On 18.11.20 09:46, Alexander Bokovoy wrote:
On ke, 18 marras 2020, Ronald Wimmer via FreeIPA-users wrote:
On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
After upgrading our IPA servers AD user resolution seems to have
stopped working.
id myADUser says:
id: ‘myADUser’: no such user
Cody Ashe-McNalley via FreeIPA-users wrote:
> One of the replicas does NOT show the ca-error in `getcert list`. Should I
> resync the other 2 from that replica?
It's curious that no conflict entries were found. I'd suggest looking
explicitly before doing a force re-init.
ldapsearch -x -D 'cn=di
> On 11/17/20 6:27 PM, Corey Devenport via FreeIPA-users wrote:
>
> Hi,
>
> you need first to identify the right RA cert to use. On all the servers,
> check the content of /var/lib/ipa/ra-agent.pem, for instance with:
> # openssl x509 -noout -text -in /var/lib/ipa/ra-agent.pem
>
> The right one
Kevin Cassar via FreeIPA-users wrote:
> Hi all,
>
> In my setup I have TOTP (software token) enabled, and it works as intended.
> My only concern is, that I want only the "admin" to be able to generate
> software tokens, that they later can assign to users.
> Essentially, I want to do away with
On 11/17/20 3:56 PM, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
how can I list the expiration dates of the ca certificate chain, before
it is too late? External ca.
Regards
Harri
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahoste
On 11/17/20 6:27 PM, Corey Devenport via FreeIPA-users wrote:
Update:
In using the command ipa-certupdate all of the IPA Servers have all the certs
as MONITORING, including the caSigningCert. However, the authentication
problem persists, and I still get the 403 cannot communicate with CMS when
On ke, 18 marras 2020, Ronald Wimmer via FreeIPA-users wrote:
On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
After upgrading our IPA servers AD user resolution seems to have
stopped working.
id myADUser says:
id: ‘myADUser’: no such user
It might have something to do with:
sssctl
On 18.11.20 09:41, Ronald Wimmer via FreeIPA-users wrote:
On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
After upgrading our IPA servers AD user resolution seems to have
stopped working.
id myADUser says:
id: ‘myADUser’: no such user
It might have something to do with:
sssctl doma
On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
After upgrading our IPA servers AD user resolution seems to have stopped
working.
id myADUser says:
id: ‘myADUser’: no such user
It might have something to do with:
sssctl domain-status org.mydomain.at
Online status: Offline
But why i
After upgrading our IPA servers AD user resolution seems to have stopped
working.
id myADUser says:
id: ‘myADUser’: no such user
Why? The log say:
==> /var/log/sssd/sssd_nss.log <==
(2020-11-18 9:09:59): [nss] [accept_fd_handler] (0x0400): Client
[0x55b92cb403e0][26] connected!
(2020-11-18
Yes, that appears to be the problem.
We have not confirmed it yet with the customer, but tests we did with a test
root-ca (openssl) did show that the certificate needs to have the same order of
the DN components as the csr in order for FreeIPA to accept it.
Our tests also showed that we can set
11 matches
Mail list logo