On Tue, Mar 20, 2018 at 08:22:53AM -0500, Kirk VanOpdorp via FreeIPA-users
wrote:
> I have an external CA that I need to renew due to the root CA expiring soon
> and they grumbled at the CA subject last time and I suggested I would look
> into changing it. I don't see any route via the
So for some reason yesterday my replication broke. Checked out the logs and
found this:Mar 20 14:16:02 freeipa01 systemd: ipa-dnskeysyncd.service: main
process exited, code=exited, status=1/FAILUREMar 20 14:16:02 freeipa01 systemd:
Unit ipa-dnskeysyncd.service entered failed state.Mar 20
While doing some troubleshooting on replication I found that I have an old
server in my replica list-ruvs. How would I go about removing that?___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
So I made the changes to the SecurityGroup in AWS and my local FreeIPA servers
can't talk up. I suspect this is something on the AWS side. :-(
On Tuesday, March 20, 2018 9:17 AM, Andrew Meyer via FreeIPA-users
wrote:
Thank you sir! I will added
indeed, there has been a problem for a very long time. I think the
problem happened at the time of the migration centos 6 to centos 7.
# ipa ca-show ipa
ipa: ERROR: ipa: Certificate Authority Not Found
how can I solve this little/big problem?
thx
Pierre
Le 17/03/2018 à 15:04, Pierre
On ti, 20 maalis 2018, Andrew Meyer via FreeIPA-users wrote:
I have FreeIPA setup on CentOS 7 in AWS. However we are looking to
lock down communication over our VPN tunnel. Trying to do some
research to see what ports I need. I've gotten most of them,
80,443,88,464,389,636,123. I have it
I have FreeIPA setup on CentOS 7 in AWS. However we are looking to lock down
communication over our VPN tunnel. Trying to do some research to see what
ports I need. I've gotten most of them, 80,443,88,464,389,636,123. I have it
setup to allow UDP/TCP for both sides. However in the amazon
I have an external CA that I need to renew due to the root CA expiring soon
and they grumbled at the CA subject last time and I suggested I would look
into changing it. I don't see any route via the ipa-cacert-manage renew to
change the subject but I'd be up for investigating if you have any