[Freeipa-users] AD domain shows as 'Offline' and is marked 'Inactive' in IPA server logs

Hi All, We are trying to get to the bottom of an issue with a (single instance) IPA server in a trust relationship with AD. IPA will (intermittently) fail to resolve all of a users’ groups. The IPA domain is ‘unix.domain.com’ and the AD domain is

[Freeipa-users] Re: IPA healthcheck for older versions

Hi Rob, Could this be because I removed the replica and there are records still dangling in the config? Is there a way to find out where they are and remove them? At the moment we have no active replicas, as I wanted to simplify the config so as to find the root cause of intermittent loss of

[Freeipa-users] Re: IPA healthcheck for older versions

Chris Welsh via FreeIPA-users wrote: > Hi Rob, > > I have run your tool and found it to report some issues. I wonder if you > could help me figure out what they are. Our problem is that we often have > staff who loose their groups and this has been happening for 3 years. > sss_cache -u

[Freeipa-users] Re: ipa-replica-install failing

Hi, I have the same issue with freeipa 4.3.1 on ubuntu 16.04 and freeipa 4.8.6 on ubuntu 20.20 (packages from ubuntu 19.10). Have you solved this issue? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an

[Freeipa-users] Add User attributes into the shemas & UI

Hello Team I want to know how easily I can add new attributes/objectclass into my FreeIpa platform, version 4.6.4. I see that I must create a new schema in ldif format beginning by cn=config Thanks you for your help Bien à vous / Regard Mr Karim Bourenane +33686464439 +32 493 86 63 54

[Freeipa-users] Re: Can't reinstate replica from scratch after it was off for 6 months

TL;DR: Unfortunately this doesn't help. I see this on Replica when running 'ipa-server-install --uninstall': u'nsds5replicaLastUpdateStatus': ['Error (19) Replication error acquiring replica: Replica has different database generation ID, remote replica may need to be initialized (RUV error)'].

[Freeipa-users] Re: getcert status: CA_REJECTED

Nice to know I'm not the only one I'll keep an eye on the Bugzilla. Winfried . -Oorspronkelijk bericht- Van: Rob Crittenden via FreeIPA-users < freeipa-users@lists.fedorahosted.org> Antwoord-naar: FreeIPA users list Aan: FreeIPA users list Cc: Winfried de Heiden , Rob Crittenden <

[Freeipa-users] Re: IPA healthcheck for older versions

Hi Rob, I have run your tool and found it to report some issues. I wonder if you could help me figure out what they are. Our problem is that we often have staff who loose their groups and this has been happening for 3 years. sss_cache -u username sometimes fixes it. Any advise greatly welcome.

[Freeipa-users] Re: getcert status: CA_REJECTED

Winfried de Heiden via FreeIPA-users wrote: > Hi all, > > For some reason, I messed up with several certificates in FreeIPA, > version: 4.8. One particular KRA cert seems problematic: > > Request ID '20200820113800': > status: CA_REJECTED > ca-error: Server at ":8080/ca/ee/ca/profileSubmit >

[Freeipa-users] getcert status: CA_REJECTED

Hi all, For some reason, I messed up with several certificates in FreeIPA, version: 4.8. One particular KRA cert seems problematic: Request ID '20200820113800':status: CA_REJECTED ca-error: Server at ":8080/ca/ee/ca/profileSubmit" replied: Missing credential: sessionID stuck: yes

[Freeipa-users] FreeIPA 4.8.9 released

The FreeIPA team would like to announce FreeIPA 4.8.9 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon. == Highlights in 4.8.9 * 5011: [RFE] Forward CA requests to dogtag or helper by