Though you can completely rebuild preprod servers, still it would be
interesting how to reconnect prod servers with replicas again.
2018-02-01 8:41 GMT+03:00 Rob Brown via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:
> ok, did a little googling, and seems like KRA refers to the "vault"
As an update, the sscep application set works properly with the sub-CA so
it's definitely an issue on the certmonger side of things.
sscep in AES mode throws an exception in Dogtag and, unfortunately, sscep
also doesn't support above SHA1.
That said, it's at least reasonable isolation of the
I have 4 IPA servers, all masters, that were previously configured in a
"full mesh" replication.
2 in "prod", 2 in "preprod".
While trying to fix a replication issue, I accidentally did a:
ipa-replica-manage del
on one of the prod servers for BOTH preprod servers.
Now, the prod servers don't
David Harvey via FreeIPA-users wrote:
> Dear ipa-users,
>
> I've recently observed a pattern where adding a host certificate to a
> host only shows the association in the GUI for the server which issues
> the cert. I'm running FreeIPA 4.4.4.
>
> I request a certificate from the host(s) in
On 1/31/2018 4:07 PM, TomK via FreeIPA-users wrote:
On 1/31/2018 2:34 PM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote:
On 1/31/2018 12:21 PM, TomK wrote:
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31,
On 1/31/2018 2:34 PM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote:
On 1/31/2018 12:21 PM, TomK wrote:
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
On 1/31/2018
On 1/31/2018 2:34 PM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote:
On 1/31/2018 12:21 PM, TomK wrote:
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
On 1/31/2018
Roderick Johnstone via FreeIPA-users wrote:
> On 25/01/2018 16:56, Roderick Johnstone via FreeIPA-users wrote:
>> On 25/01/2018 13:43, Rob Crittenden via FreeIPA-users wrote:
>>> Roderick Johnstone via FreeIPA-users wrote:
On 24/01/2018 21:09, Rob Crittenden via FreeIPA-users wrote:
>
barrykfl--- via FreeIPA-users wrote:
> Auto reboot fail , I just try manual bootup cermonger.service still fail
>
> sudo systemctl -f start certmonger.service
>
> Jan 30 11:03:01 dbus[537]: [system] Activating systemd to h
> Jan 30 11:03:01 dbus-daemon[537]: dbus[537]: [system] Activ
> Jan 30
On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote:
> On 1/31/2018 12:21 PM, TomK wrote:
> > On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
> > > See inline..
> > >
> > > On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
> > > > On 1/31/2018 3:18 AM, TomK via FreeIPA-users
Hi Rob,
Thanks for getting back to me, I have no idea how I missed this message.
I dug through the CA and KRA debug logs and don't see any PKCS7 output
anywhere.
I've been running certmonger in debug mode connected to the foreground and
haven't really gotten anywhere there either.
I did
Hi all,
Is there any official literature about how to monitor FreeIPA?
The upstream guide mentions:
1) Testing clients using id
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/client-test
2) Adding a user on a
In case you are using kerberized NFS4, make sure that in your
/etc/exports file on your NFS server security is set to sys. In my
setup, that was the only option worked (for mkhomedir):
#cat /etc/exports
/export/home 192.168.161.0/24(rw,sec=sys:krb5p,no_root_squash)
Petros
On 01/31/2018
On 1/31/2018 12:21 PM, TomK wrote:
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
On 1/31/2018 3:18 AM, TomK via FreeIPA-users wrote:
My bad, did not include sssd-users earlier. :(
Hey All,
I'm wondering if anyone came across
Yes it is being exported via NFS.
On Wed, Jan 31, 2018 at 9:51 AM, Petros Triantafyllidis
wrote:
> Is your home directory exported as NFS? As far as I remember there are
> some differences between CentOS 6 and 7 regarding NFS versions that might
> affect you.
>
> Petros
>
>
>
>
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
On 1/31/2018 3:18 AM, TomK via FreeIPA-users wrote:
My bad, did not include sssd-users earlier. :(
Hey All,
I'm wondering if anyone came across this error below. We have two RHEL
Is your home directory exported as NFS? As far as I remember there are
some differences between CentOS 6 and 7 regarding NFS versions that
might affect you.
Petros
On 01/31/2018 06:30 PM, Kristian Petersen via FreeIPA-users wrote:
Update: I was putting together another client for a separate
Update: I was putting together another client for a separate purpose that
runs RHEL 6 instead of RHEL 7 and everything worked. So there must be
something different between RHEL6 and RHEL7 that causes the steps I am
using to fail on RHEL7.
On Mon, Jan 29, 2018 at 4:37 PM, Kristian Petersen
Dear ipa-users,
I've recently observed a pattern where adding a host certificate to a host
only shows the association in the GUI for the server which issues the cert.
I'm running FreeIPA 4.4.4.
I request a certificate from the host(s) in question with something like:
ipa-getcert request -f
Hello Flo,
I've checked the certificates, there are several ones in the LDAP databases
(got them with "ldapsearch -x -D "cn=Directory Manager" -W -b
"uid=pkiuser,ou=people,o=ipaca", hope that's correct?) and one of them is
identical to the one which I've got with certutil.
I've also checked
On 01/30/2018 05:17 PM, Harald Husemann via FreeIPA-users wrote:
Hello Flo,
and thanks again for your response. First of all, I've figured out that
the package "pki-symkey" was missing, so I've installed it with yum.
Now, according to systemctl, pki-tomcatd is running:
On 1/31/2018 3:18 AM, TomK via FreeIPA-users wrote:
My bad, did not include sssd-users earlier. :(
Hey All,
I'm wondering if anyone came across this error below. We have two RHEL
7.4 servers with SSSD 1.15.2: http-srv01 and http-srv02
Both connect to the same AD DC host below:
Hey All,
I'm wondering if anyone came across this error below. We have two RHEL
7.4 servers with SSSD 1.15.2: http-srv01 and http-srv02
Both connect to the same AD DC host below: addc-srv03.addom.com.
Verified krb5.conf and sssd.conf both are identical. We can login on
the http-srv01 and
23 matches
Mail list logo