Hello
I suggest running the hbactest function, somrthing like:
ipa hbactest --user=user1 --host=fqdn.of.target.server --service=login
Regards
Angus
From: Kristian Petersen via FreeIPA-users
Sent: 16 March 2020 21:57
To: FreeIPA users list
Cc: Kristian Petersen
On 3/16/20 11:44 PM, Bhavin Vaidya via FreeIPA-users wrote:
Hello,
We had similar issue 2 yrs back, and resurface as it didn't auto-renew.
Went back in time to 2016-06-11 as well as 2020-02-20, restarted
"certmonger", didn't update.
Hi,
you need to check first which server is your renewal m
Hi,
I've upgraded freeipa 4.6.x environment on Fedora 27 to 4.8.4 on fedora 31.
- remove old replica
- install fedora 31
- connect as new replica...
now:
389-ds-base-1.4.2.8-3.fc31.x86_64
freeipa-server-4.8.4-2.fc31.x86_64
after that, I have many errors:
setup_pr_read_pds - Not listening for new
Hi,
At startup DS creates a connection table with a fixed size.
The message "setup_pr_read_pds - Not listening for new connections - too
many fds open" means that the number of established connections
exhausted the table limit.
What are the values of nsslapd-conntablesize and
nsslapd-reserve
example: api.Command.user_show(u'admin')
I want to add a --all option like the command line
I want to process freeipa users and host information with python
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an emai
Hello!
The FreeIPA team would like to announce FreeIPA 4.8.5 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 30-32 versions will be available soon.
== Highlights in 4.8.5 ==
- [8214] openDNSSEC 2.1 support
- [8221] AJP connector protection
for Dog
On 3/17/20 10:21 AM, Diadormu ZMJ via FreeIPA-users wrote:
example: api.Command.user_show(u'admin')
I want to add a --all option like the command line
I want to process freeipa users and host information with python
Hi,
you can simply call api.Command.user_show(u'admin', all=True)
flo
_
Sorry for the high latency, there has been quite a bit of prio 1
things that needed
fixing that's been delaying this
On Wed, Feb 5, 2020 at 7:13 PM Rob Crittenden wrote:
>
> Please keep responses on the list.
>
> Ian Kumlien wrote:
> > ipa find-user admin
> > ipa: ERROR: No valid Negotiate header
Hi,
nsslapd-conntablesize = 1024 - I’ve changed on one server to 2028
nsslapd-reservedescriptors: 64 - I don’t know if increase this value?
currentconnections: 960
opened fd (chnaged conntablesize):
find /proc/23515/fd | wc -l
1043
on bad server:
currentconnections: 958 (bad no errors at this mo
On 3/17/20 11:44 AM, Bhavin Vaidya via FreeIPA-users wrote:
Hello Flo,
thank you for your response.
[root@srv01 ~]# ipa config-show | grep renewal
IPA CA renewal master: srv01.arteris.com
We followed following step, but Certificates will not renew.
Stopped NTP and went back to 2018-05-11
s
On 3/17/20 12:14 PM, Lukasz Jaworski via FreeIPA-users wrote:
Hi,
nsslapd-conntablesize = 1024 - I’ve changed on one server to 2028
nsslapd-reservedescriptors: 64 - I don’t know if increase this value?
currentconnections: 960
opened fd (chnaged conntablesize):
find /proc/23515/fd | wc -l
1043
I have installed the ipa server by using the following command:
-
ipa-server-install
--realm "EXAMPLE.COM" -p 'password' -a 'password'
--hostname="server.example.com" -n example.com
--ip-address="10.1.4.2"
--dirsrv-cert-file=/etc/pki/tls/private/example.com.pem
--dirsrv-
On Tue, Mar 17, 2020 at 1:18 PM Peter Tselios via FreeIPA-users
wrote:
>
> I have installed the ipa server by using the following command:
>
> -
> ipa-server-install
> --realm "EXAMPLE.COM" -p 'password' -a 'password'
> --hostname="server.example.com" -n example.com
> --ip-address="10.
You must first install the ipa-client !
And you can pass your certs option in the ipa-client-install, then the
ipa-replica-install will use them and perform the replication from your primary
server with the correct certs...
-Message d'origine-
De : Peter Tselios via FreeIPA-users
[mailt
Many thanks to all.
This means I have a lt of work ahead of me.
I am using ansible for the installation and for the moment I don't use the
freeipa modules.
I will try with a p12 file and see if there is any improvement, if not, I will
fall back to ipa-client install.
_
By the way, the information you provided are the complete opposite of the
information here:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-replica_installing-identity-management#installing-an-ipa-replica-without-a-ca_
I ran that and the sshd service shows access granted True even though
ssh-ing in doesn't work. Does the user have to have both login and sshd to
login via ssh? Other users that have the same permissions are able to get
in OK which is why this is so confusing.
On Tue, Mar 17, 2020 at 1:04 AM Angu
Ian Kumlien wrote:
> Sorry for the high latency, there has been quite a bit of prio 1
> things that needed
> fixing that's been delaying this
>
> On Wed, Feb 5, 2020 at 7:13 PM Rob Crittenden wrote:
>>
>> Please keep responses on the list.
>>
>> Ian Kumlien wrote:
>>> ipa find-user admin
>>> ipa:
Peter Tselios via FreeIPA-users wrote:
> By the way, the information you provided are the complete opposite of the
> information here:
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-replica_installing-identity-manag
Kristian Petersen via FreeIPA-users wrote:
> I ran that and the sshd service shows access granted True even though
> ssh-ing in doesn't work. Does the user have to have both login and sshd
> to login via ssh? Other users that have the same permissions are able
> to get in OK which is why this is
On ti, 17 maalis 2020, Alexander Bokovoy via FreeIPA-devel wrote:
Hello!
The FreeIPA team would like to announce FreeIPA 4.8.5 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 30-32 versions will be available soon.
The delivery of Fedora builds is de
Thanks,
are --raw and other options used in the same way?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraprojec
due to all that has been going on it took a while to get back to this issue.
it was multiple things happening at the same time. 1) firmware on one device
needed to be updated to accept certs properly.
2) unknown lockup issues, I rebuilt the vm from scratch to re-verify results
and it works
Diadormu ZMJ via FreeIPA-users wrote:
> Thanks,
>
> are --raw and other options used in the same way?
By data type, yes.
rob
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@list
I have a manjorao desktop in the environment that i need to be able to access
the freeipa based systems and not get cert errors every where. I will probably
attempt to build the client on that system in the future but right now i just
need the certs freeipa made to be valid.
how does one go a
Kendrick . via FreeIPA-users wrote:
> due to all that has been going on it took a while to get back to this issue.
> it was multiple things happening at the same time. 1) firmware on one device
> needed to be updated to accept certs properly.
> 2) unknown lockup issues, I rebuilt the vm from
26 matches
Mail list logo
