[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, What cat I do to troubleshoot CA? On Wed 12. Feb 2020 at 01:00, Rob Crittenden wrote: > Dmitri Moudraninets wrote: > > Hi Rob, > > > > > > It seems that it does not help. I found a backup which was made via > > ipa-backup this summer. Can I use it somehow for recovery? We did > >

[Freeipa-users] Re: Is there any documentation for the ipapython library ?

On ti, 11 helmi 2020, Rob Crittenden via FreeIPA-users wrote: White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote: I would like to create some python automation scripts using it. Only the limited docs within the file(s) themselves + usage found elsewhere within IPA. We are trying to

[Freeipa-users] Re: Certificate showing invalid (possibly revoked) but is valid

On Tue, Feb 11, 2020 at 05:40:14PM -0500, Christopher Young via FreeIPA-users wrote: > I have a weird issue where I have my RHV (RedHat Virtualization) > environment system that has an IPA-issued certificate in place. This > has been working very well for some time. > > In any case, I'm

[Freeipa-users] Policy-based DNS zone update by network range

Hello, I wasn't able to find any documentation regarding this specific topic, so I don’t even know if this is support. Consider that my FreeIPA server have two network interfaces: eth0 on 192.168.0.0/16 eth1 on 172.16.0.0/12 I would like the Dynamic DNS to register in different DNS domain

[Freeipa-users] Re: Revocation process for FreeIPA Sub CA issued by ms-ca

Christopher Lord via FreeIPA-users wrote: > Hi All, > > We are doing a PoC of FreeIPA using a Sub CA issued by ms-ca as the CA > for FreeIPA. One of the test cases laid out by our security team is that > we need to be able to issue Sub CA certs for each FreeIPA replica so > that we are able to

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Dmitri Moudraninets wrote: > Hi Rob, > > > It seems that it does not help. I found a backup which was made via > ipa-backup this summer. Can I use it somehow for recovery? We did > nothing to certificates since that time. We only added users/groups/servers. > > Current situation: > I can't

[Freeipa-users] Re: Is there any documentation for the ipapython library ?

White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote: > I would like to create some python automation scripts using it. > Only the limited docs within the file(s) themselves + usage found elsewhere within IPA. We are trying to keep the API more stable than the past by deprecating things

[Freeipa-users] Revocation process for FreeIPA Sub CA issued by ms-ca

Hi All, We are doing a PoC of FreeIPA using a Sub CA issued by ms-ca as the CA for FreeIPA. One of the test cases laid out by our security team is that we need to be able to issue Sub CA certs for each FreeIPA replica so that we are able to revoke one of the Sub CAs and still have a

[Freeipa-users] Certificate showing invalid (possibly revoked) but is valid

I have a weird issue where I have my RHV (RedHat Virtualization) environment system that has an IPA-issued certificate in place. This has been working very well for some time. In any case, I'm suddenly finding that browsers are telling me the certificate is invalid, yet when I check things (I

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, It seems that it does not help. I found a backup which was made via ipa-backup this summer. Can I use it somehow for recovery? We did nothing to certificates since that time. We only added users/groups/servers. Current situation: I can't update certificates. getcert list shows multiple

[Freeipa-users] Is there any documentation for the ipapython library ?

I would like to create some python automation scripts using it. __ Daniel E. White daniel.e.wh...@nasa.gov NICS Linux Engineer NASA Goddard Space Flight Center 8800

[Freeipa-users] unsubscribe me please

see subject ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List

[Freeipa-users] Re: sss_ssh_authorizedkeys slow on IPA-server

Hi all, Got rid of the dropped packages by simply restarting the Cable modem/router... Anyway, this wasn't  the problem. Still cannot find the reason why sss_ssh_authorizedkeys slow on IPA-server is so slow, ONLY on the IPA-server... Winfried Op 10-02-2020 om 13:44 schreef Winfried de

[Freeipa-users] DNS to parent domain. How?

I'm probably not using the correct terminology, so giving me a starting point would be great. FreeIPA is authoritative for / master of 'identity.demarcohome.com'. Our common domain is 'demarcohome.com', and a BIND9 server is authoritative within our internal network for that zone. DiG-ging

[Freeipa-users] Re: ipa-ca-install fails on directory manager password

On ti, 11 helmi 2020, Nicholas DeMarco wrote: I really appreciate the responses. I'm reasonably familiar with Linux, but fairly new to Fedora, IPA, 389DS, so expect something basic that I missed or messed up. $ ls /etc/dirsrv drwxr-xr-x. 2 root root 55 Jan 23 16:27 config -rw---. 1

[Freeipa-users] ipa ad trust ldap signing

Hello , Next month microsoft is going to enforce ldap signing. https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023 Will this have an impact on ipa domain with an ad trust ? Rob ___ FreeIPA-users mailing list --

[Freeipa-users] Re: ipa-ca-install fails on directory manager password

I really appreciate the responses. I'm reasonably familiar with Linux, but fairly new to Fedora, IPA, 389DS, so expect something basic that I missed or messed up. $ ls /etc/dirsrv drwxr-xr-x. 2 root root 55 Jan 23 16:27 config -rw---. 1 dirsrv dirsrv 662 Jan 3 20:38 ds.keytab