Hi all,
Yep, I do use user-certs for authentication and it seems ocsp takes
time; but only on the IPA-server. Even on a Rapsberry Pi 3 as an
IPA-client, using the same IPA-server, it is 4 times faster...
Hence; something seems going wrong in oscp, but what could be causing
the problem?
Win
Hi all,
Seems like a usefull feature; oscp and I rather keep it enabled. On all
other IPA-clients, even a Raspberry Pi 3, it is much much more fast. On
the IPA-server is suffering here :(
What could be causing this slowness
Winfried
Op 10-02-2020 om 08:13 schreef Sumit Bose via FreeIPA
On Mon, Feb 10, 2020 at 09:54:04AM +0100, Winfried de Heiden via FreeIPA-users
wrote:
> Hi all,
>
> Yep, I do use user-certs for authentication and it seems ocsp takes time;
> but only on the IPA-server. Even on a Rapsberry Pi 3 as an IPA-client, using
> the same IPA-server, it is 4 times faster.
Hi all,
sssd 2.20 is being used.
I cannot figure out why the network might cause problems since the "good
clients" are running on the same network, switches etc.
I dived into it anyway, finding a rather large and increasing number of
dropped packages and dive into that first. Nevertheless, t
Hi everyone,
I have a CentOS8 FreeIPA 4.8.0 test environment with a CentOS8 client. I'm
enforcing smart card authentication on the client by setting the
"authentication indicator" to "pkinit" with the command "ipa host-mod
--auth-ind=pkinit". This works fine to restrict SSH, GDM and Console lo
On ma, 10 helmi 2020, Leon Castellano via FreeIPA-users wrote:
Hi everyone,
I have a CentOS8 FreeIPA 4.8.0 test environment with a CentOS8 client.
I'm enforcing smart card authentication on the client by setting the
"authentication indicator" to "pkinit" with the command "ipa host-mod
--auth-in
Natxo thank you. I will look at this on the machines joining the domain.
Do you know any workaround during the IPA server install?
Thanks,
On 9 Feb 2020, at 07:06, Natxo Asenjo via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
hi Vinícius,
On Fri, Feb 7, 2020 at 9:29 PM
Hi Alexander,
Thanks for the prompt reply!
I tried the suggestion you made about p11-kit remoting. I got the forwarding
working and I can see token on the remote machine when I run:
p11tool --provider /usr/lib64/pkcs11/p11-kit-client.so --list-tokens
and I can also see the module listed when I
I'm not having success with that truncated instance string, either:
$ dsconf -D "cn=Directory Manager" IDENTITY-DEMARCOHOME-COM
directory_manager password_change
Error: Could not find configuration for instance: IDENTITY-DEMARCOHOME-COM
The instance is present. I can also see it on Cockpit's 389DS
Hallo,
right now checkipaconsistency reports an error when not all IPA servers
havew AD trust enabled. My first two IPA servers running CentOS 7 do
have KRA enabled, but installing KRA on a new CentOS 8 replica failed.
Would it be useful to check that in checkipaconsistency?
If yes, here's my f
On Mon, Feb 10, 2020 at 01:44:52PM +0100, Winfried de Heiden via FreeIPA-users
wrote:
> Hi all,
>
> sssd 2.20 is being used.
Hi,
with this version all validation should be done with the help of
p11_child. If you add debug_level=9 to the [ssh] section of sssd.conf
you should be able to see from
On ma, 10 helmi 2020, Nicholas DeMarco wrote:
I'm not having success with that truncated instance string, either:
$ dsconf -D "cn=Directory Manager" IDENTITY-DEMARCOHOME-COM
directory_manager password_change
Error: Could not find configuration for instance: IDENTITY-DEMARCOHOME-COM
The instance
12 matches
Mail list logo
