Hello Roderick,
Would you care to confirm that you indeed ran "getcert resubmit"
on the replica (the non-renewal master)?
I'm in the same situation as you were, and I'm reluctant to run commands
that could potentially make things worse.
-- Kees
On 31-01-2020 16:04, Roderick Johnstone via FreeIPA
By coincidence I found something in /var/log/messages that does not look
too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]:
[02/Oct/2020:09:41:30.887447735 +0200] - ERR - NSMMReplicationPlugin -
send_updates -
agmt="cn=pipa02.linux.oebb.at-to-pipa06.linux.mydomain.at" (pipa06:
At the moment we only have KRA on one of our eight IPA servers. Is it
sufficient to issue the ipa-kra-install command on a replica where the
CA role is already present?
Cheers,
Ronald
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.
On 01.10.20 18:10, Alexander Bokovoy wrote:
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
On 01.10.20 17:46, Alexander Bokovoy wrote:
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
Is it possible to set this flag by default for all new IPA hosts?
I checked the code
On 10/2/20 11:03 AM, Ronald Wimmer via FreeIPA-users wrote:
At the moment we only have KRA on one of our eight IPA servers. Is it
sufficient to issue the ipa-kra-install command on a replica where the
CA role is already present?
Hi,
yes, ipa-kra-install can be used to install a replica KRA. N
On 02.10.20 11:29, Florence Blanc-Renaud wrote:
On 10/2/20 11:03 AM, Ronald Wimmer via FreeIPA-users wrote:
At the moment we only have KRA on one of our eight IPA servers. Is it
sufficient to issue the ipa-kra-install command on a replica where the
CA role is already present?
Hi,
yes, ipa-kr
On 10/2/20 9:56 AM, Ronald Wimmer via FreeIPA-users wrote:
By coincidence I found something in /var/log/messages that does not look
too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]:
[02/Oct/2020:09:41:30.887447735 +0200] - ERR - NSMMReplicationPlugin -
send_updates -
agmt="c
On 9/20/20 1:31 PM, Stuart McRobert via FreeIPA-users wrote:
Dear flo,
Thanks for the helpful links.
To check whether replication is possible between the three freeipa
servers, via the web interface on each, I have successfully created
three new users:
+ On server 1 create a new user 1 and
On 02.10.20 11:43, Florence Blanc-Renaud wrote:
On 10/2/20 9:56 AM, Ronald Wimmer via FreeIPA-users wrote:
By coincidence I found something in /var/log/messages that does not
look too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns-slapd[1905]:
[02/Oct/2020:09:41:30.887447735 +0200] - ERR -
How could I possibly find the POSIX ids of all mapped Active Directory
users?
I do neither see them in LDAP nor do I find them with IPA user find.
Cheers,
Ronald
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe sen
Hi
I can find anything on search so here goes:
I installed freeipa with domain: company.com, but this now needs to change to
newcompany.net
Can someone please direct me to docs that i can read to make this change?
Thank you
Kobus
___
FreeIPA-users mailin
Hi,
On Fri, Oct 2, 2020 at 3:29 PM Kobus Bensch via FreeIPA-users
wrote:
>
> Hi
> I can find anything on search so here goes:
> I installed freeipa with domain: company.com, but this now needs to change to
> newcompany.net
> Can someone please direct me to docs that i can read to make this chang
On Fri, 2020-10-02 at 12:27 +0200, Ronald Wimmer via FreeIPA-users
wrote:
> How could I possibly find the POSIX ids of all mapped Active Directory
> users?
>
> I do neither see them in LDAP nor do I find them with IPA user find.
They are in AD, query AD please.
The only other option is to use a
On 10/2/20 12:06 PM, Ronald Wimmer via FreeIPA-users wrote:
On 02.10.20 11:43, Florence Blanc-Renaud wrote:
On 10/2/20 9:56 AM, Ronald Wimmer via FreeIPA-users wrote:
By coincidence I found something in /var/log/messages that does not
look too good:
Oct 2 09:41:30 pipa02.linux.mydomain.at ns
Hello Folks!
We are working on getting smart card authentication working using pinpad card
readers for improved security.
To do this we use:
FreeIPA Server is running on Fedora32 with latest updates. FreeIPA is also
configured to be Certificate Authority.
FreeIPA Clients are Fedora 32 based with
On 01-10-2020 22:05, Kees Bakker via FreeIPA-users wrote:
> On 01-10-2020 20:33, Rob Crittenden wrote:
>> Kees Bakker via FreeIPA-users wrote:
>>> Can I safely do the following?
>>>
>>> ipa-getcert resubmit -i 20181127141739
>>> ipa-getcert resubmit -i 20181127141749
>>> ipa-getcert resubmit -i 201
On 02.10.20 16:03, Simo Sorce via FreeIPA-users wrote:
On Fri, 2020-10-02 at 12:27 +0200, Ronald Wimmer via FreeIPA-users
wrote:
How could I possibly find the POSIX ids of all mapped Active Directory
users?
I do neither see them in LDAP nor do I find them with IPA user find.
They are in AD, qu
Hi Ronald
Look at the "Attribute Editor" tab against a user account in "Active Directory
users and computers." It should be in the list there (uidNumber) amongst other
useful things.
I'm no Microsoft administrator but am aware that this "Attribute Editor" tab is
not listed if you search for th
On 03.10.20 08:45, Angus Clarke wrote:
Hi Ronald
Look at the "Attribute Editor" tab against a user account in "Active
Directory users and computers." It should be in the list there
(uidNumber) amongst other useful things.
I'm no Microsoft administrator but am aware that this "Attribute
Edit
19 matches
Mail list logo
