[Freeipa-users] Re: FreeIPA Client AD Trust user look-up latencies and results

2019-05-02 Thread Alexander Bokovoy via FreeIPA-users
On Thu, 02 May 2019, John Desantis via FreeIPA-users wrote: Alexander, Apologies for the delay in responding. Our A.D. admins have been quite busy. Can you remove it from IPA and add ipa idoverridegroup-add 'Default Trust View' adglobalposixgroup@ad.domain --gid 10001 after you added

[Freeipa-users] Re: FreeIPA Client AD Trust user look-up latencies and results

2019-05-02 Thread John Desantis via FreeIPA-users
Alexander, Apologies for the delay in responding. Our A.D. admins have been quite busy. > Can you remove it from IPA and add > > ipa idoverridegroup-add 'Default Trust View' adglobalposixgroup@ad.domain > --gid 10001 > > after you added adglobalposixgroup in AD? Alright, this was done and the

[Freeipa-users] Re: http Certificate expired

2019-05-02 Thread Rob Crittenden via FreeIPA-users
Klaus Vink Slott via FreeIPA-users wrote: > Rob Crittenden via FreeIPA-users: >> Klaus Vink Slott via FreeIPA-users wrote: >>> Today Rob Crittenden wrote: Klaus Vink Slott via FreeIPA-users wrote: > Den 01/05/2019 kl. 21.48 skrev Rob Crittenden via FreeIPA-users: >> Klaus Vink Slott

[Freeipa-users] Re: http Certificate expired

2019-05-02 Thread Klaus Vink Slott via FreeIPA-users
Rob Crittenden via FreeIPA-users: > Klaus Vink Slott via FreeIPA-users wrote: >> Today Rob Crittenden wrote: >>> Klaus Vink Slott via FreeIPA-users wrote: Den 01/05/2019 kl. 21.48 skrev Rob Crittenden via FreeIPA-users: > Klaus Vink Slott via FreeIPA-users wrote: >> Have had a small

[Freeipa-users] Re: http Certificate expired

2019-05-02 Thread Rob Crittenden via FreeIPA-users
Klaus Vink Slott via FreeIPA-users wrote: > Today Rob Crittenden wrote: >> Klaus Vink Slott via FreeIPA-users wrote: >>> Den 01/05/2019 kl. 21.48 skrev Rob Crittenden via FreeIPA-users: Klaus Vink Slott via FreeIPA-users wrote: > Have had a small FreeIPA setup running for some time, but

[Freeipa-users] ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (500)

2019-05-02 Thread H. Frenzel via FreeIPA-users
Hi, trying to delete a host failed with "Unable to communicate with CMS (500)" # ipa host-del foo.bar.local ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (500) Checking the pki logs shows "Subsystem unavailable" #

[Freeipa-users] Re: http Certificate expired

2019-05-02 Thread Klaus Vink Slott via FreeIPA-users
Today Rob Crittenden wrote: > Klaus Vink Slott via FreeIPA-users wrote: >> Den 01/05/2019 kl. 21.48 skrev Rob Crittenden via FreeIPA-users: >>> Klaus Vink Slott via FreeIPA-users wrote: Have had a small FreeIPA setup running for some time, but today I was unable to login at the web-gui

[Freeipa-users] Re: http Certificate expired

2019-05-02 Thread Rob Crittenden via FreeIPA-users
Klaus Vink Slott via FreeIPA-users wrote: > Den 01/05/2019 kl. 21.48 skrev Rob Crittenden via FreeIPA-users: >> Klaus Vink Slott via FreeIPA-users wrote: >>> Have had a small FreeIPA setup running for some time, but today I was >>> unable to login at the web-gui on the master. It was possible to

[Freeipa-users] free-ipa-client with otp (sssd) on linux laptop how to keep working on different networks.

2019-05-02 Thread Jelle de Jong via FreeIPA-users
Hello everybody, What would be the way to configure a linux laptop free-ipa-client (sssd) with freeipa users with otp (2fa) passwords, to keep working on other networks then the local lan of the freeipa server? Is there a sssd config option that can be used or port forwardings on firewalls?