Hey folks,
Would it be possible to get FreeIPA to sign an arbitrary, non IPA
managed CA? Background: Before FreeIPA we enrolled our own CA for
internal services and imported the CA into the browsers, which worked
like a charm. Now with FreeIPA we would have to import two CAs into the
browsers and
ALCON,
I believe the issue was resolved.
SOLUTION:
Add "certificate_verification = no_ocsp" to the SSSD section of sssd.conf.
REASON:
I think GDM was hiccuping out on the fact that the system wasn't able to reach
the OCSP servers stated in the cert.
Hello!
The FreeIPA team would like to announce FreeIPA 4.6.6 release!
It can be downloaded from http://www.freeipa.org/page/Downloads.
== Highlights in 4.6.6 ==
=== Enhancements ===
* 6077: [RFE] Support One-Way Trust authenticated by trust secret
With this enhancement, Identity Management (I
So, I tried doing the test section in the V4 doc below. However, I get an error.
https://www.freeipa.org/page/V4/Keytab_Retrieval
=
[root@ipa home]# ipa-getkeytab -r -s ipa.neverland.ddns.me -p
NFS/abyss.neverland.ddns.me -k abyss-nfs.keytab
Failed to parse result: Insufficie
Boyd Ako via FreeIPA-users wrote:
> So, I tried doing the test section in the V4 doc below. However, I get an
> error.
>
> https://www.freeipa.org/page/V4/Keytab_Retrieval
>
> =
> [root@ipa home]# ipa-getkeytab -r -s ipa.neverland.ddns.me -p
> NFS/abyss.neverland.ddns.me -k
Saurabh Garg via FreeIPA-users wrote:
> Hi Rob,
> Thanks for the reply.
>
> As Subject Key Identifier extension is mush in CA cert we cant go ahead with
> changing the current ca certification.
>
> Then we tried changing the cert for apache alone using the below commands
> with the root and int
Hi Rob,
Does the error make any sense?
Thank you for your time
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedora
Hi all,
Novajoin is for compute machine entegreted Free ipa server.But I want
configuration insteance on compute.
How are we use for Openstack insteance on compute machine?
Could you please help me?
Best Regards,
Nazan.
This e-mail and any attached files are confidential and may be legally
Hello Team
Can you tell me, if i can enroll a old Redhat 5.4 Tikanga i386 (kernel
v:2.6.18-164) to IPA Server 4.6.4 ?
I yes, can you please give the steps or link to do please ?
Thanks you
Mr Karim Bourenane
___
FreeIPA-users mailing list -- freeipa-
Hey,
I take it this is not possible an no one does this?
-Chris.
On 26/07/2019 17:00, Christian Reiss via FreeIPA-users wrote:
> Hey folks,
>
> We are running a lot of server, we nearly exhausted and allocated our
> /29 ipv6 allocation*.
>
> Let's say we have 10 really, really important server
Karim Bourenane via FreeIPA-users wrote:
> Hello Team
>
> Can you tell me, if i can enroll a old Redhat 5.4 Tikanga i386 (kernel
> v:2.6.18-164) to IPA Server 4.6.4 ?
>
> I yes, can you please give the steps or link to do please ?
ipa-client-install is available in RHEL 5.
rob
NAZAN CENGIZ via FreeIPA-users wrote:
> Hi all,
> Novajoin is for compute machine entegreted Free ipa server.But I want
> configuration insteance on compute.
> How are we use for Openstack insteance on compute machine?
> Could you please help me?
> Best Regards,
> Nazan.
Sorry, I don't fully unde
Christian Reiss via FreeIPA-users wrote:
> Hey,
>
> I take it this is not possible an no one does this?
It is not possible. HBAC only provides allow rules.
rob
>
> -Chris.
>
> On 26/07/2019 17:00, Christian Reiss via FreeIPA-users wrote:
>> Hey folks,
>>
>> We are running a lot of server, we
Jo Domsic via FreeIPA-users wrote:
> Hi Rob,
>
> Does the error make any sense?
AD isn't really my area, I merely knew which logs others would need for
evaluation.
rob
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscrib
Christina,
the easiest way to handle your situation is to create a new group for
allowed hosts, add all current hosts then remove the 10 you care about.
Finally set up an auto-membership rule so all new hosts are
automatically added to that group.
You will have to monitor/remove any new "special"
On Mon, 2019-07-29 at 11:47 -0400, Simo Sorce via FreeIPA-users wrote:
> Christina,
apologies for the typo, I meant "Christian" of course.
> the easiest way to handle your situation is to create a new group for
> allowed hosts, add all current hosts then remove the 10 you care about.
> Finally se
Hey,
auto membership. Perfect.
Yes that was what I was looking for. The fixed group does not change,
and with that I can do precisely that.
Thanks!
-Christina ;)
On 29/07/2019 17:47, Simo Sorce wrote:
> Christina,
> the easiest way to handle your situation is to create a new group for
> allowed
Christian Reiss via FreeIPA-users wrote:
> Hey folks,
>
> Would it be possible to get FreeIPA to sign an arbitrary, non IPA
> managed CA? Background: Before FreeIPA we enrolled our own CA for
> internal services and imported the CA into the browsers, which worked
> like a charm. Now with FreeIPA w
Florian Dahm via FreeIPA-users wrote:
> Hallo!
>
> I have been trying to install FreeIPA server and keep hitting this error
> message:
>
> "ipapython.admintool: ERRORThe host name [hostname of the local machine]
> does not match the primary host name [hostname of ANOTHER machine]. Please
>
On Mon, Jul 29, 2019 at 03:17:22PM -0400, Rob Crittenden via FreeIPA-users
wrote:
> Christian Reiss via FreeIPA-users wrote:
> > Hey folks,
> >
> > Would it be possible to get FreeIPA to sign an arbitrary, non IPA
> > managed CA? Background: Before FreeIPA we enrolled our own CA for
> > internal
20 matches
Mail list logo
