigestDigest TypeDigitsDirectDirect MembershipDirection LatitudeDirection LongitudeDisableDisable DNS Forward Zone.Disable DNS Zone.Disable a CA ACL.Disable a CA.Disable a Sudo Rule.Disable a user account.Disable an HBAC rule.Disable an SELinux User Map rule.Disable per-user overrideDisable the Kerberos key and SSL certificate of a service.Disable the Kerberos key, SSL certificate and all services of a host.Disable tokenDisable use of IPA resources by the domain of the trustDisabledDisabled CA "%(value)s"Disabled CA ACL "%(value)s"Disabled DNS forward zone "%(value)s"Disabled DNS zone "%(value)s"Disabled HBAC rule "%(value)s"Disabled SELinux User Map "%(value)s"Disabled Sudo Rule "%s"Disabled host "%(value)s"Disabled service "%(value)s"Disabled trust domain "%(value)s"Disabled user account "%(value)s"Disallow ${other_entity} to create keytab of ${primary_key}Disallow ${other_entity} to retrieve keytab of ${primary_key}Disallow users, groups, hosts or host groups to create a keytab of this host.Disallow users, groups, hosts or host groups to create a keytab of this service.Disallow users, groups, hosts or host groups to retrieve a keytab of this host.Disallow users, groups, hosts or host groups to retrieve a keytab of this service.Display DNS resource.Display Sudo Command Group.Display Sudo Command.Display Sudo Rule.Display a segment.Display a single ACI given an ACI name.Display an automount key.Display an automount location.Display an automount map.Display configuration of a DNS server.Display current entitlements.Display effective policy for a specific userDisplay information about a DNS forward zone.Display information about a DNS zone (SOA record).Display information about a RADIUS proxy server.Display information about a class.Display information about a command output.Display information about a command parameter.Display information about a command.Display information about a delegation.Display information about a help topic.Display information about a host.Display information about a hostgroup.Display information about a named group.Display information about a named service delegation rule.Display information about a named service delegation target.Display information about a netgroup.Display information about a permission.Display information about a privilege.Display information about a range.Display information about a role.Display information about a self-service permission.Display information about a stage user.Display information about a trust.Display information about a user.Display information about a vault container.Display information about a vault.Display information about an Group ID override.Display information about an HBAC service group.Display information about an HBAC service.Display information about an ID View.Display information about an ID override.Display information about an IPA location.Display information about an IPA service.Display information about an OTP token.Display information about an User ID override.Display information about an automember rule.Display information about password policy.Display information about the default (fallback) automember groups.Display nameDisplay the access rights of this entry (requires --all). See ipa man page for details.Display the current Kerberos ticket policy.Display the list of realm domains.Display the properties of a CA ACL.Display the properties of a CA.Display the properties of a Certificate Profile.Display the properties of a SELinux User Map rule.Display the properties of an HBAC rule.Display user record for current Kerberos principalDo not display QR codeDo not update records only return expected recordsDo you also want to perform DNS check?Do you want to check if new authoritative nameserver address is in DNSDo you want to remove kerberos alias ${alias}?Do you want to remove the certificate hold?Do you want to revoke this certificate? Select a reason from the pull-down list.Do you want to update system DNS records?DocumentationDogtag Authority IDDomainDomain '%(domain)s' is not a root domain for forest '%(forest)s'Domain GUIDDomain LevelDomain Level cannot be lowered.Domain Level cannot be raised to {0}, server {1} does not support it.Domain NetBIOS nameDomain SIDDomain SID of the trusted domainDomain Security IdentifierDomain controller for the Active Directory domain (optional)Domain enabledDomain nameDon't create user private groupDownloadDownload certificate as PEM formatted file.Duplicate keys skipped:Duplicate maps skipped:Dynamic updateEditEdit ${entity}Effective attributesEmail addressEmployee InformationEmployee NumberEmployee TypeEnableEnable DNS Forward Zone.Enable DNS Zone.Enable a CA ACL.Enable a CA.Enable a Sudo Rule.Enable a user account.Enable an HBAC rule.Enable an SELinux User Map rule.Enable migration modeEnable or Disable Anonymous PKINIT.Enable tokenEnabledEnabled CA "%(value)s"Enabled CA ACL "%(value)s"Enabled DNS forward zone "%(value)s"Enabled DNS zone "%(value)s"Enabled HBAC rule "%(value)s"Enabled SELinux User Map "%(value)s"Enabled Sudo Rule "%s"Enabled server rolesEnabled trust domain "%(value)s"Enabled user account "%(value)s"Encryption types to requestEnctype comparison failed! EnrolledEnrollmentEnrollment UUIDEnrollment UUID (not implemented)Enrollment failed. %s Enter %(label)s again to verify: Enter trusted group name.Enter trusted or IPA group name. Note: search doesn't list groups from trusted domains.Enter trusted or IPA user login. Note: search doesn't list users from trusted domains.Enter trusted user login.EntryEntry %s does not existEntry %s not foundEntry RDN is not 'uid'Entry has no '%(attribute)s'Enumerate all the hosts the view applies to.ErrorError changing account statusError getting default Kerberos realm: %s. Error obtaining initial credentials: %s. Error parsing "%1$s": %2$s. Error resolving keytab: %s. Error storing creds in credential cache: %s. Establish bi-directional trust. By default trust is inbound one-way only.Establish external trust to a domain in another forest. The trust is not transitive beyond the domain.Establish usingEstablished and verifiedExchangerExclude fromExcluded attributesExclusiveExclusive RegexExpand AllExpires OnExport plugin meta-data for the webUI.ExpressionExternalExternal Group the commands can run as (sudorule-find only)External Groups of RunAs UsersExternal Groups of users that the command can run asExternal UserExternal User the commands can run as (sudorule-find only)External User the rule applies to (sudorule-find only)External hostExternal memberExternal trustExtra target filterFailed RunAsFailed RunAsGroupFailed allowed to create keytabFailed allowed to retrieve keytabFailed hosts/hostgroupsFailed loginsFailed membersFailed ownersFailed profilesFailed service/service groupsFailed source hosts/hostgroupsFailed targetsFailed to addFailed to add key to the keytab Failed to add user to the default group. Use 'ipa group-add-member' to add manually.Failed to authenticate to CA REST APIFailed to bind to server! Failed to clean memberPrincipal %(principal)s from s4u2proxy entry %(dn)s: %(err)sFailed to clean up Custodia keys for %(master)s: %(err)sFailed to clean up DNA hostname entries for %(master)s: %(err)sFailed to cleanup %(hostname)s DNS entries: %(err)sFailed to cleanup server principals/keys: %(err)sFailed to close the keytab Failed to create control! Failed to create key material Failed to create key! Failed to create random key! Failed to decode control reply! Failed to get keytab Failed to get keytab! Failed to get result: %s Failed to open Keytab Failed to open config file %s Failed to open keytab Failed to open keytab '%1$s': %2$s Failed to parse config file %s Failed to parse extended result: %s Failed to parse result: %s Failed to removeFailed to remove server %(master)s from server list: %(err)sFailed to retrieve any keysFailed to retrieve encryption type %1$s (#%2$d) Failed to retrieve encryption type type #%d Failed users/groupsFailure decoding Certificate Signing Request: %sFailure reset intervalFallback primary groupFallback to AD DC LDAPFalse if migration fails because the compatibility plug-in is enabled.False if migration mode was disabled.Fax NumberFetch domainsFetching DNS zones.Fetching domains from trusted forest failed. See details in the error_logFile %(file)s not foundFile containing profile configurationFile containing the new vault passwordFile containing the new vault public keyFile containing the old vault passwordFile containing the old vault private keyFile containing the vault passwordFile containing the vault private keyFile containing the vault public keyFile to load the certificate from.File to store retrieved dataFile to store the certificate in.File were to store the keytab informationFilename is emptyFilename of a raw profile. The XML format is not supported.FilterFilter available ${other_entity}FindFind a server role on a server(s)FingerprintFingerprint (SHA1)Fingerprint TypeFingerprint of schema cached by clientFingerprintsFirstFirst CodeFirst OTPFirst Posix ID of the rangeFirst Posix ID of the range reserved for the trusted domainFirst RID of the corresponding RID rangeFirst RID of the secondary RID rangeFirst date/time the token can be usedFirst nameFlagsFollowing segments were not deleted:ForceForce DNS zone creation even if it will overlap with an existing zone.Force DNS zone creation even if nameserver is not resolvable.Force DNS zone creation even if nameserver is not resolvable. (Deprecated)Force UpdateForce adding domain even if not in DNSForce nameserver change even if nameserver not in DNSForce server removalForce server removal even if it does not existForce the host join. Rejoin even if already joined.Forcing removal of %(hostname)sFormat errorForward policyForward policy is defined for it in IPA DNS, perhaps forwarder points to incorrect host?Forward to server instead of running locallyForward zones onlyForwardersForwarding disabledFound '%(value)s'Full nameFully Qualified Host NameGECOS fieldGIDGID (use this option to set it manually)GeneralGenerate OTPGenerate a random password to be used in bulk enrollmentGenerate a random user passwordGenerate automount files for a specific location.Generated OTPGetGet CertificateGlobal DNS configuration is emptyGlobal Trust ConfigurationGlobal forwardersGlobal forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"Global forwarding policy. Set to "none" to disable any configured global forwarders.Granted rightsGranted to PrivilegeGranting privilege to rolesGroupGroup '%s' does not existGroup ID NumberGroup ID overrideGroup ID overridesGroup OptionsGroup SettingsGroup TypeGroup containerGroup descriptionGroup nameGroup object classGroup object overridesGroup search fieldsGroup to overrideGrouping TypeGrouping to which the rule appliesGroupsGroups allowed to create keytabGroups allowed to retrieve keytabGroups of RunAs UsersHBAC RuleHBAC Rule that defines the users, groups and hostgroupsHBAC RulesHBAC ServiceHBAC Service GroupHBAC Service GroupsHBAC ServicesHBAC TestHBAC ruleHBAC rule %(rule)s not foundHBAC rule and local members cannot both be setHBAC rulesHBAC serviceHBAC service descriptionHBAC service groupHBAC service group descriptionHBAC service groupsHBAC service groups to addHBAC service groups to removeHBAC servicesHBAC services to addHBAC services to removeHIP recordHOTP Authentication WindowHOTP Synchronization WindowHTTP ErrorHardware MAC address(es) on this hostHardware platform of the host (e.g. Lenovo T61)Help topicHideHide detailsHide details which rules are matched, not matched, or invalidHistory sizeHome directoryHome directory baseHorizontal PrecisionHostHost '%(host)s' not foundHost '%(hostname)s' does not have corresponding DNS A/AAAA recordHost CertificateHost GroupHost Group SettingsHost GroupsHost Groups allowed to create keytabHost Groups allowed to retrieve keytabHost NameHost SettingsHost categoryHost category (semantics placed on this attribute are for local interpretation)Host category the ACL applies toHost category the rule applies toHost group ruleHost group rulesHost hardware platform (e.g. "Lenovo T61")Host is already joined. Host is not supportedHost locality (e.g. "Baltimore, MD")Host location (e.g. "Lab 2")Host nameHost operating system and version (e.g. "Fedora 9")Host unprovisionedHost-based access control commandsHost-groupHostgroups to whose hosts apply the ID View to. Please note that view is not applied automatically to any hosts added to the hostgroup after running the idview-apply command.HostnameHostname (FQDN)Hostname of this serverHostsHosts allowed to create keytabHosts allowed to retrieve keytabHosts or hostgroups that ID View could not be cleared from.Hosts or hostgroups that this ID View could not be applied to.Hosts that this ID View was applied to.Hosts the view applies toHosts to apply the ID View toHow long should negative responses be cachedID RangeID RangesID ViewID View NameID View already appliedID View applied to %i host.ID View applied to %i hosts.ID View cleared from %i host.ID View cleared from %i hosts.ID ViewsID overrideID overrides cannot be renamedID range for the trusted domain already exists, but it has a different type. Please remove the old range manually, or do not enforce type via --range-type option.ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-localID range type, one of {vals}ID range with the same name but different domain SID already exists. The ID range for the new trusted domain must be created manually.IP AddressIP address %(ip)s is already assigned in domain %(domain)s.IP network to create reverse zone name fromIPA AD trust agentsIPA AD trust controllersIPA CA cannot be deletedIPA CA cannot be disabledIPA CA renewal masterIPA CA serversIPA DNS recordsIPA DNS serversIPA DNS versionIPA DNSSec key masterIPA ErrorIPA KRA serversIPA LocationIPA Location descriptionIPA LocationsIPA NTP serversIPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of the trusted domain is specifiedIPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when SID of the trusted domain is not specified.IPA ServerIPA Server RoleIPA Server RolesIPA Server to useIPA ServersIPA does not manage the zone %(zone)s, please add records to your DNS server manuallyIPA location nameIPA location recordsIPA master denied trust validation requests from AD DC %(count)d times. Most likely AD DC contacted a replica that has no trust information replicated yet. Additionally, please check that AD DNS is able to resolve %(records)s SRV records to the correct IPA server.IPA mastersIPA namingContext not found IPA objectIPA role nameIPA server configured as DNSSec key masterIPA server domain cannot be deletedIPA server domain cannot be omittedIPA server hostnameIPA server role nameIPA servers configured as AD trust agentsIPA servers configured as AD trust controllersIPA servers configured as certificate authorityIPA servers configured as key recovery agentsIPA servers with enabled NTPIPA trustIPA unique IDIPSECKEY recordIdentityIdentity SettingsIf no CAs are specified, requests to the default CA are allowed.If the problem persists please contact the system administrator.Ignore check for last remaining CA or DNS serverIgnore compat pluginIgnore group attributeIgnore group object classIgnore topology connectivity problems after removalIgnore topology errorsIgnore user attributeIgnore user object classIgnored %(src)s to %(dst)sIgnored keys:Ignoring these warnings and proceeding with removalIgnoring topology connectivity errors.Import a Certificate Profile.Import an entitlement certificate.Import automount files for a specific location.Imported keys:Imported maps:Imported profile "%(value)s"Include DisabledInclude EnabledInclude all disabled IPA rules into testInclude all enabled IPA rules into test [default]Include inIncluded attributesInclusiveInclusive RegexIncompatible options provided (-r and -P) IndirectIndirect Member HBAC serviceIndirect Member HBAC service groupIndirect Member groupsIndirect Member host-groupsIndirect Member hostsIndirect Member netgroupsIndirect Member of HBAC ruleIndirect Member of Sudo ruleIndirect Member of groupIndirect Member of host-groupIndirect Member of netgroupIndirect Member of roleIndirect Member of rolesIndirect Member permissionsIndirect Member usersIndirect MembershipInherited from server configurationInitial counter for the HOTP tokenInitialize left nodeInitialize right nodeInitialsInput data specified multiple timesInput filenameInput form contains invalid or missing values.Insufficient 'add' privilege for entry '%s'.Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry '%s'.Insufficient 'write' privilege to the 'userCertificate' attribute of entry '%s'.Insufficient access: %(info)sInsufficient privilege to create a certificate with subject alt name '%s'.Internal ErrorInvalid JSON-RPC request: %(error)sInvalid LDAP URI.Invalid MCS value, must match c[0-1023].c[0-1023] and/or c[0-1023]-c[0-c0123]Invalid MLS value, must match s[0-15](-s[0-15])Invalid Service Principal Name Invalid credentialsInvalid format. Should be name=valueInvalid number of parts!Invalid or unsupported type. Allowed values are: %sInvalid or unsupported vault public key: %sInvalid vault typeIs zone active?IssueIssue New CertificateIssue New Certificate for ${entity} ${primary_key}Issued ByIssued OnIssued ToIssued on fromIssued on toIssuerIssuer DNIssuer Distinguished NameIssuing CAIt is used only for setting the SOA MNAME attribute.Job TitleJoin an IPA domainKEY AlgorithmKEY FlagsKEY ProtocolKEY Public KeyKEY recordKRA service is not enabledKX ExchangerKX PreferenceKX recordKerberos Credential Cache not found. Do you have a Kerberos Ticket? Kerberos KeyKerberos Key Not PresentKerberos Key Present, Host ProvisionedKerberos Key Present, Service ProvisionedKerberos Service Principal NameKerberos Ticket PolicyKerberos User Principal not found. Do you have a valid Credential Cache? Kerberos context initialization failed Kerberos context initialization failed: %1$s (%2$d) Kerberos error: %(major)s/%(minor)sKerberos keys availableKerberos principalKerberos principal %s already exists. Use 'ipa user-mod' to set it manually.Kerberos principal expirationKerberos principal name for this hostKeyKey CompromiseKey TagKeytab File NameKeytab successfully retrieved and stored in: %s LDAP URILDAP passwordLDAP password (if not using Kerberos)LDAP schemaLDAP search scope for users and groups: base, onelevel, or subtree. Defaults to onelevelLDAP suffix to be managedLDAP timeoutLOC AltitudeLOC Direction LatitudeLOC Direction LongitudeLOC Horizontal PrecisionLOC Minutes LatitudeLOC Minutes LongitudeLOC Seconds LatitudeLOC Seconds LongitudeLOC SizeLOC Vertical PrecisionLOC recordLabelLabelsLastLast date/time the token can be usedLast failed authenticationLast nameLast successful authenticationLeading and trailing spaces are not allowedLeft nodeLeft replication node - an IPA serverLegal LDAP filter (e.g. ou=Engineering)Length of TOTP token code validityLevelList all service vaultsList all user vaultsList of IPA masters configured as DNS serversList of all IPA mastersList of deletions that failedList of enabled rolesList of servers which advertise the given locationList of trust domains successfully refreshed. Use trustdomain-find command to list them.Lists of objects migrated; categorized by type.Lists of objects that could not be migrated; categorized by type.Load CA certificate of LDAP server from FILELocal domainLocalityLocationLocation nameLocation of the ACILockout durationLogged In AsLoginLogin shellLogoutLogout errorLower number means higher priority. Clients will attempt to contact the URI with the lowest-numbered priority they can reach.Lower number means higher priority. Clients will attempt to contact the server with the lowest-numbered priority they can reach.MAC addressMX ExchangerMX PreferenceMX recordMailing AddressMalformed principal: '%(value)s'Manage password policy for specific groupManage ticket policy for specific userManaged LDAP suffix DNManaged suffixManaged suffixesManaged topology requires minimal domain level ${domainlevel}ManagerManagingMapMap TypeMark the token as disabled (default: false)Master fileMatchedMatched rulesMatching TypeMax domain levelMax failuresMax lifeMax lifetime (days)Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)Maximum domain levelMaximum number of certs returnedMaximum number of entries returnedMaximum number of entries returned (0 is unlimited)Maximum number of records to search (-1 is unlimited)Maximum number of records to search (-1 or 0 is unlimited)Maximum number of rules to process when no --rules is specifiedMaximum password life must be greater than minimum.Maximum password lifetime (in days)Maximum serial numberMaximum ticket life (seconds)Maximum username lengthMaximum value is ${value}May not be emptyMember GroupMember HBAC serviceMember HBAC service groupsMember HostMember HostgroupMember Sudo commandsMember UserMember groupsMember host-groupsMember hostsMember netgroupsMember ofMember of HBAC ruleMember of HBAC service groupsMember of Sudo ruleMember of a groupMember of groupMember of groupsMember of host-groupsMember of netgroupsMember principalsMember service groupsMember servicesMember usersMembers of a trusted domain in DOM\name or name@domain formMembers that could not be addedMembers that could not be removedMethod nameMethod ofMigrate users and groups from DS to IPA.Migration mode is disabled. Use 'ipa config-mod --enable-migration=TRUE' to enable it.Migration of LDAP search reference is not supported.Min domain levelMin lengthMin lifetime (hours)Minimum domain levelMinimum length of passwordMinimum number of character classesMinimum password lifetime (in hours)Minimum serial numberMinimum value is ${value}Minutes LatitudeMinutes LongitudeMisc. InformationMissing new vault public keyMissing or invalid HTTP Referer, %(referer)sMissing reply control list! Missing reply control! Missing values: Missing vault private keyMissing vault public keyMobile Telephone NumberModelModifiedModified "%(value)s" trust configurationModified ACI "%(value)s"Modified CA "%(value)s"Modified CA ACL "%(value)s"Modified Certificate Profile "%(value)s"Modified DNS server "%(value)s"Modified HBAC rule "%(value)s"Modified HBAC service "%(value)s"Modified HBAC service group "%(value)s"Modified ID range "%(value)s"Modified IPA location "%(value)s"Modified IPA server "%(value)s"Modified OTP token "%(value)s"Modified RADIUS proxy server "%(value)s"Modified SELinux User Map "%(value)s"Modified Sudo Command "%(value)s"Modified Sudo Command Group "%(value)s"Modified Sudo Rule "%(value)s"Modified an Group ID override "%(value)s"Modified an ID View "%(value)s"Modified an ID override "%(value)s"Modified an User ID override "%(value)s"Modified automember rule "%(value)s"Modified automount key "%(value)s"Modified automount map "%(value)s"Modified delegation "%(value)s"Modified group "%(value)s"Modified host "%(value)s"Modified hostgroup "%(value)s"Modified netgroup "%(value)s"Modified permission "%(value)s"Modified privilege "%(value)s"Modified role "%(value)s"Modified segment "%(value)s"Modified selfservice "%(value)s"Modified service "%(value)s"Modified stage user "%(value)s"Modified topology suffix "%(value)s"Modified trust "%(value)s" (change will be effective in 60 seconds)Modified user "%(value)s"Modified vault "%(value)s"Modified: key not setModify %(name)s '%(value)s'?Modify ACI.Modify CA configuration.Modify Certificate Profile configuration.Modify DNS forward zone.Modify DNS server configurationModify DNS zone (SOA record).Modify ID range.Modify ID range. {0} Modify Kerberos ticket policy.Modify OTP configuration options.Modify Sudo Command Group.Modify Sudo Command.Modify Sudo Rule.Modify a CA ACL.Modify a DNS resource record.Modify a OTP token.Modify a RADIUS proxy server.Modify a SELinux User Map.Modify a delegation.Modify a group password policy.Modify a group.Modify a hostgroup.Modify a netgroup.Modify a permission.Modify a privilege.Modify a role.Modify a segment.Modify a self-service permission.Modify a stage user.Modify a topology suffix.Modify a user.Modify a vault.Modify an Group ID override.Modify an HBAC rule.Modify an HBAC service group.Modify an HBAC service.Modify an ID View.Modify an ID override.Modify an User ID override.Modify an automember rule.Modify an automount key.Modify an automount map.Modify an existing IPA service.Modify configuration options.Modify global DNS configuration.Modify global trust configuration.Modify information about a host.Modify information about an IPA location.Modify information about an IPA server.Modify realm domains.Modify trustdomain of the trustMore than one entry with key %(key)s found, use --info to select specific entry.Mount informationMount pointMove deleted user into staged areaMulti-valueMust be a decimal numberMust be an UTC date/time value (e.g., "2014-01-20 17:58:01Z")Must be an integerNAPTR FlagsNAPTR OrderNAPTR PreferenceNAPTR Regular ExpressionNAPTR ReplacementNAPTR ServiceNAPTR recordNIS domain nameNONE value cannot be combined with other PAC typesNS HostnameNS recordNS record is not allowed to coexist with an %(type)s record except when located in a zone root record (RFC 2181, section 6.1)NS record(s) can be edited in zone apex - '@'. NSEC Next Domain NameNSEC Type MapNSEC recordNSEC3 recordNSEC3PARAM recordNSEC3PARAM record for zone in format: hash_algorithm flags iterations saltNameName of command to exportName of host-groupName of issuing CAName of method to exportName of object to exportName of parent automount map (default: auto.master).Name of the trusted domainNameserver '%(host)s' does not have a corresponding A/AAAA recordNameserver for reverse zone cannot be a relative DNS nameNeither --del-all nor options to delete a specific record provided. Command help may be consulted for all supported record types.Nested Methods to executeNetBIOS nameNetgroupNetgroup SettingsNetgroup descriptionNetgroup nameNetgroupsNetwork ServicesNew ACI nameNew CertificateNew PasswordNew Principal PasswordNew TestNew kerberos principal aliasNew mount informationNew password is requiredNew public key specified multiple timesNew vault passwordNew: key not setNew: key setNextNext Domain NameNo A, AAAA, SSHFP or PTR records found.No Common Name was found in subject of request.No DNS servers in IPA location %(location)s. Without DNS servers location is not working as expected.No DNSSEC key master is installed. DNSSEC zone signing will not work until the DNSSEC key master is installed.No Valid CertificateNo archived data.No credentials cache foundNo default (fallback) group setNo entries.No file to readNo free YubiKey slot!No keys accepted by KDC No matching entries foundNo option to delete specific record provided.No option to modify specific record provided.No permission to join this host to the IPA domain. No private groupNo responseNo such attribute on this entryNo such virtual commandNo system preferred enctypes ?! No trusted domain is not configuredNo values for %sNo waitNo write permissions on keytab file '%s' Non-2xx response from CA REST API: %(status)d. %(explanation)sNon-Active Directory domainNon-POSIXNon-existent or invalid rulesNon-transitive external trust to a domain in another Active Directory forestNonceNot AfterNot BeforeNot a managed groupNot a valid IP addressNot a valid IPv4 addressNot a valid IPv6 addressNot a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)Not allowed on non-leaf entryNot enough arguments specified to perform trust setupNot matched rulesNot registered yetNoteNumber of IDs in the rangeNumber of conditions addedNumber of conditions removedNumber of days's notice of impending password expirationNumber of digits each token code will haveNumber of entries returnedNumber of hosts that had a ID View was unset:Number of hosts the ID View was applied to:Number of members addedNumber of members removedNumber of owners addedNumber of owners removedNumber of permissions addedNumber of permissions removedNumber of plugins loadedNumber of privileges addedNumber of privileges removedNumber of seconds outbound LDAP operations waits for a response from the remote replica before timing out and failingNumber of variables returned (<= total)OTPOTP ConfigurationOTP TokenOTP Token SettingsOTP TokensOTP configuration optionsOTP setOTP tokenOTP tokensObjectclasses to be ignored for group entries in DSObjectclasses to be ignored for user entries in DSObjectclasses used to search for group entries in DSObjectclasses used to search for user entries in DSOld vault passwordOld vault private keyOne Time PasswordOne of group, permission or self is requiredOne time password commandsOne-Time-PasswordOne-Time-Password Not PresentOne-Time-Password PresentOnly one value is allowedOnly one zone type is allowed per zone nameOnly the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-type when adding an AD trust.Operating System and version of the host (e.g. Fedora 9)Operating systemOperation failed: %s Operations ErrorOption addedOption groupOption rid-base must not be used when IPA range type is ipa-ad-trust-posixOptionsOptions dom-sid and dom-name cannot be used togetherOptions dom-sid and rid-base must be used togetherOptions dom-sid and secondary-rid-base cannot be used togetherOptions dom-sid/dom-name and rid-base must be used togetherOptions dom-sid/dom-name and secondary-rid-base cannot be used togetherOptions secondary-rid-base and rid-base must be used togetherOrderOrder in increasing priority of SELinux users, delimited by $Org. UnitOrganizationOrganizational UnitOrigin DN subtreeOriginal TTLOther Record TypesOur domain is not configuredOut of Memory! Out of memory Out of memory Out of memory!Out of memory! Out of memory!? Output filenameOutput only on errorsOverride default list of supported PAC types. Use 'NONE' to disable PAC support for this serviceOverride default list of supported PAC types. Use 'NONE' to disable PAC support for this service, e.g. this might be necessary for NFS services.Override existing passwordOverride inherited settingsOverwrite GIDOwnerOwner %sOwner groupsOwner servicesOwner usersOwners that could not be addedOwners that could not be removedPAC typePTR HostnamePTR recordPagePager NumberParametersParent mapParse all raw DNS records and return them in a structured wayParse errorPasswordPassword Expiration Notification (days)Password PoliciesPassword PolicyPassword cannot be set on enrolled host.Password change completePassword expirationPassword history sizePassword or Password+One-Time-PasswordPassword plugin featuresPassword reset was not successful.Password specified multiple timesPassword used in bulk enrollmentPasswords do not matchPasswords do not match!Passwords have been migrated in pre-hashed format. IPA is unable to generate Kerberos keys unless provided with clear text passwords. All migrated users need to login at https://your.domain/ipa/migration/ before they can use their Kerberos accounts.Passwords must matchPer-server conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.Per-server forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"Period after which failure count will be reset (seconds)Period for which lockout is enforced (seconds)PermissionPermission ACI grants access toPermission denied: %(file)sPermission flagsPermission namePermission settingsPermission typePermission valuePermission with unknown flag %s may not be modified or removedPermissionsPermissions to grant (read, write). Default is write.Permissions to grant(read, write, add, delete, all)Permitted Encryption TypesPermitted to have certificates issuedPing a remote server.PlatformPlease choose a type of DNS resource record to be addedPlease specify forwarders.Please try the following options:PolicyPortPositional argumentPositional argumentsPre-authentication is required for the servicePre-shared passwordPredefined profile '%(profile_id)s' cannot be deletedPreferencePreference given to this exchanger. Lower values are more preferredPreferred LanguagePrefix used to distinguish ACI types (permission, delegation, selfservice, none)Preserved userPreserved usersPrevPrimary RID basePrimary RID range and secondary RID range cannot overlapPrimary key onlyPrincipalPrincipal %(principal)s cannot be authenticated: %(message)sPrincipal '%(principal)s' is not permitted to use CA '%(ca)s' with profile '%(profile_id)s' for certificate issuance.Principal '%s' in subject alt name does not match requested principalPrincipal aliasPrincipal for this certificate (e.g. HTTP/test.example.com)Principal is not of the form user@REALM: '%(principal)s'Principal namePrint as little as possiblePrint debugging informationPrint entries as stored on the server. Only affects output format.Print the raw XML-RPC output in GSSAPI modePriorityPriority (order)Priority of the policy (higher number means lower priorityPrivate key specified multiple timesPrivilegePrivilege SettingsPrivilege WithdrawnPrivilege descriptionPrivilege namePrivilegesProfile IDProfile ID '%(cli_value)s' does not match profile data '%(file_value)s'Profile ID for referring to this profileProfile categoryProfile category the ACL applies toProfile configurationProfile configuration stored in file '%(file)s'Profile descriptionProfilesPrompt to set the user passwordProspectiveProtocolPublic KeyPublic keyPublic key specified multiple timesQR code width is greater than that of the output tty. Please resize your terminal.QuantityQuery current Domain Level.Query returned more results than the configured size limit. Displaying the first ${counter} results.Quick LinksQuiet mode. Only errors are displayed.RADIUS Proxy Server SettingsRADIUS ServerRADIUS ServersRADIUS proxy configurationRADIUS proxy serverRADIUS proxy server nameRADIUS proxy serversRADIUS proxy usernameREST API is not logged in.RFC4120-compliant Kerberos realmRFC822Name does not match any of user's email addressesRP recordRPC command used to log the current user out of their session.RRSIG AlgorithmRRSIG Key TagRRSIG LabelsRRSIG Original TTLRRSIG SignatureRRSIG Signature ExpirationRRSIG Signature InceptionRRSIG Signer's NameRRSIG Type CoveredRRSIG recordRandom passwordRange SettingsRange nameRange sizeRange typeRaw %s recordsRaw A recordsRaw A6 recordsRaw AAAA recordsRaw AFSDB recordsRaw APL recordsRaw CERT recordsRaw CNAME recordsRaw DHCID recordsRaw DLV recordsRaw DNAME recordsRaw DNSKEY recordsRaw DS recordsRaw HIP recordsRaw IPSECKEY recordsRaw KEY recordsRaw KX recordsRaw LOC recordsRaw MX recordsRaw NAPTR recordsRaw NS recordsRaw NSEC recordsRaw NSEC3 recordsRaw PTR recordsRaw RP recordsRaw RRSIG recordsRaw SIG recordsRaw SPF recordsRaw SRV recordsRaw SSHFP recordsRaw TA recordsRaw TKEY recordsRaw TLSA recordsRaw TSIG recordsRaw TXT recordsRaw target filterRaw value of a DNS record was already set by "%(name)s" optionRe-established trust to domain "%(value)s"Re-sync the local entitlement cache with the entitlement server.Realm DomainsRealm administrator password should be specifiedRealm domainsRealm nameRealm-domain mismatchReasonReason for RevocationReason for revoking the certificate (0-10)Reason for revoking the certificate (0-10). Type "ipa help cert" for revocation reason details. Rebuild auto membershipRecord TypeRecord creation failed.Record dataRecord nameRecord not found.Record typeRecordsRecords for DNS ZoneRedirectionRedirection to PTR recordRefreshRefresh list of the domains associated with the trustRefresh the page.Registration passwordRegular ExpressionRelative record name '%(record)s' contains the zone name '%(zone)s' as a suffix, which results in FQDN '%(fqdn)s'. This is usually a mistake caused by a missing dot at the end of the name specification.Relative weight for entries with the same priority.Reload current settings from the server.Reload the browser.Remote IPA server hostnameRemote server nameRemove ${entity}Remove ${entity} ${primary_key} from ${other_entity}Remove ${other_entity} Managing ${entity} ${primary_key}Remove ${other_entity} from ${entity} ${primary_key}Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNSRemove Allow ${other_entity} from ${entity} ${primary_key}Remove CAs from a CA ACL.Remove Certificate HoldRemove Certificate Hold for ${entity} ${primary_key}Remove Deny ${other_entity} from ${entity} ${primary_key}Remove HoldRemove Kerberos AliasRemove PermissionRemove RunAs ${other_entity} from ${entity} ${primary_key}Remove RunAs Groups from ${entity} ${primary_key}Remove a manager to the stage user entryRemove a manager to the user entryRemove a permission for per-forward zone access delegation.Remove a permission for per-zone access delegation.Remove all principals in this realmRemove an option from Sudo Rule.Remove certificates from a serviceRemove certificates from host entryRemove commands and sudo command groups affected by Sudo Rule.Remove conditions from an automember rule.Remove default (fallback) group for all unmatched entries.Remove entries from DNSRemove from CRLRemove holdRemove hosts and hostgroups affected by Sudo Rule.Remove hosts that can manage this host.Remove hosts that can manage this service.Remove information about the domain associated with the trust.Remove member from a named service delegation rule.Remove member from a named service delegation target.Remove member from a named service delegation.Remove members from Sudo Command Group.Remove members from a group.Remove members from a hostgroup.Remove members from a netgroup.Remove members from a permission.Remove members from a privilegeRemove members from a role.Remove members from a vault.Remove members from an HBAC service group.Remove one or more certificates to the idoverrideuser entryRemove one or more certificates to the user entryRemove owners from a vault container.Remove owners from a vault.Remove permissions from a privilege.Remove principal alias from a host entryRemove principal alias from a serviceRemove principal alias from the user entryRemove privileges from a role.Remove profiles from a CA ACL.Remove service and service groups from an HBAC rule.Remove services from a CA ACL.Remove source hosts and hostgroups from an HBAC rule.Remove target from a named service delegation rule.Remove target hosts and hostgroups from a CA ACL.Remove target hosts and hostgroups from an HBAC rule.Remove target hosts and hostgroups from an SELinux User Map rule.Remove users and groups affected by Sudo Rule.Remove users and groups from a CA ACL.Remove users and groups from an HBAC rule.Remove users and groups from an SELinux User Map rule.Remove users that can manage this token.Removed aliases from host "%(value)s"Removed aliases from user "%(value)s"Removed aliases to the service principal "%(value)s"Removed certificates from host "%(value)s"Removed certificates from idoverrideuser "%(value)s"Removed certificates from service principal "%(value)s"Removed certificates from user "%(value)s"Removed condition(s) from "%(value)s"Removed default (fallback) group for automember "%(value)s"Removed information about the trusted domain "%(value)s"Removed option "%(option)s" from Sudo Rule "%(rule)s"Removed system permission "%(value)s"Removing %(servers)s from replication topology, please wait...Removing principal %s RenameRename an ACI.Rename the %(ldap_obj_name)s objectRename the DNS resource record objectRename the Group ID override objectRename the ID View objectRename the OTP token objectRename the RADIUS proxy server objectRename the User ID override objectRename the automount key objectRename the group objectRename the permission objectRename the privilege objectRename the role objectRename the stage user objectRename the user objectRenamed ACI to "%(value)s"Renewal master for IPA certificate authorityReplacementReplica is active DNSSEC key master. Uninstall could break your DNS system. Please disable or replace DNSSEC key master first.Replication agreement enabledReplication configurationReplication refresh for segment: "%(pkey)s" requested.Replication topology of suffix "%(suffix)s" contains errors.Replication topology of suffix "%(suffix)s" is in order.Request a full re-initialization of the node retrieving data from the other node.Request failed with status %(status)s: %(reason)sRequest idRequest is missing "method"Request is missing "params"Request must be a dictRequest statusRequiredRequired fieldRequires pre-authenticationResetReset Kerberos ticket policy to the default values.Reset OTPReset One-Time-PasswordReset PasswordReset Password and LoginReset your password.Resolve a host name in DNS.Resolve a host name in DNS. (Deprecated)Resolve security identifiers of users and groups in trusted domainsResponse from CA was not valid JSONRestoreResultResult of simulationResult of the commandResults are truncated, try a more specific searchResults should contain primary key attribute only ("%s")Results should contain primary key attribute only ("anchor")Results should contain primary key attribute only ("certificate")Results should contain primary key attribute only ("cn")Results should contain primary key attribute only ("command")Results should contain primary key attribute only ("delegation-name")Results should contain primary key attribute only ("domain")Results should contain primary key attribute only ("group")Results should contain primary key attribute only ("group-name")Results should contain primary key attribute only ("hostgroup-name")Results should contain primary key attribute only ("hostname")Results should contain primary key attribute only ("id")Results should contain primary key attribute only ("location")Results should contain primary key attribute only ("login")Results should contain primary key attribute only ("map")Results should contain primary key attribute only ("name")Results should contain primary key attribute only ("principal")Results should contain primary key attribute only ("realm")Results should contain primary key attribute only ("service")Results should contain primary key attribute only ("sudocmdgroup-name")Results should contain primary key attribute only ("sudorule-name")RetriesRetrieve a data from a vault.Retrieve an existing certificate.Retrieve and print all attributes from the server. Affects command output.Retrieve current keys without changing themRetrieve the entitlement certs.Retrieved data from vault "%(value)s"Retrieving CA cert chain failed: %sRetrieving CA status failed with status %dRetrieving CA status failed: %sRetryRetrying with pre-4.0 keytab retrieval method... Return to the main page and retry the operationReverse record for IP address %(ip)s already exists in reverse zone %(zone)s.Reverse zone %(name)s requires exactly %(count)d IP address components, %(user_count)d givenReverse zone IP networkReverse zone for PTR record should be a sub-zone of one the following fully qualified domains: %sRevertRevocation reasonRevokeRevoke CertificateRevoke Certificate for ${entity} ${primary_key}Revoke a certificate.RevokedRevoked on fromRevoked on toRight nodeRight replication node - an IPA serverRightsRights to grant (read, search, compare, write, add, delete, all)RoleRole SettingsRole nameRole statusRolesRoot domain of the trust is always enabled for the existing trustRule nameRule statusRule typeRule type (allow)RulesRules to test. If not specified, --enabled is assumedRun CommandsRun TestRun as a userRun as any user within a specified groupRun with the gid of a specified POSIX groupRunAs External GroupRunAs External UserRunAs Group categoryRunAs Group category the rule applies toRunAs GroupsRunAs User categoryRunAs User category the rule applies toRunAs UsersRunAsGroup does not accept '%(name)s' as a group nameRunAsUser does not accept '%(name)s' as a group nameRunAsUser does not accept '%(name)s' as a user nameSELinux OptionsSELinux UserSELinux User MapSELinux User Map ruleSELinux User Map rulesSELinux User MapsSELinux user %(user)s not found in ordering list (in config)SELinux user '%(user)s' is not valid: %(error)sSELinux user map default user not in order listSELinux user map list not found in configurationSELinux user map orderSHA1 FingerprintSHA256 FingerprintSID blacklist incomingSID blacklist outgoingSID blacklistsSID does not match any trusted domainSID does not match exactlywith any trusted domain's SIDSID for the specified trusted domain name could not be found. Please specify the SID directly using dom-sid option.SID is not recognized as a valid SID for a trusted domainSID is not validSIG AlgorithmSIG Key TagSIG LabelsSIG Original TTLSIG SignatureSIG Signature ExpirationSIG Signature InceptionSIG Signer's NameSIG Type CoveredSIG recordSOA classSOA expireSOA minimumSOA mname (authoritative server) overrideSOA mname overrideSOA record classSOA record expire timeSOA record refresh timeSOA record retry timeSOA record serial numberSOA record time to liveSOA refreshSOA retrySOA serialSOA time to liveSPF recordSRV PortSRV PrioritySRV TargetSRV WeightSRV recordSSH public keySSH public key fingerprintSSH public key:SSH public keysSSHFP AlgorithmSSHFP FingerprintSSHFP Fingerprint TypeSSHFP recordSSSD was unable to resolve the object to a valid SIDSaltSame as --%sSaveSchema is up to date (FP '%(fingerprint)s', TTL %(ttl)s s)SearchSearch OptionsSearch command parameters.Search domains of the trustSearch for %(searched_object)s with these %(relationship)s %(ldap_object)s.Search for %(searched_object)s without these %(relationship)s %(ldap_object)s.Search for %1$s on rootdse failed with error %2$d Search for CA ACLs.Search for CAs.Search for Certificate Profiles.Search for DNS forward zones.Search for DNS resources.Search for DNS servers.Search for DNS zones (SOA records).Search for HBAC rules.Search for HBAC services.Search for IPA locations.Search for IPA namingContext failed with error %d Search for IPA servers.Search for IPA services.Search for OTP token.Search for RADIUS proxy servers.Search for SELinux User Maps.Search for Sudo Command Groups.Search for Sudo Commands.Search for Sudo Rule.Search for a netgroup.Search for a self-service permission.Search for an Group ID override.Search for an HBAC service group.Search for an ID View.Search for an ID override.Search for an User ID override.Search for an automount key.Search for an automount location.Search for an automount map.Search for automember rules.Search for certificates with these owner %s.Search for certificates without these owner %s.Search for classes.Search for command outputs.Search for commands.Search for delegations.Search for entitlement accounts.Search for existing certificates.Search for forward zones onlySearch for group password policies.Search for groups with these member groups.Search for groups with these member of HBAC rules.Search for groups with these member of groups.Search for groups with these member of netgroups.Search for groups with these member of roles.Search for groups with these member of sudo rules.Search for groups with these member users.Search for groups without these member groups.Search for groups without these member of HBAC rules.Search for groups without these member of groups.Search for groups without these member of netgroups.Search for groups without these member of roles.Search for groups without these member of sudo rules.Search for groups without these member users.Search for groups.Search for help topics.Search for host groups with these member host groups.Search for host groups with these member hosts.Search for host groups with these member of HBAC rules.Search for host groups with these member of host groups.Search for host groups with these member of netgroups.Search for host groups with these member of sudo rules.Search for host groups without these member host groups.Search for host groups without these member hosts.Search for host groups without these member of HBAC rules.Search for host groups without these member of host groups.Search for host groups without these member of netgroups.Search for host groups without these member of sudo rules.Search for hostgroups.Search for hosts with these enrolled by users.Search for hosts with these managed by hosts.Search for hosts with these managing hosts.Search for hosts with these member of HBAC rules.Search for hosts with these member of host groups.Search for hosts with these member of netgroups.Search for hosts with these member of roles.Search for hosts with these member of sudo rules.Search for hosts without these enrolled by users.Search for hosts without these managed by hosts.Search for hosts without these managing hosts.Search for hosts without these member of HBAC rules.Search for hosts without these member of host groups.Search for hosts without these member of netgroups.Search for hosts without these member of roles.Search for hosts without these member of sudo rules.Search for hosts.Search for ipaCertificateSubjectBase failed with error %dSearch for netgroups with these member groups.Search for netgroups with these member host groups.Search for netgroups with these member hosts.Search for netgroups with these member netgroups.Search for netgroups with these member of netgroups.Search for netgroups with these member users.Search for netgroups without these member groups.Search for netgroups without these member host groups.Search for netgroups without these member hosts.Search for netgroups without these member netgroups.Search for netgroups without these member of netgroups.Search for netgroups without these member users.Search for permissions.Search for privileges.Search for ranges.Search for roles.Search for servers with these managed suffixes.Search for servers without these managed suffixes.Search for service delegation target.Search for service delegations rule.Search for services with these managed by hosts.Search for services without these managed by hosts.Search for stage users with these member of HBAC rules.Search for stage users with these member of groups.Search for stage users with these member of netgroups.Search for stage users with these member of roles.Search for stage users with these member of sudo rules.Search for stage users without these member of HBAC rules.Search for stage users without these member of groups.Search for stage users without these member of netgroups.Search for stage users without these member of roles.Search for stage users without these member of sudo rules.Search for stage users.Search for topology segments.Search for topology suffixes.Search for trusts.Search for users with these member of HBAC rules.Search for users with these member of groups.Search for users with these member of netgroups.Search for users with these member of roles.Search for users with these member of sudo rules.Search for users without these member of HBAC rules.Search for users without these member of groups.Search for users without these member of netgroups.Search for users without these member of roles.Search for users without these member of sudo rules.Search for users.Search for vaults.Search result has been truncated: %(reason)sSearch scopeSearch size limitSearch time limitSecond CodeSecond OTPSecondary RID baseSeconds LatitudeSeconds LongitudeSecretSecurity IdentifierSecurity Identifiers (SIDs)Segment detailsSegment nameSelect AllSelect entries to be removed.SelectorSelfSelf Service PermissionSelf Service PermissionsSelf-service nameSemantic of %(label)s was changed. %(current_behavior)s %(hint)sSemicolon separated list of IP addresses or networks which are allowed to issue queriesSemicolon separated list of IP addresses or networks which are allowed to transfer the zoneSensitiveSerialSerial NumberSerial Number (hex)Serial numberSerial number (hex)Serial number in decimal or if prefixed with 0x in hexadecimalServerServer %(srv)s can't contact servers: %(replicas)sServer NameServer RoleServer RolesServer has already been deletedServer locationServer nameServer name not provided and unavailable Server removal aborted: %(reason)s.Server will check DNS forwarder(s).ServersServers details:Servers in locationServers that belongs to the IPA locationServiceService %(service)s requires restart on IPA server %(server)s to apply configuration changes.Service '%(service)s' not found in Kerberos databaseService CertificateService GroupsService OptionsService SettingsService categoryService category the ACL applies toService category the rule applies toService delegation ruleService delegation rulesService delegation targetService delegation targetsService group nameService nameService name of the service vaultService principalService principal aliasService principal for this certificate (e.g. HTTP/test.example.com)Service principal is not of the form: service/fully-qualified host name: %(reason)sService principal is requiredService(s), shared, and user(s) options cannot be specified simultaneouslyService, shared and user options cannot be specified simultaneouslyService, shared, and user options cannot be specified simultaneouslyServicesSession errorSession timeoutSetSet Domain LevelSet OTPSet One-Time-PasswordSet SSH keySet a user's password.Set an attribute to a name/value pair. Format is attr=value. For multi-valued attributes, the command replaces the values already present.Set default (fallback) group for all unmatched entries.Set default (fallback) group for automember "%(value)s"SettingsShared vaultShowShow IPA server.Show QR codeShow ResultsShow all loaded plugins.Show configuration uriShow detailsShow environment variables.Show global trust configuration.Show managed suffix.Show role status on a serverShow the current OTP configuration.Show the current configuration.Show the current global DNS configuration.Show the list of permitted encryption types and exitShow vault configuration.Show/Set keyShowing ${start} to ${end} of ${total} entries.SignatureSignature ExpirationSignature InceptionSigner's NameSimple bind failed Simulate use of Host-based access controlsSizeSize LimitSize of data exceeds the limit. Current vault data size limit is %(limit)d BSize of the ID range reserved for the trusted domainSkip DNS checkSkip a check whether the last CA master or DNS server is removedSkip overlap checkSkipped %(key)sSkipped %(map)sSome entries were not deletedSome operations failed.Source Host GroupsSource HostsSource hostSource host categorySource host category the rule applies toSpecified CAsSpecified Commands and GroupsSpecified GroupsSpecified Hosts and GroupsSpecified ProfilesSpecified Services and GroupsSpecified Users and GroupsSpecifies where to store keytab information.Specify external ${entity}StageStage UserStage UsersStage user %s activatedStage usersStandard Record TypesState/ProvinceStatusStatus of the roleStopping of replication refresh for segment: "%(pkey)s" requested.Store issued certificatesStreet addressStructuredSubjectSubject DNSubject DN is already used by CA '%s'Subject DNS nameSubject Distinguished NameSubject EDI Party nameSubject IP AddressSubject Kerberos principal nameSubject OIDSubject Other NameSubject UPNSubject URISubject X.400 addressSubject alt name type %s is forbiddenSubject directory nameSubject email addressSubmit a certificate signing request.SubtreeSubtypeSuccessSudo Allow Command GroupsSudo Allow CommandsSudo CommandSudo Command GroupSudo Command GroupsSudo CommandsSudo Deny Command GroupsSudo Deny CommandsSudo OptionSudo RuleSudo RulesSudo orderSuffix nameSupersededSupported encryption types: Suppress processing of membership attributes.Sync OTP TokenSynchronize an OTP token.Syntax Error: %(error)sSystem DNS records updatedTA recordTKEY recordTLSA Certificate Association DataTLSA Certificate UsageTLSA Matching TypeTLSA SelectorTLSA recordTOTP Synchronization WindowTOTP authentication WindowTOTP authentication time variance (seconds)TOTP synchronization time variance (seconds)TOTP token / FreeIPA server time differenceTSIG recordTXT Text DataTXT recordTargetTarget DNTarget DN subtreeTarget Uniform Resource IdentifierTarget Uniform Resource Identifier according to RFC 3986Target groupTarget hostTarget members of a groupTarget members of a group (sets memberOf targetfilter)Target reverse zone not found.Target your own entry (self)Task DNTask DN = '%s'Telephone NumberTest the ACI syntax but don't write anythingText DataText does not match field patternThe --domain option cannot be used together with --add-domain or --del-domain. Use --domain to specify the whole realm domain list explicitly, to add/remove individual domains, use --add-domain/del-domain.The ACI for permission %(name)s was not found in %(dn)s The IPA realmThe _kerberos TXT record from domain %(domain)s could not be created (%(error)s). This can happen if the zone is not managed by IPA. Please create the record manually, containing the following value: '%(realm)s'The _kerberos TXT record from domain %(domain)s could not be removed (%(error)s). This can happen if the zone is not managed by IPA. Please remove the record manually.The automount key %(key)s with info %(info)s does not existThe character %(char)r is not allowed.The default users group cannot be removedThe deny type has been deprecated.The domain name of the target host or '.' if the service is decidedly not available at this domainThe following domains do not belong to this realm: %(domains)sThe group doesn't existThe hostname must be fully-qualified: %s The hostname must not be: %s The hostname or IP (with or without port)The hostname this reverse record points toThe key,info pair must be unique. A key named %(key)s with info %(info)s already existsThe most common types for this type of zone are: %s The number of times to retry authenticationThe password or username you entered is incorrect.The principal for this request doesn't exist.The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)The realm for the principal does not match the realm for this IPA serverThe realm of the following domains could not be detected: %(domains)s. If these are domains that belong to the this realm, please create a _kerberos TXT record containing "%(realm)s" in each of them.The schema used on the LDAP server. Supported values are RFC2307 and RFC2307bis. The default is RFC2307bisThe search criteria was not specific enough. Expected 1 and found %(found)d.The secret used to encrypt dataThe service is allowed to authenticate on behalf of a clientThe service principal for subject alt name %s in certificate request does not existThe topic or command name.The total timeout across all retries (in seconds)The username attribute on the user objectThe username, password or token codes are not correctThis command can not be used to change ID allocation for local IPA domain. Run `ipa help idrange` for more informationThis command relies on the existence of the "editors" group, but this group was not found.This command requires root accessThis entry already existsThis entry cannot be enabled or disabledThis entry is already a memberThis entry is already disabledThis entry is already enabledThis entry is not a memberThis group already allows external membersThis group cannot be posix because it is externalThis is already a posix groupThis is already a posix group and cannot be converted to external oneThis may take some time, please wait ...This page has unsaved changes. Please save or revert.This principal is required by the IPA masterTicket expiredTicket policy for %s could not be readTime LimitTime limit of search in seconds (0 is unlimited)Time nowTime to liveTime to live for records at zone apexTime to live for records without explicit TTL definitionTime-based (TOTP)TimeoutTimeout exceeded.To establish trust with Active Directory, the domain name and the realm name of the IPA server must matchTo get command help, use:Token IDToken description (informational only)Token hash algorithmToken model (informational only)Token secret (Base32; default: random)Token serial (informational only)Token synchronization failedToken vendor name (informational only)Token was synchronizedTopic commands:Topic or CommandTopologyTopology SegmentTopology SegmentsTopology does not allow server %(server)s to replicate with servers:Topology is disconnectedTopology management requires minimum domain level {0} Topology suffixTopology suffixesTotal number of variables env (>= count)True if not all results were returnedTrue means the operation was successfulTrustTrust SettingsTrust directionTrust statusTrust typeTrust type (ad for Active Directory, default)Trusted domainTrusted domain %(domain)s is included among IPA realm domains. It needs to be removed prior to establishing the trust. See the "ipa realmdomains-mod --del-domain" command.Trusted domain and administrator account use different realmsTrusted domain did not return a unique objectTrusted domain did not return a valid SID for the objectTrusted domain partnerTrusted domainsTrusted for delegationTrusted forestTrusted to authenticate as userTrusting forestTrustsTwo factor authentication (password + OTP)Two-way trustTypeType CoveredType MapType of IPA object (sets subtree and objectClass targetfilter)Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)Type of the tokenType of trusted domain ID range, one of ipa-ad-trust-posix, ipa-ad-trustType of trusted domain ID range, one of {vals}Types of supported user authenticationUIDUPN suffixesUn-applyUn-apply ID View ${primary_key} from hostsUn-apply ID View ${primary_key} from hosts of ${entity}Un-apply ID Views from hostsUn-apply ID Views from hosts of hostgroupsUn-apply from host groupsUn-apply from hostsUnable to communicate with CMSUnable to communicate with CMS (status %d)Unable to create private group. A group '%(group)s' already exists.Unable to determine IPA server from %s Unable to determine certificate subject of %s Unable to determine if Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually.Unable to determine root DN of %s Unable to display QR code using the configured output encoding. Please use the token URI to configure your OTP deviceUnable to enable SSL in LDAP Unable to generate Kerberos Credential Cache Unable to initialize connection to ldap server: %sUnable to initialize ldap library! Unable to join host: Kerberos Credential Cache not found Unable to join host: Kerberos User Principal not found and host password not provided. Unable to join host: Kerberos context initialization failed Unable to parse principal Unable to parse principal name Unable to parse principal: %1$s (%2$d) Unable to remove entry Unable to set LDAP version Unable to set LDAP_OPT_PROTOCOL_VERSION Unable to set LDAP_OPT_X_SASL_NOCANON Unable to set LDAP_OPT_X_TLS Unable to set LDAP_OPT_X_TLS_CERTIFICATE Unable to verify write permissions to the ADUndelete a delete user account.Undeleted user account "%(value)s"UndoUndo AllUndo all changes in this field.Undo this change.Unenroll this host from IPA serverUnenrollment failed. Unenrollment successful. Unique IDUnknownUnknown ErrorUnknown option: %(option)sUnlockUnlocked account "%(value)s"UnmatchedUnprovisionUnprovisioning ${entity}Unresolved rules in --rulesUnrevokedUnsaved ChangesUnselect AllUnspecifiedUnsupported valueUpdateUpdate DNS entriesUpdate System DNS RecordsUpdate location and IPA server DNS recordsUpdate of system record '%(record)s' failed with error: %(error)sUserUser GroupUser GroupsUser IDUser ID NumberUser ID Number (system will assign one if not provided)User ID overrideUser ID overridesUser OptionsUser attributeUser authentication typesUser categoriesUser categoryUser category (semantics placed on this attribute are for local interpretation)User category the ACL applies toUser category the rule applies toUser containerUser groupUser group ACI grants access toUser group ruleUser group rulesUser group to apply permissions toUser loginUser nameUser object classUser object overridesUser passwordUser search fieldsUser to overrideUser-friendly description of action performedUser-specified attributes to which the permission appliesUser-specified attributes to which the permission explicitly does not applyUsernameUsername of the user vaultUsersUsers allowed to create keytabUsers allowed to retrieve keytabValid Certificate PresentValid fromValid toValidation errorValidityValidity endValidity startVaultVault ContainerVault ContainersVault configurationVault data encrypted with session keyVault descriptionVault nameVault passwordVault private keyVault public keyVault saltVault serviceVault typeVault userVaultsVendorVerify PasswordVerify Principal PasswordVersionVertical PrecisionVia ServiceViewView CertificateWaiting for confirmation by remote sideWarningWarning unrecognized encryption type. Warning unrecognized salt type. Warning: failed to convert type (#%d) Warning: salt types are not honored with randomized passwords (see opt. -P) WeightWeight for server servicesWhen migrating a group already existing in IPA domain overwrite the group GID and report as successWhether to store certs issued using this profileWhoWorkingWrite profile configuration to fileYou are trying to reference a magic private group which is not allowed to be overridden. Try overriding the GID attribute of the corresponding user instead.You can use FreeOTP as a software OTP token application.You may need to manually remove them from the treeYou must enroll a host in order to create a host serviceYou must specify both rid-base and secondary-rid-base options, because ipa-adtrust-install has already been run.You will be redirected to DNS Zone.Your password expires in ${days} days.Your session has expired. Please re-login.Your trust to %(domain)s is broken. Please re-create it by running 'ipa trust-add' again.YubiKey slotZone forwardersZone found: ${zone}Zone nameZone name (FQDN)Zone record '%s' cannot be deletedZone refresh intervalactive user with name "%(user)s" already existsalgorithm value: allowed interval 0-255all masters must have %(role)s role enabledan internal error has occurredan internal error has occurred on server at '%(server)s'answer to query '%(owner)s %(rtype)s' is missing DNSSEC signatures (no RRSIG data)any of the configured serversapi has no such namespace: '%(name)s'at least one of options: type, users, hosts must be specifiedat least one of: type, filter, subtree, targetgroup, attrs or memberof are requiredat least one value equal to the canonical principal name must be presentattribute "%(attribute)s" not allowedattribute "%s" not allowedattribute is not configurableattrs and included attributes are mutually exclusiveattrs and included/excluded attributes are mutually exclusiveautomatically add the principal if it doesn't existautomatically add the principal if it doesn't exist (service principals only)automount keyautomount keysautomount locationautomount locationsautomount mapautomount mapsber_init() failed, Invalid control ?! ber_scanf() failed, unable to find kvno ?! bind passwordcan be at most %(len)d characterscan be at most %(maxlength)d bytescan be at most %(maxlength)d characterscan be at most %(maxvalue)dcan be at most %(maxvalue)scannot add permission "%(perm)s" with bindtype "%(bindtype)s" to a privilegecannot be emptycannot be longer that 255 characterscannot connect to '%(uri)s': %(error)scannot delete global password policycannot delete managed permissionscannot delete root domain of the trust, use trust-del to delete the trust itselfcannot disable root domain of the trust, use trust-del to delete the trust itselfcannot open configuration file %s cannot rename managed permissionscannot set bindtype for a permission that is assigned to a privilegecannot specify both raw certificate and filecannot specify full target filter and extra target filter simultaneouslycannot stat() configuration file %s change collided with another changechange to a POSIX groupchange to support external non-IPA members from trusted domainschild exited with %d cn is immutablecomma-separated list of HBAC service groups to addcomma-separated list of HBAC service groups to removecomma-separated list of HBAC services to addcomma-separated list of HBAC services to removecomma-separated list of groups to addcomma-separated list of groups to exclude from migrationcomma-separated list of groups to removecomma-separated list of host groups to addcomma-separated list of host groups to removecomma-separated list of hosts to addcomma-separated list of hosts to removecomma-separated list of members of a trusted domain in DOM\name or name@domain formcomma-separated list of netgroups to addcomma-separated list of netgroups to removecomma-separated list of permissionscomma-separated list of permissions to grant(read, write, add, delete, all)comma-separated list of privilegescomma-separated list of privileges to addcomma-separated list of privileges to removecomma-separated list of roles to addcomma-separated list of roles to removecomma-separated list of sudo command groups to addcomma-separated list of sudo command groups to removecomma-separated list of sudo commands to addcomma-separated list of sudo commands to removecomma-separated list of users to addcomma-separated list of users to exclude from migrationcomma-separated list of users to removecommandcommand '%(name)s' takes at most %(count)d argumentcommand '%(name)s' takes at most %(count)d argumentscommand '%(name)s' takes no argumentscommandscommands cannot be added when command category='all'commands for controlling sudo configurationcommunication with CIFS server was unsuccessfulconfiguration optionscontainer entry (%(container)s) not founddefault CA ACL can be only disableddelegationdelegationsdeletedescriptiondid not receive Kerberos credentialsdoes not match any of accepted formats: domaindomain is not configureddomain is not trusteddomain name '%(domain)s' should be normalized to: %(normalized)sdomain name cannot be longer than 255 characterseach ACL element must be terminated with a semicolonempty DNS labelempty filterentriesentryerror marshalling data for XML-RPC transport: %(error)serror on server '%(server)s': %(error)sexecuting ipa-getkeytab failed, errno %d expected format: <0-255> <0-255> <0-65535> even-length_hexadecimal_digits_or_hyphenfile to store certificate infilenamefilter and memberof are mutually exclusiveflags must be one of "S", "A", "U", or "P"flags value: allowed interval 0-255force NS record creation even if its hostname is not in DNSforce delete of SYSTEM permissionsforce principal name even if not in DNSfork() failed format must be specified as "%(format)s" %(rfcs)sforward zone "%(fwzone)s" is not effective because of missing proper NS delegation in authoritative zone "%(authzone)s". Please add NS record "%(ns_rec)s" to parent zone "%(authzone)s".gid cannot be set for external groupgivenname is requiredgroupgroup runAsgroup, permission and self are mutually exclusivegroupsgroups to addgroups to removehosthost category cannot be set to 'all' while there are allowed hostshost grouphost groupshost groups to addhost groups to removehostgrouphostgroup with name "%s" already exists. Hostgroups and netgroups share a common namespacehostgroupshostnamehostname contains empty label (consecutive dots)hostname in subject of request '%(cn)s' does not match principal hostname '%(hostname)s'hostshosts cannot be added when host category='all'hosts cannot be set when type is 'group'hosts to addhosts to removeid rangeid range typeincomplete time valueincorrect typeinvalid '%(name)s': %(error)sinvalid DN (%s)invalid IP address formatinvalid IP address version (is %(value)d, must be %(required_value)d)!invalid IP network formatinvalid Profile IDinvalid SSH public keyinvalid address formatinvalid attribute nameinvalid domain nameinvalid domain-name: %sinvalid domain-name: not fully qualifiedinvalid e-mail format: %(email)sinvalid escape code in domain nameinvalid hostmaskinvalid port numberipa-getkeytab has bad permissions? ipa-getkeytab not found is requirediterations value: allowed interval 0-65535kerberos ticket policy settingskey %(key)s already existskey named %(key)s already existsleft node ({host}) does not support suffix '{suff}'left node and right node must not be the sameleft node is not a topology node: %(leftnode)sleft or right node has to be specifiedlimits exceeded for this querylocal domain rangelocationlocationsmanager %(manager)s not foundmap %(map)s already existsmaps not connected to /etc/auto.master:match the common name exactlymaximum serial numbermember %smember Certificate Profilemember HBAC servicemember HBAC service groupmember groupmember hostmember host groupmember netgroupmember principalmember privilegemember rolemember servicemember service delegation targetmember sudo commandmember sudo command groupmember userminimum serial numbermissing base_idmodifying primary key is not allowedmount point is relative to parent map, cannot begin with /must be "%s"must be '%(value)s'must be DNS namemust be Kerberos principalmust be TRUE or FALSEmust be True or Falsemust be Unicode textmust be a decimal numbermust be absolutemust be an integermust be at least %(minlength)d bytesmust be at least %(minlength)d charactersmust be at least %(minvalue)dmust be at least %(minvalue)smust be binary datamust be datetime valuemust be dictionarymust be enclosed in parenthesesmust be exactly %(length)d bytesmust be exactly %(length)d charactersmust be one of %(values)smust be relativemust contain a tuple (list, dict)must have %(role)s role enabledmust match pattern "%(pattern)s"netgroupnetgroup with name "%s" already exists. Hostgroups and netgroups share a common namespacenetgroupsnetgroups to addnetgroups to removeno command nor help topic '%(topic)s'no modifications to be performedno trusted domain is configuredno trusted domain matched the specified flat namenot allowed to modify group entriesnot allowed to modify user entriesnot allowed to perform operation: %snot allowed to perform server connection checknot foundnot fully qualifiednot modifiable on managed permissionsnumber class '%(cls)s' is not included in a list of allowed number classes: %(allowed)snumber of passwordsobjectclass %s not foundone or more values to removeonly "ad" is supportedonly available on managed permissionsonly letters, numbers, %(chars)s are allowed. DNS label may not start or end with %(chars2)sonly master zones can contain recordsonly one CNAME record is allowed per name (RFC 2136, section 1.1.5)only one DNAME record is allowed per name (RFC 6672, section 2.4)only one node can be specifiedoperation not definedoption was renamed; use %soptions are not allowedorder must be a unique value (%(order)d already used by %(rule)s)out of memory out-of-zone data: record name must be a subdomain of the zone or a relative nameoverlapping arguments and options: %(names)sowner %sowner groupowner of %(types)s records should not be a wildcard domain name (RFC 4592 section 4)owner serviceowner userparams must be a listparams must contain [args, options]params[0] (aka args) must be a listparams[1] (aka options) must be a dictpasswordpassword policiespassword policypassword to use if not using kerberospermissionpermission "%(value)s" already existspermissionspreserveprincipal not found principal not found in XML-RPC response principal to addprincipal to removepriority cannot be set on global policypriority must be a unique value (%(prio)d already used by %(gname)s)privilegeprivileged groupprivileged hostgroupprivileged service delegation ruleprivileged service delegation targetprivilegesprivileges to addprivileges to removeprofile category cannot be set to 'all' while there are allowed profilesprofiles cannot be added when profile category='all'pysss_murmur is not available on the server and no base-id is given.query '%(owner)s %(rtype)s' with EDNS0: %(error)squery '%(owner)s %(rtype)s': %(error)srange existsrange modification leaving objects with ID out of the defined range is not allowedrange type changeread error realm not found realm or UPN suffix overlaps with trusted domain namespacerecord '%(owner)s %(rtype)s' failed DNSSEC validation on server %(ip)srequest failed with HTTP status %dresult not found in XML-RPC response retrieve and print all attributes from the server. Affects command output.right node ({host}) does not support suffix '{suff}'right node is not a topology node: %(rightnode)srolerolesroles to addroles to removerunAs groupsrunAs userrunAs userssalt value: %(err)ssearch for POSIX groupssearch for groups with support of external non-IPA members from trusted domainssearch for managed groupssearch for non-POSIX groupssearch for private groupssearch results for objects to be migrated have been truncated by the server; migration process might be incomplete secondssegmentsegmentsself service permissionself service permissionsserverserver roleserver rolesserversserviceservice category cannot be set to 'all' while there are allowed servicesservice delegation ruleservice delegation rulesservice delegation targetservice delegation targetsservice delegation targets to addservice delegation targets to removeservicesservices cannot be added when service category='all'services to addservices to removesetting Authoritative nameservershould not be a wildcard domain name (RFC 4592 section 4)skip reverse DNS detectionsn is requiredstage userstage userssubject alt name type %s is forbidden for non-user principalssubject alt name type %s is forbidden for user principalssubtree and type are mutually exclusivesudo commandsudo command groupsudo command groupssudo command groups to addsudo command groups to removesudo commandssudo commands to addsudo commands to removesudo rulesudo rulessuffixsuffixessystem ID Viewtarget and targetgroup are mutually exclusivethe IPA server and the remote domain cannot share the same NetBIOS name: %sthe certificate with serial number the entry was deleted while being modifiedthe value does not follow "YYYYMMDDHHMMSS" time formatthere must be at least one target entry specifier (e.g. target, targetfilter, attrs)this option has been deprecated.this option is deprecatedtoo many '@' characterstrusttrust configurationtrust domaintrust domainstrust typetrusted domain objecttrusted domain object not foundtrusted domain user not foundtruststype of IPA object (user, group, host, hostgroup, service, netgroup)type, filter, subtree and targetgroup are mutually exclusiveunknown command '%(name)s'unknown error %(code)d from %(server)s: %(error)sunsupported functional levelunsupported trust typeuseruser "%s" is already activeuser category cannot be set to 'all' while there are allowed usersusersusers and hosts cannot both be setusers cannot be added when runAs user or runAs group category='all'users cannot be added when user category='all'users cannot be set when type is 'hostgroup'users to addusers to removevaluevaultvaultcontainervaultcontainersvaults{attr}: no such attribute{role}: role not foundProject-Id-Version: freeipa 4.6.5.dev201907290557+git8334a8789 Report-Msgid-Bugs-To: https://fedorahosted.org/freeipa/newticket POT-Creation-Date: 2020-04-02 07:45+0000 PO-Revision-Date: 2017-07-12 04:11+0000 Last-Translator: Pavel Vomacka Language-Team: Chinese (China) Language: zh_CN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Zanata 4.6.2 Plural-Forms: nplurals=1; plural=0 例如: 库容器对象。 库对象。 增加一个新的令牌: ipa otptoken-add-yubikey --owner=jdoe --desc="My YubiKey" * 权限允许访问读,写,添加,删除,读,查找或比价。 * 特权结合了相似的权限(例如所有权限需要添加一个用户) * 角色为用户,用户组,主机或主机组授予一系列特权。 * 主机必须存在 * 服务必须存在(或者你使用--add选项来自动添加它) 一个证书是以一个服务主体存储,并一个服务主体需要一个主机。 条件是一个用于389-ds的正则表达式来用一个自动成员规则区匹配一个新添加的条目。如果它匹配一个兼容规则,那么该条目被添加到合适的组或主机组中去。 一个默认组或主机组可以指定给不匹配任何规则的条目。万一是用户条目,则该组会是一个会退组,因为在IPA配置中所有用户默认是指定组的成员。 权限由许多不同部分组成: 1. 权限名。 2. 权限目标。 3. 权限授予的权限。 一个权限可能不包含其他权限。 规则是和组名直接关联的,因此你不能创建一个没有组或主机组的规则。 API 模式 同时,有以下合适的选项。设置其中一个选项将会设置相应的属性。 1. 类型:对象(用户,用户组等)的类型;设置子树和目标过滤器。 2. 组: 适用于一个组的成员;设置目标过滤器。 3. 目标组:允许修改一个指定组(例如授予管理组成员的权限);设置目标。 所有的CAs除了'IPA' CA都可以被禁用或重新启用。禁用一个CA会阻止它发布证书,但不会影响它的证书的有效性。 顺序可以添加到一个sudo规则中来控制它们评估的顺序(如果客户端支持)。该顺序是一个整数并且是唯一的。 非对称库和标准库类似,但它在传输前会使用一个公钥来预加密密码。该密码仅能通过对应的私钥来检索。 自动成员规则。 基于所有者管理有三种库类别: * 用户/私有库 * 服务库 * 共享库 基于安全机制有三种库类型: * 标准库 * 对称库 * 非对称库 基类用户 这包含了用户/计划用户常见的定义 CAs (除了'IPA' CA)都可以被删除。删除一个CA会撤销它的签名证书并删除它的私钥。 证书请求以PEM格式的证书签名请求(CSR)的形式存在。 证书可能通过证书主题,序列号,撤销原因,有效日期和发布日期来查询。 DNS服务器配置 GMT格式的日期用来匹配证书里的日期。 删除或重命名一个管理权限,同时改变它的目标是不允许的。 域名系统(DNS) 例如: FreeIPA提供了一种方法来配置Sudo的各个方面: 用户:用户/用户组允许调用Sudo。 主机:主机/主机组上的用户允许调用Sudo。 允许的命令:指定命令允许通过Sudo来运行。 阻止的命令:指定命令禁止通过Sudo来运行。 作为用户来运行:Sudo会调用用户或用户组的权限。 作为组来运行:Sudo会调用组的gid权限。 选项:各种Sudoers选项可以修改Sudo的行为。 获取安装IPA服务器信息。 获取由IPA主服务器提供的角色(DNS服务器,CA等)状态。 IPA证书操作 IPA位置 IPA服务器角色 IPA服务器 IPA支持使用OTP令牌来多因素认证。这个码能管理OTP令牌。 IPA对于krb5 OTP认证支持使用额外的RADIUS代理服务器。这在集成第三方认证服务时提供了很多方便。 实现了一组命令来管理服务器的SSL证书。 为了请求一个证书: 加入一个IPA域 管理证书颁发机构 管理DNS区域和资源记录。 管理OTP 令牌。 管理RADIUS代理服务器。 管理YubiKey令牌。 管理库。 管理权限 设置DNS位置 设置DNS服务器配置 Misc插件 注意没有使用原因码7。查看RFC 5280以获取更多详细信息: 注意属性和条目之间的区别。权限是独立的,能添加一个用户并不代表该用户是可编辑的。 OTP令牌 权限 通过CLI不能直接访问插件,需要使用内部命令 提供API自省能力。 RADIUS代理服务器 提高IPA域级别。 删除'%(hostname)s'导致在后缀'%(suffix)s'拓扑中失去连接:%(errors)s 复制拓扑后缀'%(suffix)s'已失去连接:%(errors)s 权限定义了允许哪些操作,可能是下面的一个或多个: 1. 写 - 写一条或多条属性 2. 读 - 读一条或多条属性 3. 查找 - 查找一条或多条属性 4. 比较 - 比较一条或多条属性 5. 添加 - 添加一条新属性到树中 6. 删除 - 删除一条已存在的条目 7. 全部 - 授予的所有权限 查找: 标准库使用一种安全机制来传输和存储密码。密码仅能被有权限访问该库的用户检索。 从属证书颁发机构(Sub-CAs)可以当作是X.509证书的发行范围。 Sudo (su "do")允许一个系统管理员给特定用户(或用户组)授予权限使其有以root或其他用户的能力来运行一些(或全部)命令,同时会对命令和命令参数提供一个审计跟踪。 Sudo规则 对称库和标准库类似,但它在传输前会使用一个密码来预加密该密码。密码仅能使用相同的密码来检索。 automember-rebuild命令可以用来对现有条目跟踪运行自动成员规则,以此来重建它们的成员组。 日期格式是YYYY-mm-dd。 dogtag CA只是使用CSR的CN值,并强制主题的其他值在服务器中配置。 支持下面的撤销原因: 有许多允许的目标: 1. 子树:一个DN;在该DN下应用权限的子树 2. 目标过滤器:一个LDAP过滤器 3. 目标:权限适用于带有可能通配符,指定条目的DN 这段代码是otp令牌插件的一个扩展,并对读/写YubiKey令牌提供直接的支持。 拓扑 域级别为1的复制拓扑的管理。 用户库被特定用户拥有并使用。私有库被当前用户拥有。服务库被一个服务拥有。共享库被管理员拥有但可以被其他用户或服务使用。 库 验证复制拓扑的后缀。 检查完成: 1. 检查是否还有没有连接的拓扑。换句话说,是否在所有服务器之间存在复制路径。 2. 检查是否服务器没有超过推荐的副本协议数 YubiKey令牌 另外,下面服务器可以运行该命令:%(masters)s"%s"不是一个有效的权限类型"%s"不是一个对象类型呈现${count}个证书${count} item(s)已添加已删除${count}个条目已禁用${count}个条目已启用${count}个条目${count} item(s) 已移除已删除${count}个选项已激活${count}个用户已恢复${count}个用户已呈现${count}个用户${entity} ${primary_key}设置${entity} ${primary_key}已更新${entity}已添加成功${primary_key}适用于:${primary_key}是其中一个成员:${primary_key}受管于:${primary_key}成员:${primary_key}覆盖:${product},版本:${version}%(attr)s没有包含'%(value)s'%(attr)s:无效的语法。%(attr)s:仅允许一个值。%(container)s LDAP搜索没有返回任何结果(搜索基:%(search_base)s,对象类: %(objectclass)s)%(count)d %(type)s记录已忽略。每个DNS记录类型一次只能修改一个值。%(count)d个ACI已匹配已匹配%(count)d个CA ACL已匹配%(count)d个CA已匹配%(count)d个DNS服务器已匹配%(count)d个组ID覆盖已匹配%(count)d个HBAC规则已匹配%(count)d个HBAC服务组已匹配%(count)d个HBAC服务已匹配%(count)d个ID视图已匹配%(count)d个ID覆盖已匹配%(count)d个IPA位置已匹配%(count)d个IPA服务器已匹配%(count)d个OTP令牌已匹配%(count)d个RADIUS代理服务器已匹配%(count)d个SELinux用户映射已匹配%(count)d个Sudo命令组已匹配%(count)d个Sudo命令已匹配%(count)d个Sudo规则已匹配%(count)d个用户ID覆盖已匹配%(count)d个自动挂载键已匹配%(count)d个自动挂载位置已匹配%(count)d个自动挂载映射已匹配%(count)d个证书已匹配%(count)d个授权已匹配%(count)d个组已匹配%(count)d个主机已匹配%(count)d个主机组已匹配%(count)d个网络组已匹配%(count)d个权限已加载%(count)d个插件已匹配%(count)d个特权已匹配%(count)d个配置文件已匹配%(count)d个范围已匹配%(count)d个角色已匹配%(count)d个规则已匹配%(count)d个段已匹配%(count)d个自助服务已匹配%(count)d个服务授权规则已匹配%(count)d个服务授权目标已匹配%(count)d个服务已匹配%(count)d个拓扑后缀已匹配%(count)d个信任已匹配%(count)d个用户%(count)d个变量已匹配%(count)d个库已匹配%(count)s个服务器角色%(cver)s客户端和在'%(server)s'的%(sver)s服务器不兼容%(filename)s:文件没找到%(host)s已失败%(host)s已失败:%(error)s%(info)s%(key)s不能被删除因为%(label)s %(dependent)s需要它%(key)s不能被删除或禁用因为它是%(label)s %(container)s的最后一个成员%(label)s %(key)s不能被删除/修改:%(reason)s%(name)s证书无效%(obj)s默认属性%(attr)s是不允许的!名为"%(pkey)s"的%(oname)s已存在%(operation)s不支持主体 %(principal_type)s%(otype)s "%(oname)s"没有找到%(parent)s:%(oname)s没有找到%(pkey)s:%(oname)s没有找到%(port)s不是一个有效的端口%(reason)s%(task)s LDAP任务超时,任务DN:'%(task_dn)s'%(type)s类别不能设置为all',虽然有允许%(objects)s%(user)s不是一个POSIX用户%(value)s%iCA已添加。%iCA已移除。%iCAs已添加。%iCAs已移除。%i主机或主机组已添加。%i主机或主机组已移除。%i主机或主机组已添加。%i主机或主机组已移除。%i配置文件已添加。%i配置文件已移除。%i配置文件已添加。%i配置文件已移除。%i服务已添加。%i服务已移除。%i服务已添加。%i服务已移除。%i用户或组已添加。%i用户或组已移除。%i用户或用户组已添加。%i用户或用户组已移除。%s记录%s不是一个有效的属性。%s记录待添加的%s不移植%s待移除的%s%s:找不到组%s:用户已保存'${port}'不是一个有效的端口'%(attr)s'已包含一个或多个值'%(command)s'已被弃用。%(additional_info)s'%(entry)s'没有证书。需要'%(name)s''%(option)s'选项已弃用。%(additional_info)s当'%(name)s'被设置时'%(required)s'必须不能为空'%s'是DNS记录的必要部分'add'选项(弃用)(查阅RFC %s 来获取详细信息)检查存在组的GID。使用--group-overwrite-gid选项来覆盖GID7不是一个有效的撤销原因 One-Time-Password(OTP): 为每个OTP字段生成新的OTP码。Kerberos登录,请确认你有有效的票据(通过kinit获取)并在 正确配置了浏览器,然后点击登录。用户名和密码登录,在相应框中输入用户名和密码,然后点击登录。

如果没有选择方法那么就使用隐式方法(密码)。

密码+双因素LDAP和Kerberos允许使用其中任一认证类型来认证但是Kerberos使用预认证方法,该方法需要使用armor ccache

RADIUS和另外的类型: Kerberos总是使用RADIUS,但是LDAP从不使用。LDAP仅识别密码和双因素认证选项。

如果所有选项都检测了那么每个用户设置会覆盖全局设置。

密码+双因素LDAP和Kerberos允许使用其中任一认证类型来认证但是Kerberos使用预认证方法,该方法需要使用armor ccache

RADIUS和另外的类型: Kerberos总是使用RADIUS,但是LDAP从不使用。LDAP仅识别密码和双因素认证选项。

IP地址系统权限可能不能被修改或删除该RADIUS代理服务器的描述一个自动成员规则的描述该命令的一个描述该主机的描述该主机组的描述该角色组的描述一个字典代表一个LDAP条目一个组不能是自己的成员一个组不能是自己的成员主机愿意充当关键交换器主机愿意充当邮件交换器一个别名主机名指向主机名ACI值列表LDAP条目列表SELinux用户列表期望以$分隔一个全局转发器列表。使用标准格式"IP_ADDRESS port PORT"为每个转发器指定一个自定义端口一个Per-zone转发器列表。使用标准格式"IP_ADDRESS port PORT"为每个转发器指定一个自定义端口管理组不能有密码策略。遇到的问题是什么时候验证所有成员是%(verb)s:%(exc)s一条记录从复制更新中删除的以空格分隔的属性列表。在所有相关对象中搜索字符串A6记录数据A6记录AAAA IP地址AAAA记录ACI名称ACI权限%s没有找到ACI前缀需要ACI前缀ACI名"%s"没有找到ACIsACL名称AD DC不能连接任何IPA域控制器。最有可能是一个DNS或者防火墙事件AD信任设置AD域控制器AD域控制器抱怨通信序列。这可能意味着双方时间不同步,例如AFSDB主机名AFSDB子类型AFSDB记录API概述没有发送API版本号,不能保证向前兼容。假定服务器的API版本%(server_version)sAPL记录关于访问阻止访问允许访问授权:%s访问该主机访问时间访问账户账户设置账户状态禁用账户账户已禁用:%(disabled)s操作激活激活一个计划用户"%(value)s"激活一个计划用户。活动目录域活动目录域管理员活动目录域管理员密码活动目录域范围带POSIX属性的活动目录域有POSIX属性的活动目录信任范围活动目录域管理员密码活跃用户活跃区添加添加${entity}添加${entity} ${primary_key}到${other_entity}添加${other_entity}管理${entity} ${primary_key}添加${other_entity}到${entity} ${primary_key}添加允许${other_entity}到${entity} ${primary_key}向一个CA ACL中添加CAs。添加条件到${pkey}添加自定义属性添加自定义认证机构添加阻止${other_entity}到${entity} ${primary_key}添加Kerberos主体别名添加多个添加OTP令牌添加权限添加规则添加RunAs ${other_entity}到${entity} ${primary_key}添加RunAs用户组到${entity} ${primary_key}向一个计划用户条目中添加一个管理员向一个用户条目中添加一个管理员添加一个新的DNS服务器。添加一个新的组ID覆盖。添加一个新的HBAC服务组。添加一个新的HBAC服务。添加一个新的ID视图。添加一个新的ID覆盖。添加一个新的IPA位置。添加一个新的IPA服务。添加一个新的IPA服务。添加一个新的OTP令牌。添加一个新的RADIUS代理服务器。添加一个新的用户ID覆盖。增加一个新的YubiKey OTP令牌。添加一个新的授权。添加一个新的组密码策略。添加一个新主机。添加一个新的主机组。添加一个新的网络组。添加一个新的权限。添加一个新的特权。添加一个新角色。添加一个新段。添加一个新的自助服务权限。添加一个新的拓扑后缀到管理中。添加一个新用户。为每个正向区访问授权添加一个权限。为每个区访问授权添加一个权限。添加一个没有ACI的系统权限添加一个没有ACI的系统权限(内部命令)添加一个属性/值对。格式是属性=值。属性必须时模式的一部分。添加一个自动成员规则。向Sudo规则中添加一个选项。添加并添加另一个添加和关闭添加和编辑向主机条目中添加证书添加受Sudo规则影响的命令和sudo命令组。添加条件到一个自动成员规则。添加自定义值添加域为位于创建区域的命名服务器添加正向记录添加受Sudo规则影响的主机和主机组。添加可以管理该主机的主机。添加可以管理该服务的主机。向一个命名服务授权规则中添加成员。向一个命名服务授权规则中添加成员。向Sudo命令组中添加成员。向一个组中添加成员。向一个主机组添加成员。向一个网络组添加成员。将成员添加到权限。向一个特权中添加成员。向角色中添加成员。向一个库中添加成员。在一个HBAC服务组中添加成员。添加没有组的移植用户到一个默认组(默认:正确的)添加新的DNS资源记录。向一个服务中添加新证书向一个服务添加新的主体别名为主机条目添加新的主体别名为用户条目添加新的主体别名向id覆盖用户条目中添加一个或多个证书向用户条目中添加一个或多个证书向一个库容器中添加所有者。向一个库中添加所有者。向一个特权中添加权限。添加主体向一个角色中添加特权。向一个CA ACL中添加配置文件。向一个CA ACL中添加服务。在HBAC规则中添加服务从一个HBAC规则中添加源主机和主机组。向一个CA ACL中添加目标主机和主机组。在一个HBAC规则中添加目标主机和主机组。向SELinux用户映射规则中添加目标主机和主机组。向一个命名服务授权规则中添加目标。添加目标到一个命名服务授权。用该IP地址将主机添加到DNS中添加到默认组添加受Sudo规则影响的用户和用户组。向一个CA ACL中添加用户和用户组。在一个HBAC规则中添加用户和用户组。向SELinux用户映射规则中添加用户和用户组。添加可以管理该令牌的用户已添加 %(map)s已添加 %(src)s 到 %(dst)s已添加活动目录域"%(value)s"已添加CA ACL"%(value)s"已添加组ID覆盖"%(value)s"已添加HBAC规则"%(value)s"已添加HBAC服务"%(value)s"已添加HBAC服务组"%(value)s"已添加ID视图"%(value)s"已添加ID覆盖"%(value)s"已添加ID范围"%(value)s"已添加IPA位置"%(value)s"已添加OTP令牌"%(value)s"已添加RADIUS代理服务器"%(value)s"已添加SELinux用户映射"%(value)s"已添加Sudo命令"%(value)s"已添加Sudo命令组"%(value)s"已添加Sudo规则"%(value)s"已添加用户ID覆盖"%(value)s"已添加自动成员规则"%(value)s"已添加自动间接映射"%(value)s"已添加自动挂载键"%(value)s"已添加自动挂载位置"%(value)s"已添加自动挂载映射"%(value)s"已向主机"%(value)s"中添加证书已添加证书到id覆盖用户"%(value)s"已添加证书到服务主体"%(value)s"已为用户"%(value)s"添加证书已在"%(value)s"上添加条件已添加授权"%(value)s"已添加组"%(value)s"新增主机 "%(value)s"已添加主机组"%(value)s"已添加网络组"%(value)s"已添加新的DNS服务器"%(value)s"已为主机"%(value)s"添加新别名已添加新的别名到服务主体"%(value)s"已为用户"%(value)s"添加新别名已添加"%(option)s"到Sudo规则"%(rule)s"已添加权限"%(value)s"已添加特权"%(value)s"已添加角色"%(value)s"已添加段"%(value)s"已添加自助服务"%(value)s"已添加服务"%(value)s"已添加服务授权规则"%(value)s"已添加服务授权目标"%(value)s"已添加计划用户"%(value)s"已添加系统权限"%(value)s"已添加拓扑后缀"%(value)s"已添加用户"%(value)s"已添加库"%(value)s"附加指示:地址无效,不能重定向管理员账户管理员电子邮件地址由服务器公布协议已删除算法全部权限可以应用所有属性所有命令至少有一个返回值允许允许${other_entity}创建${primary_key}的keytab允许${other_entity}检索${primary_key}的keytab允许PTR同步允许访问信任域允许从信任域中添加额外的非IPA成员允许动态更新当解析AD信任对象时允许回退到AD DC LDAP。仅供双向信任。允许嵌套DNSSEC签名允许在区域中嵌套DNSSEC记录签名允许查询允许同步正向(A,AAAA)和反向(PTR)记录允许在区域中同步正向(A,AAAA)和反向(PTR)记录允许传输允许使用信任域中的IPA资源允许用户,用户组,主机或主机组来创建该主机的keytab。允许用户,用户组,主机或主机组来创建一个该服务的keytab。允许用户,用户组,主机或主机组来检索该主机的keytab。允许用户,用户组,主机或主机组来检索一个该服务的keytab。允许的目标允许模仿允许创建keytab允许检索keytab即使使用兼容插件也允许迁移已注册可供选择的UPN后缀高度总是询问模糊查找,用户域没有指定IPA主主机不能被删除或禁用出现一个错误(${error})在抓取dns区域时发生错误。id范围已在该域中存在。你要么删除旧的范围,要么从命令中排除--base-id/--range-size选项。命名服务器新的DNS区域定期调查的间隔锚'%(anchor)s'不能被解析。任何CA任何命令任何组任何主机任何配置文件任何服务任何人适用的主机ID视图适用于指定的主机或指定主机组的当前成员。如果该主机已有其他ID视图,则覆盖它。应用ID视图到指定的主机或指定主机组的当前成员。如果该主机已有其他ID视图,则覆盖它。应用应用ACI到你自己的条目在主机${entity}中应用ID视图${primary_key}在${entity}上应用ID视图${primary_key}适用的主机组适用的主机数据归档到库。数据归档到库"%(value)s"你确定要${action}用户?
改变会立即生效。你确定要激活${object}?你确定要激活被选用户?你确定要为DNS区域${object}添加权限吗?你确定要删除${object}?你确定要删除被选条目?你确定要禁用${object}?你确定要禁用被选条目?你确定要启用${object}?你确定要启用被选条目?你确定要执行该操作吗?你确定要重建自动成员吗?你确定要为DNS区域${object}删除权限吗?你确定要恢复${object}?你确定要恢复被选用户?你确定要呈现${object}?你确定要呈现被选用户?你确定要在选择的条目中不应用ID视图?你确定要解锁用户${object}?作为谁要求一个非随机密码用于主体已分配的ID视图分配管理者令牌(默认:自己)分配用户令牌(默认:自己)至少应该指定域或IP地址属性性键值属性分类通过正则表达式来过滤属性。例如:一个主机的fqdn属性,或者一个用户的manager属性属性所有更新的属性在DS中被用户组条目所忽略的属性在DS中被用户条目所忽略的属性待复制属性权限默认应用的属性权限应用属性。审计身份验证认证指标认证指标认证指标权威的命名服务器权威命名服务器改变权威的命名服务器域名授权ID自动成员规则自动成员没有配置自动成员规则:%s没有找到!自动生成自动更新DNS系统记录失败。请手动重新运行更新系统记录来获取缺少的记录。自动成员自动成员规则自动成员重建成员关系任务已完成自动成员重建成员关系任务已开始自动挂载自动挂载键自动挂载键自动挂载位置自动挂载位置设置自动挂载位置自动挂载映射自动挂载映射自动挂载键名。自动挂载键对象。自动挂载位置名。自动挂载映射名。自动挂载主文件。可用的BIND更新策略返回回到顶部凭证缓存格式错误错误的或不支持的盐值类型。 无效的搜索过滤器不正确的查询筛选器%(info)s基DN远程LDAP服务器上的基DN基IDBase-64编码的证书。Base-64编码的主机证书Base-64 编码格式的服务器证书Base-64编码的服务证书Base-64编码的用户证书Base64解码失败: %(reason)s绑定DN绑定失败:%s 在使用一个绑定DN时需要绑定密码。 绑定规则类型该配置文件的简要描述CA'%s'被禁用CA类别CA类别不能设置为all',虽然有允许CAsACL应用的CA类别CA证书CA没有配置当CA类别='all'时CAs不能被添加CERT算法CERT证书类型CERT证书/CRLCERT键标记CERT记录CIFS凭证对象CIFS服务器%(host)s阻止你的凭证CIFS服务器通信错误:代码"%(num)s",消息"%(message)s"(两者都有可能没有任何信息)CIFS服务器阻止你的凭证CLI名称CNAME主机名CNAME记录CNAME记录不允许与任何其他记录共存(RFC 1034,第3.6.2节)取消不能创建反向记录"%(value)s":%(exc)s不能解码文件'%(filename)s': %(exc)s不能和%(host)s建立LSA连接。CIFS服务器是否在运行?不能建立一个信任到部署在IPA同一域中的AD。这样的设置不支持。找不到指定的域或服务器名称没有安装Samba 4不能执行SID验证。确认你已经在IPA服务器上安装了server-trust-ad子包没有安装Samba 4不能执行外部成员验证。确认你已经在IPA服务器上安装了server-trust-ad子包没有自己的域配置不能执行加入操作。首先确认你已经在IPA服务器上运行了ipa-adtrust-install命令没有在该机器上进行Samba 4实例配置不能执行被选命令。确认你已经在该服务器上运行ipa-adtrust-install。没有安装Samba 4不能执行被选命令。确认你已经在IPA上安装了server-trust-ad子包。不能读取文件'%(filename)s': %(exc)s请求域中不能解析KDC不能检索信任域GC列表没有自己的域配置不能在信任域中查找。首先确认你已经在IPA服务器上运行了ipa-adtrust-install命令不能存储权限ACI到%s不能使用%(old_name)s和%(new_name)s汽车执照证书证书关联数据证书颁发机构证书颁发机构证书持有已删除证书配置文件待使用的证书配置文件证书配置文件待添加的证书配置文件待移除的证书配置文件证书已撤销证书类型证书用途${entity} ${primary_key}证书证书格式错误:%(error)sbase64或PEM格式的证书证书操作没有完成:%(error)s证书配置文件不能被重命名证书请求证书基主题是:%s 由CA'%(ca)s'发布序列号为%(serial)s的证书没有找到证书存储在文件'%(file)s'中证书/CRL证书改变当前域级别。改变密码更改为POSIX组更改为外部组已改变"%(value)s"的密码字符类检测DNS检测和远程IPA服务器的连接。检查证书签名请求的状态。检查记录是否存在。检查是否有任何服务器启用了CA服务。检查是否有任何服务器启用了DNS服务。城市类从指定主机或指定主机组的当前成员中清除ID视图。点击${action}客户端证书可以授权给服务客户端没有配置。运行ipa-client-install。客户端版本。用来确定是否服务器接受请求。时间间隔时钟偏移量关闭关闭keytab失败 全部折叠以逗号分隔的加密类型列表以逗号分隔的属性列表在DS中被组条目所忽略以逗号分隔的属性在DS中被用户条目所忽略以逗号分隔的属性在DS中被组条目所忽略以逗号分隔的对象类在DS中被用户条目所忽略以逗号分隔的对象类在DS中用于查找用户组条目以逗号分隔的对象类在DS中用于查找用户条目以逗号分隔的对象类以逗号分隔的授权列表(读,写)。默认是写。以逗号分隔的授权列表(读,写,添加,删除,全部)以逗号分隔的原始A记录列表以逗号分隔的原始A6记录列表以逗号分隔的原始AAAA记录列表以逗号分隔的原始AFSDB记录列表以逗号分隔的原始APL记录列表以逗号分隔的原始CERT记录列表以逗号分隔的原始CNAME记录列表以逗号分隔的原始DHCID记录列表以逗号分隔的原始DLV记录列表以逗号分隔的原始DNAME记录列表以逗号分隔的原始DNSKEY记录列表以逗号分隔的原始DS记录列表以逗号分隔的原始HIP记录列表以逗号分隔的原始IPSECKEY记录列表以逗号分隔的原始KEY记录列表以逗号分隔的原始KX记录列表以逗号分隔的原始LOC记录列表以逗号分隔的原始MX记录列表以逗号分隔的原始NAPTR记录列表以逗号分隔的原始NS记录列表以逗号分隔的原始NSEC记录列表以逗号分隔的原始NSEC3记录列表以逗号分隔的原始NSEC3PARAM记录列表以逗号分隔的原始PTR记录列表以逗号分隔的原始RP记录列表以逗号分隔的原始RRSIG记录列表以逗号分隔的原始SIG记录列表以逗号分隔的原始SPF记录列表以逗号分隔的原始SRV记录列表以逗号分隔的原始SSHFP记录列表以逗号分隔的原始TA记录列表以逗号分隔的原始TKEY记录列表以逗号分隔的原始TSIG记录列表以逗号分隔的原始TXT记录列表命令'%(name)s'已被弃用命令类别规则适用的命令类别命令名命令没有实现命令通用名不能被添加的条件不能被移除的条件配置配置你的令牌通过浏览下面的二维码来配置你的令牌。如果你想在你配置的设备上看到该二维码,请点击它。配置管理服务器超出限制配置大小超出限制配置时间超出限制确认(密码)确认连接连续失败后锁定联系方式设置无法连接指定的KDC服务器连续连续模式:有错误不停止。连续操作模式。报告错误但这个过程仍在继续连续操作模式。报告错误但是这个过程仍在继续。在服务器上转换不能交互式地获取%(name)s不能读UPG原过滤器定义。检查你的权限。计数器计数型(HOTP)从一个删除用户中创建计划用户创建一个CA。创建一个新的CA ACL。创建一个新HBAC规则。创建一个新的SELinux用户映射。创建一个新的自动挂载键。创建一个新的自动挂载位置。创建一个新的自动挂载映射。创建一个新组。创建一个新的间接挂载点。创建一个新的服务授权规则。创建一个新的服务授权目标。创建一个新库。创建一个非POSIX组创建dns记录创建新的ACI。创建新的DNS正向区。创建新的DNS区域(SOA记录)。创建新的Sudo命令组。创建新的Sudo命令。创建新的Sudo规则。创建反向为该IP地址创建反向记录已创建ACI"%(value)s"已创建CA"%(value)s"创建记录。凭证缓存权限不正确跨域信任没有配置。首先确认你已经在IPA服务器上运行了ipa-adtrust-install命令目前的DNS记录内容: 当前密码当前域级别:需要当前密码自定义值DHCID记录DLV算法DLV摘要DLV摘要类型DLV键标记DLV记录DN通用名与用户登录名不匹配DN电子邮件地址不匹配任何用户的电子邮件地址在DS中与基类DN相关的用户组容器DN在DS中与基类DN相关的用户容器DN已开始任务的DNDN绑定好像没有使用kerberosDNAME目标DNAME记录DNSDNS正向区域DNS正向区域DNS全局配置DNS RR类型"%s"在bind-dyndb-ldap插件中不被支持DNS资源记录DNS资源记录DNS服务器DNS服务器名DNS服务器DNS区域DNS区域设置DNS区域DNS检测失败:预期的{%(expected)s},得到的{%(got)s}DNS类DNS配置选项DNS正向区域DNS正向区域自从IPA 4.0后DNS转发器语义改变了。你可以使用正向区域(dnsforwardzone-*)来替代。查看帮助文档获取更多详细信息。DNS没有配置DNS标签不能长于63个字符DNS标签不能长于63个字符DNS记录已删除因为它没有数据。主机%(host)s的DNS记录不能被移除。(%(reason)s)一次只能更新一条DNS记录DNS资源记录DNS资源记录类型DNS资源记录IP地址为%(addr)s的DNS反向区域%(revzone)s没有被该服务器管理DNS服务器DNS服务器%(server)s不支持DNSSEC:%(error)s。如果DNSSEC认证在IPA服务器上启用了,请禁用它。DNS服务器%(server)s不支持EDNS0 (RFC 6891):%(error)s。如果DNSSEC认证在IPA服务器上启用了,请禁用它。DNS服务器%(server)s:%(error)s。DNS服务器DNS区域DNS区域%(zone)s没有找到DNS区域的每个realm域必须包括SOA或NS记录。没有找到记录:%sDNS根区域记录不能被重命名DNS区域DNSKEY记录DNSSEC支持是实验性的。%(additional_info)sDNSSEC认证失败:%(error)s。请确认你的DNSSEC配置或者在所有IPA服务器中禁用DNSSEC认证。DS算法DS摘要DS摘要类型DS键标记DS记录DS记录不得在区域顶点(RFC 4035第2.4节)DS记录需要与一个NS记录共存(RFC 4592第4.6节,RFC 4035第2.4节)数据调试输出默认默认(回退)组默认PAC类型默认的SELinux用户当在SELinux映射规则中找不到匹配项时使用默认SELinux用户默认信任视图不能应用于主机上默认信任视图不能包含IPA用户默认属性默认的电子邮件域默认的新用户默认组新用户的默认组不是POSIX新用户的默认组没有找到默认组对象类默认组对象类(以逗号分割)默认主机组主目录的默认位置默认shell新用户默认shell默认票据策略不可读默认存活时间默认PAC支持服务的类型默认支持用户认证的类型默认用户认证类型默认用户组默认用户对象类默认用户对象类(以逗号分割)默认用户组为认证指标定义一个白名单。使用'otp'来允许OTP-based 2FA认证。使用'radius'来允许RADIUS-based 2FA认证。其他值可能用于自定义配置。授权授权名授权删除删除%(name)s '%(value)s'?删除ACI。删除DNS正向区。删除DNS记录条目。删除DNS资源记录。删除DNS区域(SOA记录)。删除IPA服务器。删除密钥,取消供应删除服务器删除Sudo命令组。删除Sudo命令。删除Sudo规则。删除一个CA ACL。删除一个CA。删除一个证书配置文件。删除一个DNS服务器删除一个RADIUS代理服务器。删除一个SELinux用户映射。删除一个授权。删除一个组密码策略。删除一个主机。删除一个主机组。删除一个网络组。删除一个权限。删除一个特权。删除一个角色。删除一个段。删除一个自助服务权限。删除一个计划用户。删除一个拓扑后缀。删除一个信任。删除一个用户删除一个用户,让这个用户可供将来使用删除一个用户。删除一个库容器。删除一个库。删除所有相关记录全部删除?删除一个组ID覆盖。删除一个HBAC规则。删除一个HBAC服务组。删除一个ID视图。删除一个ID覆盖。删除一个ID范围。删除一个IPA位置。删除一个IPA服务。删除一个OTP令牌。删除一个用户ID覆盖。删除一个自动成员规则。删除一个自动挂载键。删除一个自动挂载位置。删除一个自动挂载映射。删除一个存在的HBAC服务。删除域删除组。删除模式删除服务授权目标。删除服务授权。已删除ACI"%(value)s"已删除CA"%(value)s"已删除CA ACL"%(value)s"已删除DNS正向区域"%(value)s"已删除DNS服务器"%(value)s"已删除DNS区域"%(value)s"已删除组ID覆盖"%(value)s"已删除HBAC规则"%(value)s"已删除HBAC服务"%(value)s"已删除HBAC服务组"%(value)s"已删除ID视图"%(value)s"已删除ID覆盖"%(value)s"已删除ID范围"%(value)s"已删除IPA位置"%(value)s"已删除IPA服务器"%(value)s"已删除OTP令牌"%(value)s"已删除RADIUS代理服务器"%(value)s"已删除SELinux用户映射"%(value)s"已删除Sudo命令"%(value)s"已删除Sudo命令组"%(value)s"已删除Sudo规则"%(value)s"已删除用户ID覆盖"%(value)s"已删除自动成员规则"%(value)s"已删除自动挂载键"%(value)s"已删除自动挂载位置"%(value)s"已删除自动挂载映射"%(value)s"已删除授权"%(value)s"已删除组"%(value)s"已删除主机 "%(value)s"已删除主机组"%(value)s"已删除网络组"%(value)s"已删除权限"%(value)s"已删除特权"%(value)s"已删除配置文件"%(value)s"已删除记录"%(value)s"已删除角色"%(value)s"已删除段"%(value)s"已删除自助服务"%(value)s"已删除服务"%(value)s"已删除服务授权规则"%(value)s"已删除服务授权目标"%(value)s"已删除计划用户"%(value)s"已删除拓扑后缀"%(value)s"已删除信任"%(value)s"已删除用户"%(value)s"已删除库"%(value)s"已删除库容器删除一个管理组时不允许的。它必须先分离出来。从拓扑中永久地删除一台服务器。注意这是一个不可逆的操作。删除这台服务器是不允许的因为这将导致你的安装过程没有CA。删除这台服务器将使得你的安装过程没有DNS。阻止部门编号已弃用的选项已弃用;使用%s过时的;使用额外的目标过滤器描述CA描述的目的从用户"%(value)s"中分离组"%(value)s"检测确定是否将模式兼容插件配置成服务器信任域用户和用户组确定是否在该系统上运行ipa-adtrust-install国际化消息字典JSON编码IPA命令字典JSON编码IPA方法字典JSON编码IPA对象字典摘要摘要类型数字直接的直接成员纬度方向经度方向禁用禁用DNS正向区。禁用DNS区域。禁用一个CA ACL。禁用一个CA。禁用一个Sudo规则。禁用一个用户账户。禁用一个HBAC规则。禁用一个SELinux用户映射规则。禁用每个用户覆盖禁用一个服务的Kerberos密钥和SSL证书。禁用该主机的Kerberos密钥,SSL证书和所有的服务。禁用令牌禁止使用信任域中的IPA资源禁用已禁用CA"%(value)s"已禁用CA ACL"%(value)s"已禁用DNS正向区域"%(value)s"已禁用DNS区域"%(value)s"已禁用HBAC规则"%(value)s"已禁用SELinux用户映射"%(value)s"禁用Sudo规则"%s"已禁用主机"%(value)s"已禁用服务"%(value)s"已禁用信任域"%(value)s"已禁用用户账户"%(value)s"不允许${other_entity}创建${primary_key}的keytab不允许${other_entity}检索${primary_key}的keytab不允许用户,用户组,主机或主机组来创建该主机的keytab。不允许用户,用户组,主机或主机组来创建该服务的keytab。不允许用户,用户组,主机或主机组来检索该主机的keytab。不允许用户,用户组,主机或主机组来检索该服务的keytab。显示DNS资源。显示Sudo命令组。显示Sudo命令。显示Sudo规则。显示一个段。给出一个ACI名显示一个单一的ACI。显示一个自动挂载键。显示一个自动挂载位置。显示一个自动挂载映射。显示一个DNS服务器配置。显示当前权利。显示一个指定用户的有效策略显示DNS正向区信息。显示DNS区域(SOA记录)信息。显示一个RADIUS代理服务器信息。显示一个类信息。显示一个命令输出信息。显示一个命令参数信息。显示一个命令信息。显示一个授权信息。显示一个帮助主题信息。显示一个主机信息。显示一个主机组信息。显示指定组信息。显示一个命名服务授权规则信息。显示一个命名服务授权目标信息。显示一个网络组信息。显示一个权限信息。显示一个特权信息。显示范围信息。显示一个角色信息。显示一个自助服务权限信息。显示一个计划用户信息。显示信任信息。显示一个用户信息。显示一个库容器信息。显示一个库信息。显示一个组ID覆盖信息。显示一个HBAC服务组信息。显示一个HBAC服务信息。显示一个ID视图信息。显示一个ID覆盖信息。显示一个IPA位置信息。显示一个IPA服务信息。显示一个OTP令牌信息。显示一个用户ID覆盖信息。显示一个自动成员规则信息。显示密码策略信息。显示默认(回退)自动成员组的信息。显示名称显示该条目的访问权限(需要--all)。更详细的信息请查看ipa帮助页。显示当前Kerberos票据策略。显示realm域列表。显示一个CA ACL的属性。显示一个CA属性。显示一个证书配置文件的属性。显示一个SELinux用户映射规则的属性。显示一个HBAC规则的属性。显示当前Kerberos主体的用户记录不显示二维码不更新记录只返回预期的记录你还想执行DNS检查吗?你想要检查在DNS中是否有新的权威命名服务器地址你要删除kerberos别名${alias}吗?你要删除证书持有吗?你要撤销该证书吗?从下拉列表中选择一个理由。你要更新系统DNS记录吗?文档Dogtag授权ID域域'%(domain)s'不是一个森林'%(forest)s'的根域域GUID域级别域级别不能降低了。域级别不能提高到{0},服务器{1}不支持它。域NetBIOS名域SID信任域的域SID域安全标识符活动目录域的域控制器(可选的)域已启用域名不创建用户私有组下载下载证书为PEM格式文件。已忽略重复的键:已忽略重复的映射:动态更新编辑编辑${entity}有效属性邮件地址员工信息员工编号员工类型启用启用DNS正向区。启用DNS区域。启用一个CA ACL。启用一个CA。启用一个Sudo规则。启用一个用户账户。启用一个HBAC规则。启用一个SELinux用户映射规则。启用迁移模式启用或禁用匿名PKINIT。启用令牌启用已启用CA"%(value)s"已启用CA ACL"%(value)s"已启用DNS正向区域"%(value)s"已启用DNS区域"%(value)s"已启用HBAC规则"%(value)s"已启用SELinux用户映射"%(value)s"启用Sudo规则"%s"已启用服务器角色已启用信任域"%(value)s"已启用用户账户"%(value)s"加密类型要求加密类型比较失败! 已注册注册注册UUID注册UUID(没有实现)注册失败。%s 再次输入 %(label)s进行校验: 键入受信任的组名称。键入受信任的组或IPA组登录。注意:查找不列举信任域中的组。键入受信任的用户或IPA用户登录。注意:查找不列举信任域中的用户。键入受信任的用户登录。条目条目%s不存在条目%s没有找到条目RDN不是'uid'条目没有'%(attribute)s'列举应用视图的所有主机。错误错误更改帐户状态获取默认Kerberos域错误:%s。 获取初始化证书错误:%s。 解析"%1$s":%2$s错误。 解析keytab错误:%s。 在凭证缓存中存储证书错误:%s。 建立双向信任。默认信任仅是单项的。建立外部信任到另一个森林域中。信任不会在域外传递。建立使用已建立和验证交换器排斥排除的属性独占的独占的正则表达式全部展开有效期限webUI中导出插件元数据。表达式外部的外部用户组可以运行的命令(只是sudorule-find)作为用户来运行的外部用户组外部用户组可以运行的命令外部用户外部用户可以运行的命令(只是sudorule-find)规则适用的外部用户(只是sudorule-find)外部主机额外的成员外部的信任额外的目标过滤器作为其他用户运行失败作为其他用户组运行失败不允许创建keytab不允许检索keytab失败的主机/主机组登录失败失败的成员错误的所有者错误的配置文件失败的服务/服务组失败的源主机/主机组失败的目标添加失败向keytab中添加密钥失败 添加用户到默认组失败。使用'ipa group-add-member'来手动添加。CA REST API认证失败绑定服务器失败! 从s4u2proxy条目%(dn)s中清除成员主体%(principal)s失败:%(err)s为%(master)s清除Custodia密钥失败:%(err)s为%(master)s清除DNA主机名条目失败:%(err)s清除%(hostname)s DNS条目失败:%(err)s清除服务器主体/密钥失败:%(err)s关闭keytab失败 创建控制失败! 创建密钥材料失败 创建密钥失败! 创建随机密钥失败! 解码控制应答失败! 获取keytab失败 获取keytab失败! 获取结果失败:%s 打开Keytab失败 打开配置文件%s失败 打开keytab失败 打开keytab'%1$s':%2$s失败 解析配置文件%s失败 解析扩展结果失败:%s 解析结果失败:%s 移除失败从服务器列表中删除服务器%(master)s失败:%(err)s未能检索任何密钥检索加密类型%1$s (#%2$d)失败 检索加密类型#%d失败 失败的用户/用户组解码证书签名请求失败:%s失败重置时间间隔回退主要的组回退到AD DC LDAP如果移植失败是因为启用了兼容插件,则错误如果移植模式是禁用的,则错误传真号码获取域名抓取DNS区域。从信任森林中获取域失败。在error_log中查看详细信息没有找到文件 %(file)s 文件包含配置文件配置文件包含新的库密码文件包含新的库公钥文件包含旧的库密码文件包含旧的库私钥文件包含库密码文件包含库私钥文件包含库公钥从文件加载证书文件存储检索数据存储证书文件。用以存储keytab信息的文件文件名为空原始配置文件的文件名。不支持XML格式。过滤${other_entity}过滤器可用查找在服务器上找到一个服务器角色指纹指纹(SHA1)指纹类型客户端缓存的模式指纹指纹第一第一个码第一个OTP该范围的第一个Posix ID信任域范围的第一个Posix ID匹配RID范围的第一个RID次要RID范围的第一个RID令牌被第一次使用名标记下面部分没有被删除:强制强制创建DNS区域,即使它会覆盖一个已有区域。即使命名服务器无法解析,也强制创建DNS区域。即使命名服务器无法解析,也强制创建DNS区域。(不赞成)强制更新即使域在DNS中不存在,也强制添加它即使命名服务器不在DNS中,也强制改变它强制服务器删除强制服务器删除即使它不存在强制主机加入。即使已经加入了也重新加入。强制删除%(hostname)s格式错误转发器策略在IPA DNS中转发器策略阻止了它,也许是转发器指向了不正确的主机?转发到服务器而不是在本地运行仅正向区域转发器禁止转发找到'%(value)s'全名完全限定的主机名GECOS字段GIDGID(使用该选项来手动设置它)普通的生成OTP生成一个随机密码用于批量注册生成一个随机用户密码在一特定位置生成自动挂载文件。生成OTP获得获取证书全局DNS配置是空的全局信任配置全局转发器全局转发器。使用标准格式"IP_ADDRESS port PORT"为每个转发器指定一个自定义端口全局转发器策略。通过设置"none"来禁用全局转发器的所有配置。授予权限授于特权给角色授予特权组组 '%s' 不存在组ID号码组ID覆盖组ID覆盖组选项组设置组类型组容器组描述组名组对象类组对象覆盖组搜索域待覆盖的组组类型组应用于哪种规则用户组允许创建keytab的用户组允许检索keytab的用户组作为用户来运行的用户组HBAC规则HBAC规则定义了用户,用户组和主机组HBAC规则HBAC服务HBAC服务组HBAC服务组HBAC服务HBAC测试HBAC规则HBAC规则%(rule)s没有找到HBAC规则和本地成员不能被同时设置HBAC规则HBAC服务HBAC服务描述HBAC服务组HBAC服务组描述HBAC服务组待添加的HBAC服务组待移除的HBAC服务组HBAC服务待添加的HBAC服务待移除的HBAC服务HIP记录HOTP认证窗口HOTP同步窗口HTTP错误主机硬件MAC地址主机硬件平台(例如:联想T61)帮助主题隐藏隐藏细节隐藏规则匹配,不匹配或无效的细节历史大小主目录主目录水平精度主机主机'%(host)s'没有找到主机'%(hostname)s'没有相配的DNS A/AAAA记录主机证书主机组主机组设置主机组允许创建keytab的主机组允许检索keytab的主机组主机名主机设置主机类别主机类别(该属性的语义是就近解读)ACL适用于主机类别规则应用的主机类别主机组规则主机组规则主机硬件平台 (e.g. "Lenovo T61")主机已加入。 主机不被支持主机地点(如"Baltimore, MD")主机位置(如"Lab 2")主机名主机操作系统及版本(e.g. "Fedora 9")主机未分配基于主机访问控制命令主机组主机组的主机应用ID视图。请注意运行命令idview-apply后,视图并不会自动应用到主机组中的主机中去。主机名主机名(FQDN)该服务器的主机名主机允许创建keytab的主机允许检索keytab的主机ID视图不能被清除的主机或主机组。不能应用该ID视图的主机或主机组。应用过该ID视图的主机。适用于主机的视图主机应用ID视图负面响应应该被缓存多久ID范围ID范围ID视图ID视图名称ID视图已应用ID视图应用于%i主机。ID视图应用于%i主机。从%i主机中清除ID视图。从%i主机中清除ID视图。ID视图ID覆盖ID覆盖不能被重命名信任域的ID范围已存在,但它有一个不同类型。请手动删除旧的范围,或者通过--range-type选项不强制类型。ID范围类型,是ipa-ad-trust-posix,ipa-ad-trust,ipa-local中的一个ID范围类型,其中之一{vals}同名但不同域SID的ID范围已存在。新信任域的ID范围必须手动创建。IP 地址IP地址%(ip)s在域%(domain)s中已分配。IP网络创建反向区域名IPA AD信任代理IPA AD信任控制器IPA CA不能被删除IPA CA不能被禁用IPA CA更新主服务器IPA CA服务器IPA DNS记录IPA DNS服务器IPA DNS版本IPA DNSSec密钥主机IPA错误IPA KRA服务器IPA位置IPA本地描述IPA位置IPA NTP服务器当信任域的SID被指定时,IPA范围类型必须是ipa-ad-trust或ipa-ad-trust-posix中的一个当信任域的SID没有被指定时,IPA范围类型必不能是ipa-ad-trust或ipa-ad-trust-posix。IPA服务器IPA服务器角色IPA服务器角色待使用的IPA服务器IPA服务器IPA没有管理区域%(zone)s,请手动在你的DNS服务器上添加记录IPA位置名IPA位置记录IPA主服务器%(count)d次阻止来自AD DC的信任有效请求。最有可能是AD DC联系了一个没有信任信息副本的副本。同时,请检查AD DNS能将%(records)s SRV记录解析到正确的IPA服务器上。IPA主服务器IPA名称上下文没有找到 IPA对象IPA角色名IPA服务器配置为DNSSec密钥主机IPA服务器域不能被删除IPA服务器域不能被省略IPA服务主机名IPA服务器角色名IPA服务器配置为AD信任代理IPA服务器配置为AD信任控制器IPA服务器配置为证书认证机构IPA服务器配置为密钥恢复代理启用NTP的IPA服务器IPA信任IPA唯一IDIPSECKEY记录身份身份设置如果没有指定CAs,那么允许请求默认CA。如果问题仍然存在,请联系系统管理员。不检查最后的CA或DNS服务器忽略兼容插件忽略组属性忽略组对象类删除后忽略拓扑连通性问题忽略拓扑错误忽略用户属性忽略用户对象类已忽略 %(src)s 到 %(dst)s已忽略的键:忽略这些警告并给予清除忽略拓扑连通性错误。导入一个证书配置文件。导入一个权利证书。在一特定位置导入自动挂载文件。已导入的键:已导入的映射:已导入配置文件"%(value)s"包含禁用的包含启用的在测试中包含所有禁用的IPA规则在测试中包含所有启用的IPA规则【默认】包含包含的属性兼容的兼容的正则表达式提供了不兼容的选项(-r和-P) 间接的间接成员HBAC服务间接成员HBAC服务组间接成员组间接成员主机组间接成员主机间接成员网络组间接HBAC规则成员间接Sudo规则成员间接组成员间接主机组成员间接网络组成员间接角色成员间接角色成员间接成员权限间接成员用户间接成员继承了服务器配置HOTP令牌初始计数器左节点初始化右节点初始化名字的首字母多次指定输入数据输入文件名输入包含无效的或缺失的值。对条目'%s'没有'add'权限。对条目'%s'的'krbLastPwdChange'属性没有'write'权限。对条目'%s'的'userCertificate'属性没有'write'权限。访问受限:%(info)s没有权限创建主题alt名为'%s'的证书。内部错误无效的JSON-RPC请求: %(error)s无效的LDAP URI。无效的MCS值,必须匹配c[0-1023].c[0-1023] and/or c[0-1023]-c[0-c0123]无效的MLS值,必须匹配s[0-15](-s[0-15])无效的服务主体名 无效的证书无效的格式。应该是“名称=值”无效的部分!无效的或者不支持的类型。允许的值是:%s无效的或不支持的库公钥:%s无效的库类型区域活跃吗?发布发布新证书为${entity} ${primary_key}发布新证书发布方签发日期颁发给发布于发布到发行人证书颁发机构名字发行人专有名称发行CA它仅被用来设置SOA MNAME属性。职称加入一个IPA域KEY算法KEY标记KEY协议KEY公钥KEY记录KRA服务没有启用KX交换器KX优先权KX记录没有找到Kerberos凭证缓存。你有Kerberos票据吗? Kerberos密钥没有找到Kerberos密钥找到Kerberos密钥,主机分配找到Kerberos密钥,服务分配Kerberos服务主体名Kerberos票据策略没有找到Kerberos用户主体。你有有效的凭证缓存吗? Kerberos文本初始化失败 Kerberos文本初始化失败:%1$s (%2$d) Kerberos 错误: %(major)s/%(minor)sKerberos密码可用Kerberos主体Kerberos主体%s已存在。使用'ipa user-mod'来手动设置它。Kerberos主体过期该主机的Kerberos主体名键密钥泄露键标记Keytab文件名Keytab检索成功并将其存储在:%s LDAP URILDAP密码LDAP密码(如果没有使用Kerberos)LDAP模式用户和用户组的LDAP范围查找:基,一级,或子树。默认是一级待管理的LDAP后缀LDAP超时LOC高度LOC纬度方向LOC经度方向LOC水平精度LOC分钟纬度LOC分钟经度LOC秒纬度LOC秒经度LOC大小LOC垂直精度LOC记录级别分类最后令牌被最后一次使用上一次认证失败姓上一次认证成功开头和结尾空格是不允许的左节点左复制节点-IPA服务器合法的LDAP过滤(例如:ou=Engineering)TOTP令牌码有效长度级别所有服务库列表所有用户库列表IPA主服务器配置为DNS服务器列表所有IPA主服务器列表删除失败的列表已启用角色列表公布给出位置的服务器列表信任域列表更新成功。使用trustdomain-find命令来列举它们。对象移植列表;按类型分类。不能移植的对象列表;按类型分类。从文件加载LDAP服务器的CA证书本地域位置位置位置名ACI的位置锁定时间登录登录登录shell注销注销错误数字越低代表优先级越高。客户端尝试用它们可以得到的最低数字优先级区访问URI。数字越低代表优先级越高。客户端尝试用它们可以得到的最低数字优先级区访问服务器。MAC地址MX交换器MX优先权MX记录邮件地址有缺陷的主体:'%(value)s'管理指定组的密码策略管理指定用户的票据策略已管理的LDAP后缀DN管理的后缀已管理的后缀管理拓扑需要最小的域级别${domainlevel}管理者管理映射映射类型令牌标记为禁用(默认:错误的)主文件匹配已匹配规则匹配类型最高域级别最大失败次数最长存活期最大生存期(天)最大的时间(秒)搜索(-1或0表示无限制)最大的时间(秒)搜索(>0,或-1表示无限制)最高域级别返回的最大证书数返回的最大条目数返回的最大条目数(0代表无限制)最大数量的搜索记录(-1表示无限制)最大数量的搜索记录(-1或0表示无限制)当没有使用--rules来指定规则时,能处理的最大规则数最小密码生存周期必须比最小值大。最大密码生存期(天)最大序列号票据最长存活期(秒)最大用户名长度最大值是${value}可能不是闲置的成员组成员HBAC服务成员HBAC服务组成员主机成员主机组成员Sudo命令成员用户成员组主机组成员成员主机成员网络组隶属于HBAC规则的成员HBAC服务组成员Sudo规则的成员组成员组成员组成员主机组成员网络组成员成员主体成员服务组成员服务成员用户信任域的成员是“DOM\名称”或“名称@域名”格式不能被添加的成员不能被移除的成员方法名方法将DS中的用户和用户组移植到IPA。迁移模式是禁用的。 使用'ipa config-mod --enable-migration=TRUE'来启用它。LDAP搜索帮助移植不支持。最低域级别最小长度最小生存期(小时)最低域级别最短密码长度最小字符类数量最小密码生存期(小时)最小序列号最小值是${value}分钟纬度分钟经度杂项信息缺少新的库公钥丢失或者无效的 HTTP Referer, %(referer)s缺少应答控制列表! 缺少应答控制! 缺失值:缺少库私钥缺少库公钥移动电话号码模式已修改已修改"%(value)s"信任配置已修改ACI"%(value)s"已修改CA"%(value)s"已修改CA ACL"%(value)s"已修改配置文件"%(value)s"已修改DNS服务器"%(value)s"已修改HBAC规则"%(value)s"已修改HBAC服务"%(value)s"已修改HBAC服务组"%(value)s"已修改ID范围"%(value)s"已修改IPA位置"%(value)s"已修改IPA服务器"%(value)s"已修改OTP令牌"%(value)s"已修改RADIUS代理服务器"%(value)s"已修改SELinux用户映射"%(value)s"已修改Sudo命令"%(value)s"已修改Sudo命令组"%(value)s"已修改Sudo规则"%(value)s"已修改一个组ID覆盖"%(value)s"已修改一个ID视图"%(value)s"已修改一个ID覆盖"%(value)s"已修改一个用户ID覆盖"%(value)s"已修改自动成员规则"%(value)s"已修改自动挂载键"%(value)s"已修改自动挂载映射"%(value)s"已修改授权"%(value)s"已修改组"%(value)s"已修改主机 "%(value)s"已修改主机组"%(value)s"已修改网络组"%(value)s"已修改权限"%(value)s"已修改特权"%(value)s"已修改角色"%(value)s"已修改段"%(value)s"已修改自助服务"%(value)s"已修改服务"%(value)s"已修改计划用户"%(value)s"已修改拓扑后缀"%(value)s"已修改信任"%(value)s"(改变将在60s内生效)已修改用户"%(value)s"已修改库"%(value)s"已修改:密钥没有设置修改 %(name)s '%(value)s'?修改ACI。修改CA配置。修改证书配置文件配置。修改DNS正向区。修改DNS服务器配置修改DNS区域(SOA记录)。修改ID范围。修改ID范围。 {0} 修改Kerberos票据策略。修改OTP配置选项。修改Sudo命令组。修改Sudo命令。修改Sudo规则。修改一个CA ACL。修改DNS资源记录。修改一个OTP令牌。修改一个RADIUS代理服务器。修改一个SELinux用户映射。修改一个授权。修改一个组密码策略。修改一个组。修改一个主机组。修改一个网络组。修改一个权限。修改一个特权。修改一个角色。修改一个段。修改一个自助服务权限。修改一个计划用户。修改一个拓扑后缀。修改一个用户。修改一个库。修改一个组ID覆盖。修改一个HBAC规则。修改一个HBAC服务组。修改一个HBAC服务。修改一个ID视图。修改一个ID覆盖。修改一个用户ID覆盖。修改一个自动成员规则。修改一个自动挂载键。修改一个自动挂载映射。修改一个已存在的IPA服务。修改配置选项修改全局DNS配置。修改全局信任配置。修改主机信息修改一个IPA位置信息。修改一个IPA服务器信息。修改realm域。修改信任的信任域找到不止一个拥有键%(key)s的条目,使用--info来选择指定条目。挂载信息挂载点将已删除用户移植到计划区域多值必须是一个小数必须是一个UTC时间值(例如:"2014-01-20 17:58:01Z")必须是一个整数NAPTR标记NAPTR规则NAPTR优先权NAPTR正则表达式NAPTR替换NAPTR服务NAPTR记录NIS域名NONE值不能与其他PAC类型相结合NS主机名NS记录NS记录是不能和一个%(type)s记录共存的,除非它位于根区域记录(RFC 2181,第6.节)NS记录可以在带'@'的区域被编辑。NSEC下一个域名NSEC类型映射NSEC记录NSEC3记录NSEC3PARAM记录NSEC3PARAM区记录格式:散列算法 标记 迭代 盐值名称导出命令的名称主机组名称签发的CA名称导出方法的名称导出对象的名称父自动挂载映射名(默认:auto.master)。信任域的名称命名服务器'%(host)s'没有相配的DNS A/AAAA记录命名服务器的反向区域不能是一个相对的DNS名没有提供--del-all或者选项来删除一个特定的记录。 可以使用命令帮助来查询所有支持的记录类型。以嵌套的方法来执行NetBIOS名称网络组网络组设置网络组描述网络组名称网络组网络服务新的ACI名新证书新密码新的主体密码新测试新的kerberos主体别名新的挂载信息需要新密码多次指定新公钥新的库密码新的:密钥没有设置新的:密钥已设置下一个下一个域名没有找到A,AAAA,SSHFP和PTR记录。在请求的主题中找不到通用名。在IPA位置%(location)s没有DNS服务器。没有DNS服务器位置是不会按预期工作的。没有安装DNSSEC密钥主机。DNSSEC区域签名不会工作直到安装DNSSEC密钥主机。无效的证书没有归档数据。没有找到凭证缓存没有设置(回滚)组没有条目。无文件可读没有空闲的YubiKey槽!没有KDC可接受的密钥 发现了不匹配的条目没有提供选项来删除具体的记录。没有提供选项来修改具体的记录。没有权限将该主机加入到IPA域。 没有私有组没有响应该条目没有这样的属性没有这样的虚拟命令没有系统首选的加密类型?! 信任域已配置%s没有值无需等待在keytab文件%s中没有写权限 从CA REST API的Non-2xx响应:%(status)d. %(explanation)s非活动目录域非POSIX不存在或无效的规则不传递外部信任到另一个活动目录森林的域中临时的不晚于不早于不是一个管理组不是一个有效的IP地址不是一个有效的IPv4地址不是一个有效的IPv6地址不是一个有效的网络地址(例如:2001:db8::/64, 192.0.2.0/24)在非叶子条目上是不允许的执行信任设置时没有指定足够的参数不匹配规则尚未注册概述该范围的ID数已添加的条件数已移除的条件数密码即将过期通知天数每个令牌码拥有的数字个数返回的条目数有ID视图未被设置的主机数量:应用过该ID视图的主机数量:已添加的成员数已移除成员数已添加的所有者数待移除的所有者数已添加权限数已移除权限数已加载插件数已添加特权数已移除权限数在超时和失败前LDAP操作从远程复制服务器等待回应的用去的秒数返回变量数(<= total)OTPOTP配置OTP令牌OTP令牌设置OTP令牌OTP配置选项OTP设置OTP令牌OTP令牌在DS中被用户组条目所忽略的对象类在DS中被用户条目所忽略的对象类在DS中用户查找用户组条目的对象类在DS中用于查找用户条目的对象类旧的库密码旧的库私钥一次性密码需要组,权限或它们自己中的一个一次性密码命令一次性密码没有找到一次性密码找到一次性密码只允许一个值每个区域名只允许一种区域类型当添加一个AD信任时仅有ipa-ad-trust和ipa-ad-trust-posix允许--range-type值。主机操作系统版本(例如:Fedora 9)操作系统操作失败:%s 操作错误已添加选项选项组当IPA范围类型是ipa-ad-trust-posix时,选项rid-base不能使用选项选项dom-sid和dom-name不能被同时使用选项dom-sid和rid-base必须同时使用选项dom-sid和secondary-rid-base不能同时使用选项dom-sid/dom-name和rid-base必须同时使用选项dom-sid/dom-name和secondary-rid-base不能同时使用选项secondary-rid-base和rid-base必须同时使用规则按SELinux用户优先级递增顺序排列,以$分割组织单位组织组织单位原始DN子树原始TTL其他记录类型我们的域没有配置内存不足! 内存不足 内存不足 内存不足!内存不足! 内存不足!? 输出文件名仅输出错误覆盖默认支持的PAC类型列表。使用'NONE'来禁用该服务的PAC支持覆盖默认支持的PAC类型列表。使用'NONE'来禁用该服务的PAC支持,例如,这可能是NFS服务的必要条件。覆盖已存在的密码覆盖继承设置覆盖GID所有者所有者%s所有者用户组所有者服务所有者用户不能被添加的所有者不能被移除的所有者PAC类型PTR主机名PTR记录页传真号码参数父映射解析所有的原始DNS记录并以有条理的方式返回它们解析错误密码密码过期通知(天)密码策略密码策略密码不能在注册主机上设置。完成密码更改密码过期密码历史大小密码或密码+一次性密码密码插件功能密码重置失败。多次指定密码密码用于批量注册密码不匹配密码不匹配!密码已迁移成pre-hashed格式。IPA不能生成Kerberos密钥,除非提供明文密码。所有移植过的用户在能使用他们的Kerberos账号之前需要登录https://your.domain/ipa/migration/。密码必须匹配Per-server有条件的转发器策略。设置为"none"来禁止该区域转发至全局转发器。那样的话,有条件的区域转发器被忽视了。Per-server转发器。使用标准格式"IP_ADDRESS port PORT"为每个转发器指定一个自定义端口Per-zone转发器。使用标准格式"IP_ADDRESS port PORT"为每个转发器指定一个自定义端口一段时间后失败次数将被重置(秒)锁定持续时间(秒)权限ACI授予访问的权限权限阻止:%(file)s权限标记权限名称权限设置权限类型权限值带有标记%s的权限可能不能被修改或删除权限委托权限(读,写)。默认是写。授予权限(读,写,添加,删除,全部)允许的加密类型允许颁发证书Ping一台远程服务器。平台请选择一个待添加的DNS资源记录类型请指定转发器。请尝试下面选项:策略端口位置参数位置参数服务需要预认证预先共享的密码预定义的配置文件'%(profile_id)s'不能被删除优先权该交换器的优先级。值越低优先级越高首选语言前缀用来区分ACI类型(权限,授权,自助,无)备用用户备用用户上一个主要的RID基主要RID范围和次要RID范围不能覆盖主键唯一主体不能认证主体%(principal)s:%(message)s主体'%(principal)s'不允许使用含配置文件'%(profile_id)s'的CA '%(ca)s'来发布证书。在主题alt名中的主体'%s'与请求的主体不匹配主体别名该证书的主体(例如:HTTP/test.example.com)主体不是这种格式user@REALM:'%(principal)s'主机名打印尽可能少打印调试信息打印存储在服务器上的条目。仅影响输出格式。以GSSAPI模式打印原始的XML-RPC输出优先级优先级(顺序)策略优先级(数字越大意味着优先级越低多次指定私钥特权特权设置特权撤销特权描述特权名特权配置文件ID配置文件ID '%(cli_value)s'与配置文件数据'%(file_value)s'不匹配指向该配置文件的配置文件ID配置文件类别ACL适用于配置文件类别配置文件配置配置储存在文件'%(file)s'中配置文件描述配置文件提示设置用户密码预期的协议公钥公钥多次指定公钥二维码的宽度大于tty的输出。请调整你的终端。数量查询当前域级别。返回比配置大小限制更多的结果。显示第一个${counter}结果。快速链接单用户模式。仅显示错误。RADIUS代理服务器设置RADIUS代理服务器RADIUS代理服务器RADIUS代理配置RADIUS代理服务器RADIUS代理服务器名称RADIUS代理服务器RADIUS代理名称REST API没有登录。RFC4120-兼容的Kerberos域RFC822名称与任何用户的电子邮件地址都不匹配RP记录RPC命令用于记录当前用户的会话。RRSIG算法RRSIG密钥标记RRSIG分类RRSIG原始TTLRRSIG签名RRSIG签名过期RRSIG签名开端RRSIG签名者的名字RRSIG类型覆盖RRSIG记录随机密码范围设置范围名称范围大小范围类型原始的%s记录原始的记录原始的A6记录原始的AAAA记录原始的AFSDB记录原始的APL记录原始的CERT记录原始的CNAME记录原始的DHCID记录原始的DLV记录原始的DNAME记录原始的DNSKEY记录原始的DS记录原始的HIP记录原始的IPSECKEY记录原始的KEY记录原始的KX记录原始的LOC记录原始的MX记录原始的NAPTR记录原始的NS记录原始的NSEC记录原始的NSEC3记录原始的PTR记录原始的RP记录原始的RRSIG记录原始的SIG记录原始的SPF记录原始的SRV记录原始的SSHFP记录原始的TA记录原始的TKEY记录原始的TLSA记录原始的TSIG记录原始的TXT记录原始的目标过滤器DNS记录的原始值已被设定为"%(name)s"选项重建信任域"%(value)s"重新同步在权利服务器上的本地权利缓存。Realm域域管理员密码应该被指定Realm域域名Realm-domain不匹配原因撤销理由撤消证书的原因(0-10)撤销证书的原因(0-10)。输入"ipa help cert"来查看详细撤销原因。重建自动成员记录类型记录创建失败。记录数据记录名记录没有找到。记录类型记录DNS区域记录重定向重定向到PTR记录更新刷新与信任相关的域列表刷新页面。注册密码正则表达式相对记录名'%(record)s'将区域名'%(zone)s'当作一个后缀,导致FQDN '%(fqdn)s'。这通常是由于在名称规范后缺少一个点号引起的错误。拥有相同优先级条目的相对权重。从服务器重新加载当前设置。重新加载浏览器。远程IPA服务器主机名远程服务器名称删除${entity}从${other_entity}中移除${entity} ${primary_key}移除${other_entity}管理${entity} ${primary_key}从${entity} ${primary_key}中移除${other_entity}移除被IPA DNS管理的主机的A,AAAA,SSHFP和PTR记录从${entity} ${primary_key}中移除允许${other_entity}从一个CA ACL中移除CAs。删除证书持有为${entity} ${primary_key}删除证书持有从${entity} ${primary_key}中移除阻止${other_entity}删除持有删除Kerberos别名删除权限从${entity} ${primary_key}中移除RunAs ${other_entity}从${entity} ${primary_key}中移除RunAs用户组从一个计划用户条目中移除一个管理员向一个用户条目中移除一个管理员为每个正向区访问授权移除一个权限。为每个区访问授权移除一个权限。删除该域中的所有主体从Sudo规则中移除一个选项。从一个服务中移除证书从主机条目中移除证书移除受Sudo规则影响的命令和命令组。从一个自动成员规则中移除条件。对所有不匹配的条目移除默认(回退)组。从DNS中移除条目从CRL中删除删除持有移除受Sudo规则影响的主机和主机组。移除可以管理该主机的主机。移除可以管理该服务的主机。移除与信任相关的域信息。从一个命名服务授权规则中移除成员。从一个命名服务授权目标中移除成员。从一个命名服务授权中删除成员。从Sudo命令组中移除成员。从一个组中移除成员。从一个主机组中移除成员。从一个网络组中移除成员。从一个权限中移除成员。从特权中移除成员从一个角色中移除成员。从一个库中移除成员。从一个HBAC服务组中移除成员。从id覆盖用户条目中移除一个或多个证书向用户条目中移除一个或多个证书从一个库容器中移除所有者。从一个库中移除所有者。从特权中移除权限。从一个主机条目中移除主体别名从一个服务中删除主体别名从用户条目中删除主体别名从一个角色中移除权限。从一个CA ACL中移除配置文件。从一个HBAC规则中移除服务和服务组。从一个CA ACL中移除服务。从一个HBAC规则中移除源主机和主机组。从一个命名服务授权规则中移除目标。从一个CA ACL中移除目标主机和主机组。从一个HBAC规则中移除目标主机和主机组。从一个SELinux用户映射规则中移除目标主机和主机组。移除受Sudo规则影响的用户和用户组。从一个CA ACL中移除用户和用户组。从一个HBAC规则中移除用户和用户组。向SELinux用户映射规则中移除用户和用户组。移除可以管理该令牌的用户。已从主机"%(value)s"中移除别名已从用户"%(value)s"中删除别名已从服务主体"%(value)s"中删除别名已从主机"%(value)s"中移除证书已从id覆盖用户"%(value)s"中移除证书已从服务主体"%(value)s"中删除证书已为用户"%(value)s"删除证书已从"%(value)s"中移除条件已为自动成员"%(value)s"移除默认(回滚)组删除信任域"%(value)s"的信息已从Sudo规则"%(rule)s"中移除"%(option)s"已移除系统权限"%(value)s"从复制拓扑中移除%(servers)s,请稍后...删除主体%s 重命名重命名一个ACI。重命名%(ldap_obj_name)s对象重命名DNS资源记录对象重命名组ID覆盖对象重命名ID视图对象重命名OTP令牌对象重命名RADIUS代理服务器对象重命名用户ID覆盖对象重命名自动挂载键对象重命名组对象重命名权限对象重命名特权对象重命名角色对象重命名计划用户对象重命名用户对象已重命名ACI为"%(value)s"为IPA证书认证机构更新主服务器替换副本是活跃的DNSSEC密钥主机。卸载会导致你DNS系统崩溃。首先请禁用或替代DNSSEC密钥主机。启用复制协议复制配置副本更新段:要求"%(pkey)s"。复制拓扑的后缀"%(suffix)s"包含错误。复制拓扑的后缀"%(suffix)s"是按序的。请求一个完整的从另一个节点检索数据的节点重初始化。请求失败状态%(status)s:%(reason)s请求号请求缺少"method"请求缺少"params"请求必须是一个字典请求状态必需的必需字段需要预认证重置重置Kerberos票据策略为默认值。重置OTP重置一次性密码重置密码重置密码并登录重置你的密码。在DNS中解析主机名。在DNS中解析主机名。(不赞成)在信任域中重新解析用户和用户组的安全标识符CA响应是无效的JSON恢复结果模拟结果命令返回值结果被截断,请尝试更明确的搜索结果应该只包括主键属性("%s")结果应该只包括主键属性("anchor")结果应该只包括主键属性("certificate")结果应该只包括主键属性("cn")结果应该只包括主键属性("command")结果应该只包括主键属性("delegation-name")结果应该只包括主键属性("domain")结果应该只包括主键属性("group")结果应该只包括主键属性("group-name")结果应该只包括主键属性("hostgroup-name")结果应该只包括主键属性("hostname")结果应该只包括主键属性("id")结果应该只包括主键属性("location")结果应该只包括主键属性("login")结果应该只包括主键属性("map")结果应该只包括主键属性("name")结果应该只包括主键属性("principal")结果应该只包括主键属性("realm")结果应该只包括主键属性("service")结果应该只包括主键属性("sudocmdgroup-name")结果应该只包括主键属性("sudorule-name")重试从库中检索一个数据。检索一个已存在的证书。从服务器检索和打印所有属性。影响命令输出。检索当前密钥不去改变它们检索权利证书。从库"%(value)s"中检索数据检索CA证书链失败:%s检索CA状态失败%d检索CA状态失败:%s重试用pre-4.0 keytab检索方法重试... 返回到主页面并重试操作在反向区域%(zone)s中IP地址为%(ip)s的反向记录已存在。反向区域%(name)s恰好需要%(count)d个IP地址组件,已给出%(user_count)d反向区域IP网络反向区域的PTR记录应该是下面完全其中一个限制域:%s的子区域返回撤消原因撤回撤销证书为${entity} ${primary_key}撤销证书撤销证书。撤销撤销于撤销到右节点右复制节点-IPA服务器权限授予权限(读,查找,比较,写,添加,删除,全部)角色角色设置角色名角色状态角色信任的根域总是支持现有的信任规则名规则状态规则类型规则类型(允许)规则带测试规则。如果没有指定,--enable是假定的允许命令允许测试作为一个用户来运行作为任何一个有指定组用户来运行以一个指定POSIX组的gid来运行作为外部用户组来运行作为外部用户来运行作为用户组类别来运行作为规则适用的用户组类别来运行作为用户组来运行作为用户类别来运行作为规则适用的用户类别来运行作为用户来运行作为组来运行不能接受'%(name)s'来作为一个组名作为用户来运行不能接受'%(name)s'来作为一个组名作为用户来运行不能接受'%(name)s'来作为一个用户名SELinux选项SELinux用户SELinux用户映射规则SELinux用户映射规则SELinux用户映射规则SELinux用户映射规则SELinux用户%(user)s在顺序列表中(配置)没有找到SELinux用户'%(user)s'是无效的:%(error)sSELinux用户映射默认用户没有在列表中SELinux用户映射列表在配置中没有找到SELinux 用户映射订单SHA1指纹SHA256指纹进来的SID黑名单出去的SID黑名单SID黑名单SID不能匹配任何信任域SID不能完全匹配任何信任域的SID指定信任域名的SID没有找到。请使用dom-sid选项直接指定SID。对于一个信任域来说,SID不被认为是一个有效的SIDSID是无效的SIG算法SIG密钥标记SIG分类SIG原始TTLSIG签名SIG签名过期SIG签名开端SIG签名者的名字SIG类型覆盖SIG记录SOA类SOA到期SOA最低值SOA mname(权威服务器)覆盖SOA mname覆盖SOA记录类SOA记录到期时间SOA记录刷新时间SOA记录重试时间SOA记录编号SOA记录存活时间SOA刷新SOA重试SOA序列SOA存活时间SPF记录SRV端口SRV优先级SRV目标SRV重量SRV记录SSH公钥SSH公钥指纹SSH公钥:SSH公钥SSHFP算法SSHFP指纹SSHFP指纹类型SSHFP记录SSSD不能将对象解析成一个有效的SID盐值相同于 --%s保存模式是最新的(FP '%(fingerprint)s', TTL %(ttl)s s)查找查找选项查找命令参数。查找信任域查找有这些%(relationship)s %(ldap_object)s的%(searched_object)s。查找没有%(relationship)s %(ldap_object)s的%(searched_object)s。在rootdse中查找%1$s失败,错误%2$d 查找CA ACLs。查找CAs。查找证书配置文件。查找DNS正向区。查找DNS资源。查找DNS服务器。查找DNS区域(SOA记录)。查找HBAC规则。查找HBAC服务。查找IPA位置。查找IPA名称上下文失败,错误%d 查找IPA服务器。查找IPA服务。查找OTP令牌。查找RADIUS代理服务器。查找SELinux用户映射。查找Sudo命令组。查找Sudo命令。查找Sudo规则。查找一个网络组。查找一个自助服务权限。查找一个组ID覆盖。查找一个HBAC服务组。查找一个ID视图。查找一个ID覆盖。查找一个用户ID覆盖。查找一个自动挂载键。查找一个自动挂载位置。查找一个自动挂载映射。查找自动成员规则。查找含这些所有者%s的证书。查找不含这些所有者%s的证书。查找类。查找命令输出。查找命令。查找授权。查找权利账户。查找已存在的证书。仅查找正向区域查找组密码策略。查找包含这些成员用户组的组。查找包含这些HBAC规则成员的组。查找包含这些组成员的组。查找包含这些网络组成员的组。查找包含这些角色成员的组。查找包含这些sudo规则成员的组。查找包含这些成员用户的组。查找不包含这些成员用户组的组。查找不包含这些HBAC规则成员的组。查找不包含这些组成员的组。查找不包含这些网络组成员的组。查找不包含这些角色成员的组。查找不包含这些sudo规则成员的组。查找不包含这些成员用户的组。查找组。查找帮助主题。查找包含这些成员主机组的主机组。查找包含这些成员主机的主机组。查找包含这些HBAC规则成员的主机组。查找包含这些主机组成员的主机组。查找包含这些网络组成员的主机组。查找包含这些sudo规则成员的主机组。查找不包含这些成员主机组的主机组。查找不包含这些成员主机的主机组。查找不包含这些HBAC规则成员的主机组。查找不包含这些主机组成员的主机组。查找不包含这些网络组成员的主机组。查找不包含这些sudo规则成员的主机组。查找主机组。查找包含用户注册的主机。查找由该主机管理的主机。查找管理该主机的主机。查找包含这些HBAC规则成员的主机。查找包含这些主机组成员的主机。查找包含这些网络组成员的主机。查找包含这些角色成员的主机。查找包含这些sudo规则成员的主机。查找不包含用户注册的主机。查找不由该主机管理的主机。查找不管理该主机的主机。查找不包含这些HBAC规则成员的主机。查找不包含这些主机组成员的主机。查找不包含这些网络组成员的主机。查找不包含这些角色成员的主机。查找不包含这些sudo规则成员的主机。查找主机。查找ipa证书根主题失败,错误%d查找包含这些成员用户组的网络组。查找包含这些成员主机组的网络组。查找包含这些成员主机的网络组。查找包含这些成员网络组的网络组。查找包含这些网络组成员的网络组。查找包含这些成员用户的网络组。查找不包含这些成员用户组的网络组。查找不包含这些成员主机组的网络组。查找不包含这些成员主机的网络组。查找不包含这些成员网络组的网络组。查找不包含这些网络组成员的网络组。查找不包含这些成员用户的网络组。查找权限。查找特权。查找范围。查找角色。查找包含这些管理后缀的服务器。查找不包含这些管理后缀的服务器。查找服务授权目标。查找服务授权规则。查找那些由主机管理的服务。查找那些不由主机管理的服务。查找包含这些HBAC规则成员的计划用户。查找包含这些组成员的计划用户。查找包含这些网络组成员的计划用户。查找包含这些角色成员的计划用户。查找包含这些sudo规则成员的计划用户。查找不包含这些HBAC规则成员的计划用户。查找不包含这些组成员的计划用户。查找不包含这些网络组成员的计划用户。查找不包含这些角色成员的计划用户。查找不包含这些sudo规则成员的计划用户。查找计划用户。查找拓扑段。查找拓扑后缀。查找信任。查找包含这些HBAC规则成员的用户。查找包含这些组成员的用户。查找包含这些网络组成员的用户。查找包含这些角色成员的用户。查找包含这些sudo规则成员的用户。查找不包含这些HBAC规则成员的用户。查找不包含这些组成员的用户。查找不包含这些网络组成员的用户。查找不包含这些角色成员的用户。查找不包含这些sudo规则成员的用户。查找用户。查找库。查找结果被截断:%(reason)s范围查找搜索大小限制搜索时间限制第二个码第二个OTP次要的RID基秒纬度秒经度密码安全标识符安全标识符(SIDs)部分细节段名称选择全部选择要删除的条目。选择器自己自助服务权限自助服务权限自助服务名%(label)s语义已改变了。%(current_behavior)s %(hint)s分号分割的IP地址或网络列表允许被查询分号分割的IP地址或网络列表允许被传输敏感的序列号序列号序列号(十六进制)序列号序列号(十六进制)十进制序列号或者以0x为前缀的十六进制序列号服务器服务器%(srv)s不能连接服务器: %(replicas)s服务器名服务器角色服务器角色服务器已被删除服务器位置服务名称服务器名没有提供或不可用 服务器删除失败:%(reason)s。服务器将检查DNS转发器。服务器服务器详细信息:本地服务器属于IPA位置的服务器服务应用改变的配置需要在IPA服务器%(server)s上重启服务%(service)s。在Kerberos数据库中没有找到服务'%(service)s'服务证书服务组服务选项服务设置服务类别ACL适用于服务类别规则应用的服务类别服务授权规则服务授权规则服务授权目标服务授权目标服务组名称服务名服务库的服务名服务主体服务主体别名该证书服务主体(例如:HTTP/test.example.com)服务主体不是这种格式:服务名/完全限定的主机名:%(reason)s需要服务主体服务,共享的和用户选项不能被同时指定服务,共享的和用户选项不能被同时指定服务,共享的和用户选项不能被同时指定服务会话错误会话超时设置设置域级别设置OTP设置一次性密码设置SSH公钥设置一个用户的密码。一个属性设置为一个名称/值对。格式是属性=值。对于多值属性,命令替换已存在的值。对所有不匹配的条目设置默认(回退)组。已为自动成员"%(value)s"设置默认(回滚)组设置共享库显示显示IPA服务器。显示二维码显示结果显示所有加载的插件。显示配置uri显示细节显示环境变量。显示全局信任配置。显示已管理的后缀。显示服务器角色状态显示当前OTP配置。显示当前配置。显示当前全局DNS配置。显示允许的加密类型列表并退出显示库配置。显示/设置密钥从${start}到${end}显示${total}条目。签名签名过期签名开端签名者的名字简单绑定失败 模拟使用基于主机访问控制大小大小限制数据大小超出限制。目前库数据大小限制为 %(limit)d B信任域ID范围的大小忽略DNS检查不检查最后一个CA主服务器或DNS服务器是否被删除了忽略覆盖检查已忽略 %(key)s已忽略 %(map)s一些条目没有被删除一些操作失败。源主机组源主机源主机源主机类别规则应用的源主机类别指定的CAs指定的命令和命令组指定的组指定的主机和主机组指定的配置文件指定的服务和服务组指定的用户和用户组指定存储keytab信息的位置。指定外部的${entity}呈现计划用户计划用户计划用户%s已激活计划用户标准记录类型州/省状态角色状态停止副本更新段:要求"%(pkey)s"。存储已发布证书街道地址有条理的主题证书持有者名字主题DN已被CA'%s'使用主题DNS名主题的专有名称主题EDI参与方名称主题IP地址主题Kerberos主体名主题OID主题别名主题UPN主题URI主题X.400地址主题alt名称类型%s被禁止主题目录名主题电子邮件地址提交一个证书签名请求。子树子类型成功Sudo运行命令组Sudo允许命令Sudo命令Sudo命令组Sudo命令组Sudo命令Sudo阻止命令组Sudo阻止命令Sudo选项Sudo规则Sudo规则Sudo命令后缀名称作废的支持的加密类型: 抑制成员属性的处理。同步OTP令牌同步一个OTP令牌。语法错误:%(error)s系统DNS记录已更新TA记录TKEY记录TLSA证书关联数据TLSA证书用途TLSA匹配类型TLSA选择器TLSA记录TOTP同步窗口TOTP认证窗口TOTP认证时间差异(秒)TOTP同步时间差异(秒)TOTP令牌/FreeIPA服务器时差TSIG记录TXT文本数据TXT记录目标目标DN目标DN子树目标统一资源标识符目标统一资源标识符依据RFC 3986目标组目标主机一个组的目标成员组目标成员(设置隶属于目标过滤器)目标反向区域没有找到。设定你自己的条目任务DN任务DN = '%s'电话号码测试ACI语法但不写任何东西文本数据文本不匹配字段模式--domain选项不能和--add-domain或--del-domain选项一起使用。使用--domain来显示地指定整个realm域列表,添加/删除个别域,使用--add-domain/--del-domain。ACI权限%(name)s在%(dn)s中没有找到IPA域不能创建域%(domain)s中的_kerberos TXT记录(%(error)s)。可能是因为该区域没有被IPA管理。请手动创建该记录,包含下面值:'%(realm)s'不能移除域%(domain)s中的_kerberos TXT记录(%(error)s)。可能是因为该区域没有被IPA管理。请手动移除该记录。信息为%(info)s的自动挂载键%(key)s不存在字符%(char)r是不允许的。默认的用户组不成被删除阻止类型已被弃用。目标主机的域名或是'.'如果服务在该域中明显不存在下面的域不属于该realm:%(domains)s组不存在主机名必须是完全限制的:%s 主机名必须不能是:%s 主机名或IP(有或没有端口)反向记录指向的主机名“键,信息”对必须是唯一的。信息为%(info)s的键名%(key)s已存在这种区域的最常见类型是: %s 重试认证的次数你输入的密码或用户名不正确。该请求的主题不存在。为主体获取一个keytab(例如:ftp/ftp.example.com@EXAMPLE.COM)从keytab中待删除的主体(例如:ftp/ftp.example.com@EXAMPLE.COM)主体域在该IPA服务器域中不匹配下面域的realm不能被检测到:%(domains)s。如果有属于该realm的域,请为它们创建一个包含"%(realm)s"的_kerberos TXT记录。用在LDAP服务器上的模式。支持值是RFC2307和RFC2307bis。默认值时RFC2307bis查找条件不够具体。预期1和找到%(found)d。密码用于数据加密服务可以代表一个客户端进行认证在证书请求中主题alt名为%s的服务主体不存在主题或命令名。所有重试总超时(秒)用户对象的用户名属性用户名,密码或令牌码不争取这个命令在本地IPA域中不能用来改变ID分配。运行`ipa help idrange`查看更多信息该命令依赖于"editors"组的存在,但是该组没有找到。该命令需要root访问权限条目已经存在条目不能被启用或禁用条目已经时一个成员条目已禁用条目已启用条目不是一个成员该组已允许外部成员该组不是posix因为它是外部的这已经是一个posix组这已经是一个posix组了,并且不能转换为外部的这可能需要一些时间,请稍等...这个页面有未保存的更改。请保存或恢复。这个主体是IPA主服务器所需的票据过期票据策略%s不可读时间限制时间限制在几秒钟内的搜索(0代表无限制)当前时间存活时间区域定点记录的生成时间没有明确TTL定义的记录存活时间计时型(TOTP)超时严重超时为了建立信任活动目录,IPA服务器的域名和realm名必须匹配获取命令帮助,使用:令牌ID令牌描述(只是信息)令牌散列算法令牌模式(只是信息)令牌密码(Base32;默认:随机)令牌序列号(只是信息)令牌同步失败令牌供应商名称(只是信息)令牌已同步主题命令:主题或命令拓扑拓扑段拓扑段拓扑不允许服务器%(server)s复制服务器:拓扑已断开连接拓扑管理需要最小域级别{0}拓扑后缀拓扑后缀env变量总数(>= count)如果不是所有结果都返回了,那么为真正确的表示操作成功信任信任设置信任方向信任状态信任类型信任类型(活动目录,默认)已信任的域信任域%(domain)s包含在IPArealm域中。建立信任需要删除之前的。查看"ipa realmdomains-mod --del-domain"命令。信任域和管理员账户使用不同域信任域没有返回一个唯一的对象信任域没有为对象返回一个有效的SID信任域合作伙伴已信任的域允许授权信任森林信任用户认证信任森林信任双因素认证(密码+OTP)双向信任类型类型覆盖类型映射IPA目标类型(设置子树和对象类目标过滤器)IPA对象类型(用户,用户组,主机,主机组,服务,网络组,dns)令牌类型信任域ID范围的类型,是ipa-ad-trust-posix和ipa-ad-trust中的一个信任域ID范围类型,是{vals}其中之一支持的用户认证类型UIDUPN后缀不适用的不将ID视图${primary_key}应用到主机不将ID视图${primary_key}应用到主机${entity}不将ID视图应用到主机不将ID视图应用到主机组中的主机不适用的主机组不适用的主机不能与CMS通信不能与CMS通信(状态%d)不能创建私有组。组'%(group)s'已存在。无法从%s中确定IPA主机 无法确定%s的证书主题 不能确定Kerberos主体%s是否存在。使用'ipa user-mod'来手动设置它。无法确定%s的根DN 使用输出编码配置无法显示二维码。请使用令牌URI来配置你的OTP设备在LDAP中不能启用SSL 无法生成Kerberos凭证缓存 不能初始化连接到ldap服务器:%s不能初始化ldap库! 无法加入主机:找不到Kerberos凭证缓存 无法加入主机:找不到Kerberos用户主体并且没有提供主机密码。 无法加入主机:Kerberos上下文初始化失败 服务解析主体 无法解析主体名 不能解析主体:%1$s (%2$d) 无法删除条目 不能设置LDAP版本 不能设置LDAP_OPT_PROTOCOL_VERSION 不能设置LDAP_OPT_X_SASL_NOCANON 不能设置LDAP_OPT_X_TLS 不能设置LDAP_OPT_X_TLS_CERTIFICATE 不能在AD中验证写权限恢复删除用户账户。已恢复用户账户"%(value)s"取消取消全部取消在这个字段做的所有更改。取消这个更改。从IPA服务器中取消注册该主机取消注册失败。 取消注册成功。 唯一ID未知的未知的错误未知的选项:%(option)s解锁已解锁账户"%(value)s"不匹配取消供应取消供应${entity}在--rules中不能解析的规则未撤销的未保存的更改取消选择全部未指定的不支持的值更新更新DNS条目更新系统DNS记录更新位置和IPA服务器DNS记录更新系统记录'%(record)s'失败:%(error)s用户用户组用户组用户ID用户ID号码用户ID号码(如果没有提供系统会分配一个)用户ID覆盖用户ID覆盖用户选项用户属性用户认证类型用户类别用户类别用户类别(该属性的语义是就近解读)ACL适用于用户类别规则应用的用户类别用户容器用户组ACI授予访问的用户组用户组规则用户组规则待应用权限的用户组用户登录名用户名用户对象类用户对象覆盖用户密码用户搜索字段待覆盖用户方便用户的执行操作描述权限可以应用用户指定属性权限明确不能应用到用户指定的属性用户名用户库的用户名用户允许创建keytab的用户允许检索keytab的用户有效证书展示有效起始日期有效终止日期验证错误有效性有效期结束于有效期开始于库库容器库容器库配置库数据用会话密钥加密库描述库名称库密码库私钥库公钥库盐值库服务库类型共享用户库供应商验证密码验证主体密码版本垂直精度通过服务查看新证书等待远程端的确认警告警告无法识别加密类型。 警告无法识别盐值类型。 警告:转换类型失败(#%d) 警告:盐值类型没有授予随机密码(查看选项-P) 重量服务器服务权重当移植一个在IPA域中已存在的组时覆盖组GID并报告成功是否存储使用该配置文件的证书发布谁工作中将配置文件配置写进文件你正尝试引用一个不允许覆盖的神奇私有组。而不是尝试覆盖对应用户的GID属性。你可以使用FreeOTP 来充当OTP令牌的一个应用软件。你可能需要从树中手动删除它们要创建一个主机服务,你必须注册一个主机你必须同时指定 rid-base和secondary-rid-base选项,因为ipa-adtrust-install已经运行了。你将会被重定向到DNS区域。你的密码将在${days}天到期。你的会话已过期。请重新登录。你对域%(domain)s的信任已中断。请再次运行'ipa trust-add'来重新创建它。YubiKey槽区域转发器找到区域:${zone}区域名区域名(FQDN)区域记录'%s'不能被删除区域刷新间隔活跃用户名"%(user)s"已存在算法值:允许间隔0-255所有的主服务器必须已启用角色%(role)s发生了内部错误服务器 '%(server)s' 已经发生了一次内部错误查询答案'%(owner)s %(rtype)s'缺少DNSSEC签名(没有RRSIG数据)任何已配置的服务器api没有这样的命名空间:'%(name)s'至少指定其中一个选项:类型,用户,主机至少需要其中一个:类型,过滤器,子树,目标组,属性或它的成员必须存在至少一个值等同规范主体名称不支持属性"%(attribute)s"不允许属性"%s"属性没有配置属性和包含的属性是互斥的属性和包含/排除属性是互斥的若主体不存在,则自动添加如果主体不存在则自动添加它(仅对服务主体)自动挂载键自动挂载键自动挂载位置自动挂载位置自动挂载映射自动挂载映射ber_init()失败,无效的控制?! ber_scanf()失败,没有找到kvno?! 绑定密码最多%(len)d个字符最多%(maxlength)d字节最多%(maxlength)d字符最多%(maxvalue)d最多%(maxvalue)s不能给一个特权添加带有绑定类型"%(bindtype)s"的权限"%(perm)s"不能为空不能长于255个字符不能连接到'%(uri)s':%(error)s不能删除全局密码策略不能删除管理权限不能删除信任的根域,使用trust-del来删除它自己的信任不能禁用信任的根域,使用trust-del来删除它自己的信任不能打开配置文件%s 不能重命名管理权限不能为已分配一个特权的权限设置绑定类型不能同时指定原始证书和文件不能同时指定完整的目标滤波器和额外的目标滤波器不能stat()配置文件%s 修改冲突改变一个POSIX组改变以便从信任域中支持额外的非IPA成员结果以%d退出 cn是不变的待添加的以逗号分隔的HBAC服务组列表待移除的以逗号分隔的HBAC服务组列表待添加的以逗号分隔的HBAC服务列表待移除的以逗号分隔的HBAC服务列表待添加的以逗号分隔的用户组列表允许迁移的以逗号分隔的用户组列表待移除的以逗号分隔的用户组列表待添加的以逗号分隔的主机组列表待移除的以逗号分隔的主机组列表待添加的以逗号分隔的主机列表待移除的以逗号分隔的主机列表以逗号分隔的信任域成员列表是“DOM\名称”或“名称@域名”格式待添加的以逗号分隔的网络组列表待移除的以逗号分隔的网络组列表以逗号分隔的权限列表以逗号分隔的授权列表(读,写,添加,删除,全部)以逗号分隔的权限列表待添加的以逗号分隔的权限列表待移除的以逗号分隔的权限列表待添加的以逗号分隔的角色列表待移除的以逗号分隔的角色列表待添加的以逗号分隔的sudo命令组列表待移除的以逗号分隔的sudo命令组列表待添加的以逗号分隔的sudo命令列表待移除的以逗号分隔的sudo命令列表待添加的以逗号分隔的用户列表允许迁移的以逗号分隔的用户列表待移除的以逗号分隔的用户列表命令命令'%(name)s'最多能带%(count)d个参数命令'%(name)s'没有参数命令当命令类别='all'时命令不能被添加控制sudo配置的命令域CIFS服务器通信失败配置选项容器条目(%(container)s)没有找到默认的CA ACL只可以被禁用授权授权删除描述没有收到Kerberos凭证不匹配任何可接受的格式:域域没有配置域是不受信任的域名'%(domain)s'应该规范化:%(normalized)s域名不能长于255个字符每个ACL元素必须以分好结束空的DNS标签空的过滤器条目条目XML-RPC传输数据整理错误:%(error)s服务器'%(server)s'错误:%(error)s执行has bad permissions失败,错误码%d 期望的格式: <0-255> <0-255> <0-65535> 每个长度是十六进制数字或连字符存储证书文件文件名过滤器和它的成员是互斥的标记必须是"S","A","U"或"P"中的一个标记值:允许间隔0-255即使NS记录不在DNS中,也强制创建它。强制删除系统权限即使主体名在DNS中不存在,也强制添加它fork()失败 格式必须被指定为"%(format)s" %(rfcs)s正向"%(fwzone)s"无效因为在认证区域"%(authzone)s"缺少合适的NS记录。请添加NS记录"%(ns_rec)s"到父区域"%(authzone)s"。gid不能被设置为外部组需要名字组作为组来运行组,权限和它们自己是互斥的用户组待添加用户组待移除的用户组主机主机类别不能设置为all',虽然有允许主机主机组主机组待添加主机组待移除的主机组主机组主机组名"%s"已存在。主机组和网络组共享一个共同的名字空间主机组主机名主机名包含空的标签(连续的点)请求主题'%(cn)s'的主机名与主体主机名'%(hostname)s'不匹配主机当主机类别='all'时主机不能被添加当类型是'group'是主机不能被设置待添加主机待移除的主机id范围id范围类型不完整的时间值不正确的类型无效的'%(name)s':%(error)s无效的DN(%s)无效的IP地址格式无效的IP地址版本(是%(value)d,必须是%(required_value)d)!无效的IP网络格式无效的配置文件ID无效的SSH公钥无效的地址格式无效的属性名无效的域名无效的域名:%s无效的域名:没有完全限制无效的电子邮件格式:%(email)s无效的域名转换代码无效的hostmask无效的端口号ipa-getkeytab没有权限? ipa-getkeytab没有找到 是需要的迭代值:允许间隔0-65535kerberos票据策略设置键 %(key)s 已存在键名%(key)s已存在左节点({host})不支持后缀'{suff}'左节点和右节点必须不同左节点不是一个拓扑节点:%(leftnode)s左或右节点没有被指定超出该查询的限制本地域范围位置位置管理员%(manager)s没有找到映射 %(map)s 已存在映射未连接到/etc/auto.master:完全匹配常用名最大序列号成员%s成员证书配置文件成员HBAC服务成员HBAC服务组成员组成员主机成员主机组成员网络组成员主体成员特权成员角色成员服务成员服务授权目标成员sudo命令成员sudo命令组成员用户最小序列号缺少base_id修改主键是不允许的挂载点是相对于父映射的,不能以/开始必须是"%s"必须是'%(value)s'必须是DNS名必须是Kerberos主体必须是TRUE或FALSE必须是True或False必须是Unicode文本必须是一个十进制数必须是绝对的必须是一个整数必须至少%(minlength)d字节必须至少%(minlength)d字符必须至少%(minvalue)d必须至少%(minvalue)s必须是二进制数据必须是时间值必须是字典必须括在括号里必须恰好是%(length)d字节必须恰好是%(length)d字符必须是%(values)s中的一个必须是相对的必须包含一个元组(列表,字典)必须已启用角色%(role)s必须匹配模式"%(pattern)s"网络组网络组名"%s"已存在。主机组和网络组共享一个共同的名字空间网络组待添加的网络组待移除的网络组没有命令也没有帮助主题'%(topic)s'没有修改没有信任域配置没有信任域匹配指定的固定名不允许修改组条目不允许修改用户条目不允许执行操作:%s不允许执行服务器连接检查没有找到没有完全限制管理权限没有修改数字类'%(cls)s'不在允许的数字类列表中:%(allowed)s密码数对象类%s没找到待移除的一个或多个值仅支持"ad"仅在管理权限中可用只允许字母,数字和%(chars)s。DNS标签不能以%(chars2)s开始或结束仅有主区域才可以包含记录每个名称仅允许有一个CNAME记录(RFC 2136,第1.1.5节)每个名称仅允许有一个DNAME记录(RFC 6672,第2.4节)仅有一个节点可以被指定操作没有定义选项已被重命名;使用%s选项是不允许的序号必须是唯一值(%(order)d已被%(rule)s使用)内存不足 区域外数据:记录名必须是区域或相对名的一个子域覆盖参数和选项:%(names)s所有者%s所有者用户组%(types)s记录的所有者不应该是一个通配符域名(RFC 4592 第四节)所有者服务所有者用户参数必须是一个列表参数必须包含[args,options]params[0] (aka args)必须是一个列表params[1] (aka options)必须是一个字典密码密码策略密码策略如果没有使用kerberos,则使用密码权限权限"%(value)s"已存在权限保存主体没有找到 在XML-RPC响应中找不到主体 待添加主体待移除的主体优先权布不能在本地策略上设置优先权必须是一个唯一值((%(prio)d已被%(gname)s使用)特权特权组特权主机组特权服务授权规则特权服务授权目标特权待添加的特权待移除的特权配置文件类别不能设置为all',虽然有允许配置文件当配置文件类别='all'时配置文件不能被添加pysss_murmur在服务器上不可用并没有提供base-id。用EDNS0查询'%(owner)s %(rtype)s':%(error)s查询'%(owner)s %(rtype)s':%(error)s范围内存在对象ID范围修改超出定义范围是不允许的范围类型改变读取错误 域找不到 域或UPN后缀覆盖信任域命名空间记录'%(owner)s %(rtype)s'DNSSEC验证服务器 %(ip)s失败请求失败HTTP状态%d在XML-RPC响应中找不到结果 从服务器检索和打印所有属性。影响命令输出。右节点({host})不支持后缀'{suff}'右节点不是一个拓扑节点:%(rightnode)s角色角色待添加角色待移除角色作为组来运行作为用户来运行作为用户来运行盐值:%(err)s查找POSIX组查找组,该组在信任域中支持额外的非IPA成员查找管理组查找非POSIX组查找私有组查询待移植对象的结果被服务器拦截;移植过程可能没有完成 秒段段自助服务权限自助服务权限服务器服务器角色服务器角色服务器服务服务类别不能设置为all',虽然有允许服务服务授权规则服务授权规则服务授权目标服务授权目标待添加的服务授权目标待移除的服务授权目标服务当服务类别='all'时服务不能被添加待添加服务待移除服务设置权威命名服务器不应该是一个通配符域名(RFC 4592 第四节)忽略反向DNS检测需要sn计划用户计划用户主题alt名称类型%s禁止非用户主体主题alt名称类型%s禁止用户主体子树和类型是互斥的sudo命令sudo命令组sudo命令组待添加的sudo命令组待移除的sudo命令组sudo命令待添加的sudo命令待移除的sudo命令sudo规则sudo规则后缀后缀系统ID视图目标和目标组是互斥的IPA服务器和远程域不能共享相同的NetBIOS名:%s证书编号正被修改的条目已被删除值不是"YYYYMMDDHHMMSS"时间格式必须有至少一个目标条目说明符(例如:目标,目标过滤器,属性)该选项已被弃用。该选项已被弃用太多'@'字符信任信任配置信任域信任域信任类型信任域对象信任域对象没有找到信任域用户没有找到信任IPA对象类型(用户,用户组,主机,主机组,服务,网络组)类型,过滤器,子树和目标组是互斥的未知的命令'%(name)s'%(server)s上未知的错误%(code)d:%(error)s不支持的功能级不支持的信任类型用户用户%s已是活跃的用户类别不能设置为all',虽然有允许用户用户用户和主机不能被同时设置当作为用户来运行或作为组来运行类别='all'时用户不能被添加当用户类别='all'时用户不能被添加当类型是'hostgroup'是用户不能被设置待添加用户待移除的用户值库库容器库容器库{attr}:没有这样的属性{role}:角色没有找到