Hi,
just a wild guess but was ipa installed with a umask more restrictive
than 022?
You may also want to start ipa in debug mode in order to have more traces:
$ cat /etc/ipa/server.conf
[global]
debug=True
$ ipactl restart
HTH,
Flo
On 01/18/2018 08:42 AM, Alexandre Pitre via FreeIPA-users
SELinux is disabled in our CentOS template. Good hypothesis tho.
On Jan 18, 2018 01:36, "Tony Brian Albers via FreeIPA-users" <
freeipa-users@lists.fedorahosted.org> wrote:
> On 01/18/2018 02:24 AM, Alexandre Pitre via FreeIPA-users wrote:
> > Hi,
> >
> > I recently deployed a new FreeIPA domain
Hi,
I was installing FreeIPA on REDHAT 6.7.
I used yum install ipa-server and then ipa-server-install.
But the ipa-server-install failed with below error, can anyone give some advice
on why could be the root cause? Thanks ahead.
[3/21]: configuring certificate server instanceipa :
On 01/18/2018 02:24 AM, Alexandre Pitre via FreeIPA-users wrote:
> Hi,
>
> I recently deployed a new FreeIPA domain running on CentOS 7.4 and
> FreeIPA 4.5
>
> The installation went without hiccups but the WebUI isn't working as
> expected. Logging in with admin failed with this error:
>
>
That being said, just tried again on an ubuntu 14.04 node with these
same CLI params, and it failed, but the logs are complaining about
"SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
as not trusted by the user", which never was reported in the ubuntu 16
system's logs.
Just attempted the '--server' option you mention, as well as the
'--domain' value that the parameter requires, and it actually SUCCEEDED
in joining!
I received "Client configuration complete." via the ipa-client-install
command and was just able to successfully login to this node with a user
in
Server:
=
[root@sfca-do-4 ~]# ipa --version
VERSION: 4.4.4, API_VERSION: 2.215
[root@sfca-do-4 ~]# cat /etc/fedora-release
Fedora release 25 (Twenty Five)
Client Node:
=
root@sfca-do-1:~# ipa-client-install --version
4.3.1
root@sfca-do-1:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
Hi,
I recently deployed a new FreeIPA domain running on CentOS 7.4 and FreeIPA
4.5
The installation went without hiccups but the WebUI isn't working as
expected. Logging in with admin failed with this error:
Login failed due to an unknow reason.
I've seen this issue with every FreeIPA 4.5
Chris Moody wrote:
> Thanks for taking a look gents. Ask and ye shall receive. :)
>
What version of IPA is this and what platform?
Before an install can you ensure that there is nothing in
/etc/krb5.conf.d/ (except may be crypto-policies)?
Same with /var/lib/sss/pubconf/krb5.include.d/
Dimitris Zilaskos wrote:
> Hi,
>
> Just wondering if anyone had the time to take a look at this. My
> understanding is that everything works up to the point that kerberos
> authentication takes place successfully, but for some reason the ticket
> obtained does not get stored.
I guess I'd try to
Affirmative, it is all caps in the logs.
I can re-send the log with the redactions case sensitive if that's
helpful. My apologies for causing confusion via my obfuscation.
-Chris
On 1/17/18 12:36 PM, Robbie Harwood wrote:
> Chris Moody writes:
>
>> On 1/17/18 8:27 AM,
Yes - I am redacting just the 2nd level domain name portion from any logs.
-Chris
On 1/17/18 8:27 AM, Robbie Harwood wrote:
> Chris Moody writes:
>
>> Thanks for taking a look gents. Ask and ye shall receive. :)
>>
>> -Chris
>>
>> ===[ CLI output ]==
>>
That's an incredible response, thank you so much Alexander.
I'll take my time digesting that and look into correcting the current
configuration.
With all that information I am pretty certain I can resolve several other
mis-configured services, I can't thank you enough!
On Wed, Jan 17, 2018 at
On ke, 17 tammi 2018, Callum Guy wrote:
Hi Alex,
I have now managed to create valid certificates after following your
provided example however I do have some questions.
Firstly in my situation there are multiple proxy instances which are
servicing this domain, for this reason I attempted to
Chris Moody writes:
> Thanks for taking a look gents. Ask and ye shall receive. :)
>
> -Chris
>
> ===[ CLI output ]==
> root@sfca-do-1:~# ipa-client-install -p admin --mkhomedir
> --hostname=`hostname`
> Discovery was successful!
> Client hostname:
Harald Dunkel via FreeIPA-users wrote:
> On 01/15/2018 09:04 PM, Rob Crittenden via FreeIPA-users wrote:
>>
>> That's fine but it doesn't address the original problem: he doesn't want
>> anything managing the clock on his system at all:
>>
>> "some ipa servers in my environment are not permitted
On 01/15/2018 09:04 PM, Rob Crittenden via FreeIPA-users wrote:
That's fine but it doesn't address the original problem: he doesn't want
anything managing the clock on his system at all:
"some ipa servers in my environment are not permitted to change
the clock."
These are LXC containers
Hi,
Just wondering if anyone had the time to take a look at this. My
understanding is that everything works up to the point that kerberos
authentication takes place successfully, but for some reason the ticket
obtained does not get stored.
Best regards,
Dimitrios
On Mon, Jan 15, 2018 at 9:21
Thanks so much Alexander - I'll have a go and come back if I experience any
difficulties.
Have a good day!
On Wed, Jan 17, 2018 at 11:06 AM Alexander Bokovoy
wrote:
> On ke, 17 tammi 2018, Callum Guy via FreeIPA-users wrote:
> >Hi All,
> >
> >I'm planning to add a
On ke, 17 tammi 2018, Callum Guy via FreeIPA-users wrote:
Hi All,
I'm planning to add a subdomain certificate for an internal web service
using FreeIPA CA however in my example I am applying the certificate to an
interim proxy server.
For example I want to sign a certificate for
Hi All,
I'm planning to add a subdomain certificate for an internal web service
using FreeIPA CA however in my example I am applying the certificate to an
interim proxy server.
For example I want to sign a certificate for "web.domain.com" and serve it
on host "proxy.domain.com".
Based on what I
21 matches
Mail list logo