[Freeipa-users] Re: AD Trust not working after IPA server reinstall

Hi Florence. On 20 Aug 2021, at 05:29, Florence Renaud mailto:f...@redhat.com>> wrote: Hi, On Thu, Aug 19, 2021 at 7:09 PM Vinícius Ferrão via FreeIPA-users mailto:freeipa-users@lists.fedorahosted.org>> wrote: Hello, I had to reinstall our IPA server since we had Filesystem corruption beyond

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname Replication conflict

Hi Rob, There are 5 more reverse zones which can not be deleted as well. IPA said "Not allowed on non-leaf entry". Though that is the same complaint, however, there are no "glue, extensibleobject" objectclasses associated with those 5 zones. Please see attached for details. I like to have those de

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

Yes, that is the fix! After I added it to the ipaservers hostgroup, ran ipa-healthcheck, this error is gone! Thank you, Rob and Florence! Kathy. On Fri, Aug 20, 2021 at 11:12 AM Rob Crittenden wrote: > Kathy Zhu wrote: > > Hi Florence, > > > > Thank you for your help here! > > > > Please see

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

Kathy Zhu wrote: > Hi Florence, > > Thank you for your help here!  > > Please see attached details. As you expected, dn="fqdn=ipa2.example.com > ,cn=computers,cn=accounts,dc=example,dc=com". > How to correct this? Thanks. See if this host is in the ipaservers host group

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

Hi Florence, Thank you for your help here! Please see attached details. As you expected, dn="fqdn=ipa2.example.com,cn=computers,cn=accounts,dc=example,dc=com". How to correct this? Thanks. Kathy. [root@ipa2 ~]# klist -A Ticket cache: KEYRING:persistent:0:0 Default principal: ad...@example.com

[Freeipa-users] Re: ldap provider variables for AD trust

iulian roman via FreeIPA-users wrote: > Hello, > > I have some old clients (sssd 1.9) for which I need to use ldap provider in > sssd.conf. Does anyone know how ldap_search_base variables should look like > in order to resolve the AD users ? > With the default settings, it does resolve the pos

[Freeipa-users] ldap provider variables for AD trust

Hello, I have some old clients (sssd 1.9) for which I need to use ldap provider in sssd.conf. Does anyone know how ldap_search_base variables should look like in order to resolve the AD users ? With the default settings, it does resolve the posix users/groups from IPA but not the AD users. __

[Freeipa-users] Re: UI can't list certs on fedora latest. Java bug?

Hi, The discussions about deleting certs you provided have a certain 'academic' quality, the fail to address the needs of actual people faced with the reality of more certs than the system can display much less ever find use (owing to mishaps with the API generating useless certs, closed customer

[Freeipa-users] FreeIPA 4.9.7

The FreeIPA team would like to announce the FreeIPA 4.9.7 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 35 and 36 will be available from the official repository soon. The release notes can be read online: https://www.freeipa.org/page/Releases/4.9.7 or

[Freeipa-users] Re: AD Trust not working after IPA server reinstall

Hi, On Thu, Aug 19, 2021 at 7:09 PM Vinícius Ferrão via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello, > > I had to reinstall our IPA server since we had Filesystem corruption > beyond repair on it. > > After the reinstall (with ipa-replica-install) AD Trust does not seems

[Freeipa-users] Re: UI can't list certs on fedora latest. Java bug?

Hi, we have an open ticket for pruning expired certs from the database, please see ticket 7219 . Note that this mentions only expired certs, not unused certs. The problem was already discussed a few times in the past, see for instance - Removal of obsolete cer