On Mon, Jan 08, 2018 at 10:15:29PM +0100, Giulio Casella via FreeIPA-users
wrote:
> After some time, requests go "CA_UNREACHABLE", caused by "RPC failed at
> server. Request failed with status 500: Non-2xx response from CA REST API:
> 500." when certmonger tries to renew httpd/dirsrv certificate.
On Mon, Jan 08, 2018 at 06:48:11PM -0700, Sean Hogan via FreeIPA-users wrote:
>
> Hi Fraser,
>
> Thanks for the reply. Agreed that a vault stores a secret however when
> that secret is say a pw for a shared ID like for instance root. While
> a number of people can access the password for
Hi Fraser,
Thanks for the reply. Agreed that a vault stores a secret however when
that secret is say a pw for a shared ID like for instance root. While
a number of people can access the password for root in the vault I might
not want 20 people using the root pw at the sametime because I
On Mon, Jan 08, 2018 at 08:44:29AM -0700, Sean Hogan via FreeIPA-users wrote:
>
>
> Hello,
>
> I have recently been looking into the password vault for IPA and would
> like to implement however I have not been able to find an answer to a
> compliance question on it yet.
>
>
>Does the IP
Hello,
it looks that replica is trying to add records to your forward zone. What
is the hostname of the replica?
1. what is not working on lxc?
2018-01-07 12:20 GMT+01:00 Alex Corcoles via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:
> Hi,
>
> I'm labbing a FreeIPA environment for per
Where and how do you have configured forwarders. Is it a global forwarder,
or forward zone forwarder, zone forwarder. Do you have forward zones
configured. etc..
2018-01-08 21:17 GMT+01:00 Matt . via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:
> HI Martin,
>
> I disabled them from the
lejeczek via FreeIPA-users
writes:
> $ ipa-client-install --no-ntp --force-join
>
> krb5kdc[1560686](info): preauth (encrypted_timestamp) verify
> failure: Preauthentication failed
>
> But after many tries(randomly) suddenly it would succeed.
Do the clocks match on the client and server?
Than
After some time, requests go "CA_UNREACHABLE", caused by "RPC failed at
server. Request failed with status 500: Non-2xx response from CA REST
API: 500." when certmonger tries to renew httpd/dirsrv certificate.
Any ideas to correctly debug this issue?
Il 08/01/2018 17:56, Giulio Casella via
HI Martin,
I disabled them from the GUI.
What do you want to know about the config ?
Cheers,
Matt
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi Guys,
Comparing to the great demo of Ab:
https://github.com/abbra/freeipa-userstatus-plugin I was wondering if someone
created something like it but for a simple textfield as well.
Reinventing the wheel is not good so maybe someone has a working example/plugin.
Thanks!
Matt
___
On 08/01/18 08:46, Florence Blanc-Renaud wrote:
On 01/06/2018 08:51 PM, lejeczek via FreeIPA-users wrote:
hi everyone
I'm trying a client, when I do:
$ ipa-client-install --no-ntp --force-join
Discovery was successful!
...
Also note that following ports are necessary for
ipa-client working
Il 08/01/2018 17:26, Rob Crittenden ha scritto:
Giulio Casella via FreeIPA-users wrote:
You need to stop ntpd, use date to go back when the web server cert is
still valid, then restart certmonger. That generally will do it.
Hi Rob,
I already tried with date few hours before expiration, with
Giulio Casella via FreeIPA-users wrote:
> Hi,
> I've got a problem with certificate expiration. My setup is a CA-ful IPA
> installation, ipa-server-4.5.0-22 on a CentOS 7 host.
>
> I've been able to run ipa-cacert-manage renew, setting date in the past,
> but server certs (dirsrv and httpd) are no
Hello,
I have recently been looking into the password vault for IPA and would
like to implement however I have not been able to find an answer to a
compliance question on it yet.
Does the IPA PW vault limit checking out the password for a shared id to
one person at a time? I am thinking
Hi,
I've got a problem with certificate expiration. My setup is a CA-ful IPA
installation, ipa-server-4.5.0-22 on a CentOS 7 host.
I've been able to run ipa-cacert-manage renew, setting date in the past,
but server certs (dirsrv and httpd) are not updated.
Is there a way to force update?
He
On Mon, Jan 08, 2018 at 11:27:47AM +0100, Johan Vermeulen wrote:
> Hello All,
>
> I "ve set up a new machine for this test and increased the log levels to 6.
> Config for Freeipa-client is done with ipa-client-install, I use chrony in
> stead of ntp and Selinux is enabled.
>
> When user logs in /
Gentle bump (whilst I remember to nudge this).
TL;DR
Does anyone know the likely implications of error messages such as:
"Setting property 'enableOCSP' to 'false' did not find a matching property."
(then repeated for several other properties)
On 4 January 2018 at 14:52, David Harvey
wrote:
> P
On 01/06/2018 08:54 PM, lejeczek via FreeIPA-users wrote:
hi
I'm trying to install replica, process fails:
..
[3/5]: creating anonymous principal
[4/5]: starting the KDC
[5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]: starti
On 01/06/2018 08:51 PM, lejeczek via FreeIPA-users wrote:
hi everyone
I'm trying a client, when I do:
$ ipa-client-install --no-ntp --force-join
Discovery was successful!
...
Also note that following ports are necessary for ipa-client working
properly after enrollment:
TCP: 464
U
19 matches
Mail list logo
