On Wed, Sep 04, 2019 at 03:08:30PM -, David Etchen via FreeIPA-users wrote:
> Hi Fraser,
>
> Thanks for replying.
>
> I've restarted both sides like you suggested but still don't see a
> difference. I can see the back off time has started again like you said.
>
> [04/Sep/2019:15:20:12][KeyR
Hello,
OK I now understand that it's ipa service which is not starting at boot.
The service status gives :
# service ipa status
Redirecting to /bin/systemctl status ipa.service
● ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor
preset:
Morgan Cox via FreeIPA-users wrote:
> HI.
>
> For PCI DSS compliance I need to be able to disable users not logged in for X
> amount of days (I think its 90).
>
> I was going to create a script which checks last login time (I have a similar
> one for expired passwords), however I cannot find a
> On Thu, Aug 22, 2019 at 01:11:28PM -, Martijn Bakkes via FreeIPA-users
> wrote:
>
> At this time the client will ask the server for the user data ...
>
>
> ... but this seems to be fast this time.
>
>
> Additionally SSSD tries to figure out which authentication methods are
> available f
HI.
For PCI DSS compliance I need to be able to disable users not logged in for X
amount of days (I think its 90).
I was going to create a script which checks last login time (I have a similar
one for expired passwords), however I cannot find a way of doing so..
I have searched for info and
On 9/4/19 12:02 AM, danielle lampert via FreeIPA-users wrote:
Hello,
I'm running freeipa 4.5.0-20 on CentOS Linux release 7.4.1708 (Core)
I've noticed that when rebooting my replica, things are not working
anymore on this replica, as I can't get a kinit work for example.
It seems that service
Hi Fraser,
Thanks for replying.
I've restarted both sides like you suggested but still don't see a difference.
I can see the back off time has started again like you said.
[04/Sep/2019:15:20:12][KeyRetrieverRunner-dd4ea812-c044-41c0-93bf-ec376c732c93]:
Failed to retrieve key from any host.
[04
So just to add it seems that the 2nd IPA server hasn't managed to get the subCA
cert & key as when I check the nssdb they aren't present on the 2nd IPA server.
(See below)
Running the command as my own user
/usr/libexec/ipa/ipa-pki-retrieve-key "caSigningCert cert-pki-ca
dd4ea812-c044-41c0-93bf
On ke, 04 syys 2019, Mike Conner via FreeIPA-users wrote:
Thanks for the reply.
I ran `nestat -tulpn` after restarting the rpcbind service and did not
see anything listening on 749. Unfortunately, I didn't think to run it
before I restarted the rpcbind service.
Is it possible kadmin think the p
Thanks for the reply.
I ran `nestat -tulpn` after restarting the rpcbind service and did not see
anything listening on 749. Unfortunately, I didn't think to run it before I
restarted the rpcbind service.
Is it possible kadmin think the port is in use even after rpcbind has moved off
it?
__
On Wed, Sep 04, 2019 at 12:33:27PM -, David Etchen via
FreeIPA-users wrote:
> Hi Guys,
>
> I have a 2 host basic IPA setup both IPA servers are running dns &
> ca. I'm running on Centos 7.6 using freeipa version 4.6.4 &
> dogtag version 10.5.9
>
> I've made a subCA called vpnca and a certifi
Hi Guys,
I have a 2 host basic IPA setup both IPA servers are running dns & ca.
I'm running on Centos 7.6 using freeipa version 4.6.4 & dogtag version 10.5.9
I've made a subCA called vpnca and a certificate policy and all this is working
fine with the exception of OCSP on the 2nd IPA box.
The o
Hi Guys,
I have a 2 host basic IPA setup both IPA servers are running dns & ca.
I'm running on Centos 7.6 using freeipa version 4.6.4 & dogtag version 10.5.9
I've made a subCA called vpnca and a certificate policy and all this is working
fine with the exception of OCSP on the 2nd IPA box.
The o
13 matches
Mail list logo