date:20190611

[Freeipa-users] Re: Issues with pki-tomcat - CA

2019-06-11 Thread Rob Crittenden via FreeIPA-users

Ian Kumlien via FreeIPA-users wrote:
> Hi,
> 
> I've been confused by this a while... But from talking to people on
> #freeipa@freenode this might be the real issue:
> 
> certutil -d /etc/pki/pki-tomcat/alias/ -L |grep cert-pki-ca
> Server-Cert cert-pki-ca  u,u,u
> ---
> 
> I have been trying ipa-.cert-fix, which seems to look at most
> certificates but not these.
> 
> Also:
> ipa-cacert-manage renew
> 'NoneType' object has no attribute 'is_self_signed'
> The ipa-cacert-manage command failed.

You absolutely do NOT want this. This renews the CA certificate, NOT the
subsystem certificates. Doing this this will only add to the confusion.

That said it shouldn't error out in this way.

> Running:
> b3a160b70566ba1703a184f07b493246630829a8
> 
> From ipa-4.7
> (Needed ipa-cert-fix)
> 
> Any clues of how to proceed, I'm still trying to understand this thing =)

I still don't know what isn't working. We need:

- the output of getcert list
- the CA debug log (or the last bit from startup to failure).
- certutil -L -d /etc/pki/pki-tomcat/alias/ might be handy too

rob
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

2019-06-11 Thread Karim Bourenane via FreeIPA-users

Thanks you for all informations.



Karim Bourenane +33686464439
+32475753687

Le mar. 11 juin 2019 à 15:33, John Keates  a écrit :

> IPA als already highly available, from the service side using DNS and
> multiple records for all services, on the web side: every server has a
> working web interface.
> If you want to redirect users to any working interface, a generic load
> balancer without keepalive works, redirect them to the IP and the IPA
> server will take care of redirecting to HTTPS and the domain name.
> No need to do anything yourself.
>
> John
>
> On 11 Jun 2019, at 14:54, Karim Bourenane via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> Thanks François, for your reply.
>
> The goal, is to have the service IPA available always, if the server 1
> will be down, and also for load sharing.
>
> I thought about roundrobin dns, but sharing service is not mastered for
> effective sharing and the life test is not present.
>
> Bien à vous
>
> Mr Karim Bourenane
> +33686464439
> +32493866354
>
>
>
> Le mar. 11 juin 2019 à 14:03, François Cami  a écrit :
>
>> Hi Karim,
>>
>> On Tue, Jun 11, 2019 at 1:56 PM Karim Bourenane via FreeIPA-users
>>  wrote:
>> >
>> > Hello team
>> >
>> > Hope you are well.
>> >
>> > After an existing installation, we decide to implement a Haproxy +
>> Keepalive in all our IPA's servers.
>> >
>> > The haproxy / keepalive work weel but now the IPA doent run weel,
>> because he want to listen on all interface in the servers.
>> >
>> > Ho i can to modify the IPA (+ all modules KRB5/DNS...) conf server, to
>> bind only in  1 local interface and not to the VIP interface ?
>>
>> Binding to the local interface is in no way expected and will result
>> in some components not working.
>>
>> I am not aware of any scenario where adding HAProxy+Keepalived in
>> front of FreeIPA would provide a tangible benefit. Could you please
>> explain the reasoning behind such a decision?
>>
>> Regards,
>> François
>>
>> > King regard
>> > ___
>> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> > To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
>> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> > List Archives:
>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

2019-06-11 Thread Peter Fern via FreeIPA-users


On 11/6/19 11:33 pm, John Keates via FreeIPA-users wrote:
IPA als already highly available, from the service side using DNS and 
multiple records for all services, on the web side: every server has a 
working web interface.
If you want to redirect users to any working interface, a generic load 
balancer without keepalive works, redirect them to the IP and the IPA 
server will take care of redirecting to HTTPS and the domain name.

No need to do anything yourself.


This presumes that all such IPA hosts are directly accessible from the 
outside world.

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

2019-06-11 Thread John Keates via FreeIPA-users

IPA als already highly available, from the service side using DNS and multiple 
records for all services, on the web side: every server has a working web 
interface.
If you want to redirect users to any working interface, a generic load balancer 
without keepalive works, redirect them to the IP and the IPA server will take 
care of redirecting to HTTPS and the domain name.
No need to do anything yourself.

John

> On 11 Jun 2019, at 14:54, Karim Bourenane via FreeIPA-users 
>  wrote:
> 
> Thanks François, for your reply.
> 
> The goal, is to have the service IPA available always, if the server 1 will 
> be down, and also for load sharing.
> 
> I thought about roundrobin dns, but sharing service is not mastered for 
> effective sharing and the life test is not present.
> 
> Bien à vous
> 
> Mr Karim Bourenane
> +33686464439
> +32493866354
>  
> 
> 
> Le mar. 11 juin 2019 à 14:03, François Cami  > a écrit :
> Hi Karim,
> 
> On Tue, Jun 11, 2019 at 1:56 PM Karim Bourenane via FreeIPA-users
>  > wrote:
> >
> > Hello team
> >
> > Hope you are well.
> >
> > After an existing installation, we decide to implement a Haproxy + 
> > Keepalive in all our IPA's servers.
> >
> > The haproxy / keepalive work weel but now the IPA doent run weel, because 
> > he want to listen on all interface in the servers.
> >
> > Ho i can to modify the IPA (+ all modules KRB5/DNS...) conf server, to bind 
> > only in  1 local interface and not to the VIP interface ?
> 
> Binding to the local interface is in no way expected and will result
> in some components not working.
> 
> I am not aware of any scenario where adding HAProxy+Keepalived in
> front of FreeIPA would provide a tangible benefit. Could you please
> explain the reasoning behind such a decision?
> 
> Regards,
> François
> 
> > King regard
> > ___
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
> > 
> > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 
> > 
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html 
> > 
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
> > 
> > List Archives: 
> > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> >  
> > 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Issues with pki-tomcat - CA

2019-06-11 Thread Ian Kumlien via FreeIPA-users

Hi,

I've been confused by this a while... But from talking to people on
#freeipa@freenode this might be the real issue:

certutil -d /etc/pki/pki-tomcat/alias/ -L |grep cert-pki-ca
Server-Cert cert-pki-ca  u,u,u
---

I have been trying ipa-.cert-fix, which seems to look at most
certificates but not these.

Also:
ipa-cacert-manage renew
'NoneType' object has no attribute 'is_self_signed'
The ipa-cacert-manage command failed.

Running:
b3a160b70566ba1703a184f07b493246630829a8

From ipa-4.7
(Needed ipa-cert-fix)

Any clues of how to proceed, I'm still trying to understand this thing =)
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

2019-06-11 Thread Karim Bourenane via FreeIPA-users

Thanks François, for your reply.

The goal, is to have the service IPA available always, if the server 1 will
be down, and also for load sharing.

I thought about roundrobin dns, but sharing service is not mastered for
effective sharing and the life test is not present.

Bien à vous

Mr Karim Bourenane
+33686464439
+32493866354



Le mar. 11 juin 2019 à 14:03, François Cami  a écrit :

> Hi Karim,
>
> On Tue, Jun 11, 2019 at 1:56 PM Karim Bourenane via FreeIPA-users
>  wrote:
> >
> > Hello team
> >
> > Hope you are well.
> >
> > After an existing installation, we decide to implement a Haproxy +
> Keepalive in all our IPA's servers.
> >
> > The haproxy / keepalive work weel but now the IPA doent run weel,
> because he want to listen on all interface in the servers.
> >
> > Ho i can to modify the IPA (+ all modules KRB5/DNS...) conf server, to
> bind only in  1 local interface and not to the VIP interface ?
>
> Binding to the local interface is in no way expected and will result
> in some components not working.
>
> I am not aware of any scenario where adding HAProxy+Keepalived in
> front of FreeIPA would provide a tangible benefit. Could you please
> explain the reasoning behind such a decision?
>
> Regards,
> François
>
> > King regard
> > ___
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

2019-06-11 Thread François Cami via FreeIPA-users

On Tue, Jun 11, 2019 at 2:54 PM Karim Bourenane
 wrote:
>
> Thanks François, for your reply.
>
> The goal, is to have the service IPA available always, if the server 1 will 
> be down, and also for load sharing.

Load-balancing is normally done automatically by servers/replicas and clients.

If you'd like having a single point of entry for administrative
workloads https://www.adelton.com/freeipa/freeipa-behind-load-balancer
should work as-is but you will need a HTTP proxy machine in front of
your FreeIPA servers.

> I thought about roundrobin dns, but sharing service is not mastered for 
> effective sharing and the life test is not present.
>
> Bien à vous
>
> Mr Karim Bourenane
> +33686464439
> +32493866354
>
>
>
> Le mar. 11 juin 2019 à 14:03, François Cami  a écrit :
>>
>> Hi Karim,
>>
>> On Tue, Jun 11, 2019 at 1:56 PM Karim Bourenane via FreeIPA-users
>>  wrote:
>> >
>> > Hello team
>> >
>> > Hope you are well.
>> >
>> > After an existing installation, we decide to implement a Haproxy + 
>> > Keepalive in all our IPA's servers.
>> >
>> > The haproxy / keepalive work weel but now the IPA doent run weel, because 
>> > he want to listen on all interface in the servers.
>> >
>> > Ho i can to modify the IPA (+ all modules KRB5/DNS...) conf server, to 
>> > bind only in  1 local interface and not to the VIP interface ?
>>
>> Binding to the local interface is in no way expected and will result
>> in some components not working.
>>
>> I am not aware of any scenario where adding HAProxy+Keepalived in
>> front of FreeIPA would provide a tangible benefit. Could you please
>> explain the reasoning behind such a decision?
>>
>> Regards,
>> François
>>
>> > King regard
>> > ___
>> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> > List Archives: 
>> > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

2019-06-11 Thread François Cami via FreeIPA-users

Hi Karim,

On Tue, Jun 11, 2019 at 1:56 PM Karim Bourenane via FreeIPA-users
 wrote:
>
> Hello team
>
> Hope you are well.
>
> After an existing installation, we decide to implement a Haproxy + Keepalive 
> in all our IPA's servers.
>
> The haproxy / keepalive work weel but now the IPA doent run weel, because he 
> want to listen on all interface in the servers.
>
> Ho i can to modify the IPA (+ all modules KRB5/DNS...) conf server, to bind 
> only in  1 local interface and not to the VIP interface ?

Binding to the local interface is in no way expected and will result
in some components not working.

I am not aware of any scenario where adding HAProxy+Keepalived in
front of FreeIPA would provide a tangible benefit. Could you please
explain the reasoning behind such a decision?

Regards,
François

> King regard
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] [HAProxy / Keepalive] After installation

2019-06-11 Thread Karim Bourenane via FreeIPA-users

Hello team

Hope you are well.

After an existing installation, we decide to implement a Haproxy +
Keepalive in all our IPA's servers.

The haproxy / keepalive work weel but now the IPA doent run weel, because
he want to listen on all interface in the servers.

Ho i can to modify the IPA (+ all modules KRB5/DNS...) conf server, to bind
only in  1 local interface and not to the VIP interface ?

King regard
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: error in FreeIPA UI login page

2019-06-11 Thread Florence Blanc-Renaud via FreeIPA-users


On 6/11/19 7:13 AM, Elham Sadat Azarian via FreeIPA-users wrote:

Hi. its the ipaclient-install.log

2019-06-11T04:45:38Z DEBUG Logging to /var/log/ipaclient-install.log
2019-06-11T04:45:38Z DEBUG ipa-client-install was invoked with arguments [] and 
options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 
'ip_addresses': None, 'configure_firefox': False, 'realm_name': 'SHS.DC', 
'force_ntpd': False, 'on_master': True, 'no_nisdomain': False, 'ssh_trust_dns': 
False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': 
'shs.dc', 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 
'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 
'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': False, 
'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 
'servers': ['ipa-irvlt01.shs.dc'], 'no_ssh': False, 'force_join': False, 
'firefox_dir': None, 'unattended': True, 'quiet': False, 'nisdomain': None, 
'prompt_password': False, 'host_name': 'ipa-irvlt01.shs.dc', 'permit': False, 
'automount_location': None, 'preserve_sssd': False, 'mkhomedir': False, 
'log_file': None, 'uninstall': False}
2019-06-11T04:45:38Z DEBUG IPA version 4.6.4-10.el7.centos.3
2019-06-11T04:45:38Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2019-06-11T04:45:38Z DEBUG Starting external process
2019-06-11T04:45:38Z DEBUG args=/usr/sbin/selinuxenabled
2019-06-11T04:45:38Z DEBUG Process finished, return code=1
2019-06-11T04:45:38Z DEBUG stdout=
2019-06-11T04:45:38Z DEBUG stderr=
2019-06-11T04:45:38Z WARNING Using existing certificate '/etc/ipa/ca.crt'.
2019-06-11T04:45:38Z DEBUG [IPA Discovery]
2019-06-11T04:45:38Z DEBUG Starting IPA discovery with domain=shs.dc, 
servers=['ipa-irvlt01.shs.dc'], hostname=ipa-irvlt01.shs.dc
2019-06-11T04:45:38Z DEBUG Server and domain forced
2019-06-11T04:45:38Z DEBUG [Kerberos realm search]
2019-06-11T04:45:38Z DEBUG Kerberos realm forced
2019-06-11T04:45:38Z DEBUG [LDAP server check]
2019-06-11T04:45:38Z DEBUG Verifying that ipa-irvlt01.shs.dc (realm SHS.DC) is 
an IPA server
2019-06-11T04:45:38Z DEBUG Init LDAP connection to: 
ldap://ipa-irvlt01.shs.dc:389
2019-06-11T04:45:38Z DEBUG Search LDAP server for IPA base DN
2019-06-11T04:45:38Z DEBUG Check if naming context 'dc=shs,dc=dc' is for IPA
2019-06-11T04:45:38Z DEBUG Naming context 'dc=shs,dc=dc' is a valid IPA context
2019-06-11T04:45:38Z DEBUG Search for (objectClass=krbRealmContainer) in 
dc=shs,dc=dc (sub)
2019-06-11T04:45:38Z DEBUG Found: cn=SHS.DC,cn=kerberos,dc=shs,dc=dc
2019-06-11T04:45:38Z DEBUG Discovery result: Success; 
server=ipa-irvlt01.shs.dc, domain=shs.dc, kdc=ipa-irvlt01.shs.dc, 
basedn=dc=shs,dc=dc
2019-06-11T04:45:38Z DEBUG Validated servers: ipa-irvlt01.shs.dc
2019-06-11T04:45:38Z DEBUG will use discovered domain: shs.dc
2019-06-11T04:45:38Z DEBUG Using servers from command line, disabling DNS 
discovery
2019-06-11T04:45:38Z DEBUG will use provided server: ipa-irvlt01.shs.dc
2019-06-11T04:45:38Z DEBUG will use discovered realm: SHS.DC
2019-06-11T04:45:38Z DEBUG will use discovered basedn: dc=shs,dc=dc
2019-06-11T04:45:38Z INFO Client hostname: ipa-irvlt01.shs.dc
2019-06-11T04:45:38Z DEBUG Hostname source: Provided as option
2019-06-11T04:45:38Z INFO Realm: SHS.DC
2019-06-11T04:45:38Z DEBUG Realm source: Discovered from LDAP DNS records in 
ipa-irvlt01.shs.dc
2019-06-11T04:45:38Z INFO DNS Domain: shs.dc
2019-06-11T04:45:38Z DEBUG DNS Domain source: Forced
2019-06-11T04:45:38Z INFO IPA Server: ipa-irvlt01.shs.dc
2019-06-11T04:45:38Z DEBUG IPA Server source: Provided as option
2019-06-11T04:45:38Z INFO BaseDN: dc=shs,dc=dc
2019-06-11T04:45:38Z DEBUG BaseDN source: From IPA server 
ldap://ipa-irvlt01.shs.dc:389
2019-06-11T04:45:38Z DEBUG Loading Index file from 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2019-06-11T04:45:38Z DEBUG Loading StateFile from 
'/var/lib/ipa-client/sysrestore/sysrestore.state'
2019-06-11T04:45:38Z INFO Skipping synchronizing time with NTP server.
2019-06-11T04:45:38Z DEBUG Backing up system configuration file 
'/etc/sssd/sssd.conf'
2019-06-11T04:45:38Z DEBUG   -> Not backing up - '/etc/sssd/sssd.conf' doesn't 
exist
2019-06-11T04:45:38Z INFO New SSSD config will be created
2019-06-11T04:45:38Z DEBUG Backing up system configuration file 
'/etc/nsswitch.conf'
2019-06-11T04:45:38Z DEBUG Saving Index File to 
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2019-06-11T04:45:38Z INFO Configured sudoers in /etc/nsswitch.conf
2019-06-11T04:45:38Z INFO Configured /etc/sssd/sssd.conf
2019-06-11T04:45:38Z DEBUG Initializing principal 
host/ipa-irvlt01.shs...@shs.dc using keytab /etc/krb5.keytab
2019-06-11T04:45:38Z DEBUG using ccache /etc/ipa/.dns_ccache
2019-06-11T04:45:38Z DEBUG Attempt 1/5: success
2019-06-11T04:45:39Z DEBUG Starting external process
2019-06-11T04:45:39Z DEBUG args=/usr/bin/certutil -d dbm:/tmp/tmp1H6ZBB -N -f 
/tmp/tmp1H6ZBB/pwdfile.txt -f /tmp/tmp1H6ZBB/pwdfile.txt

[Freeipa-users] Re: Issues with pki-tomcat - CA

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

[Freeipa-users] Issues with pki-tomcat - CA

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

[Freeipa-users] Re: [HAProxy / Keepalive] After installation

[Freeipa-users] [HAProxy / Keepalive] After installation

[Freeipa-users] Re: error in FreeIPA UI login page

10 matches

Site Navigation

Mail list logo

Footer information