netcicd S via FreeIPA-users wrote:
> OK found it.
>
> Create a file called PKI.conf and add
> ```
> [CA]
> pki_random_serial_numbers_enable = True
> ```
> in the dockerfile:
>
> COPY pki.conf /etc/pki/pki.conf
>
> in docker-compose under environment in IPA_SERVER_INSTALL_OPTS add:
>
>
OK found it.
Create a file called PKI.conf and add
```
[CA]
pki_random_serial_numbers_enable = True
```
in the dockerfile:
COPY pki.conf /etc/pki/pki.conf
in docker-compose under environment in IPA_SERVER_INSTALL_OPTS add:
--pki-config-override=/etc/pki/pki.conf
Hi Rob,
On Wed, Feb 9, 2022 at 9:32 AM Rob Verduijn via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi all,
>
> I'm trying to reduce the number of systems in my network.
> Currently if I want to use a pi-hole in combination with freeipa one of
> them is going to use the other
Simon Matthews via FreeIPA-users wrote:
> My primary nameserver is on another machine. It is already configured with an
> RNDC key to allow updates from DHCP.
>
> How would I tell IPA to use this RNDC key to update the primary?
>
> I assume that these updates come from the IPA server, not the
Hello Stephen,
On Fri, Feb 4, 2022 at 1:17 PM Stephen Berg, Code 7309 via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> New-ish ipa-4.9.6 setup on rocky linux 8.5. Initially we just setup the
> basic IPA services without DNS. I've started setting up ipa-dns now and
> not quite
I am running FreeIPA 4.9.8 as a Docker container and Firefox refuses the
certificate as the serial has been reused. I found this post:
https://bugzilla.redhat.com/show_bug.cgi?id=747959 and this post:
https://galenabell.com/2018/10/23/random-certificate-serials-in-freeipa/, but
the files
My primary nameserver is on another machine. It is already configured with an
RNDC key to allow updates from DHCP.
How would I tell IPA to use this RNDC key to update the primary?
I assume that these updates come from the IPA server, not the client when
enrolling a client.
Currently, the
lejeczek via FreeIPA-users wrote:
> On 08/02/2022 19:45, Rob Crittenden wrote:
>> lejeczek via FreeIPA-users wrote:
>>> Hi guys
>>>
>>> Is it possible to insert/include Organizational Unit (OU) for host
>>> certificates?
>> You'd need to create a custom certificate profile.
>>
>> rob
>>
> If might
Ahti Seier via FreeIPA-users wrote:
> First of all. FreeIPA servers should be one of the best guarded servers
> in any infrastructure. In addition to service private keys they contain
> the private key to the internal CA certificate, the kerberos database
> (user password hashes) etc. It is a very
Hi Thierry,
I commented on the issue and posted the link to the script I made on GitHub.
Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora
thanks a lot
with shell_override = /bin/bash in sssd.conf it works
best regards
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
First of all. FreeIPA servers should be one of the best guarded servers in
any infrastructure. In addition to service private keys they contain the
private key to the internal CA certificate, the kerberos database (user
password hashes) etc. It is a very bad idea to run other non-related
services
Hi all,
I'm trying to reduce the number of systems in my network.
Currently if I want to use a pi-hole in combination with freeipa one of
them is going to use the other as a forwarder.
And without some firewall/router port redirection magic (also hopelessly
complicating things) this is not going
Am Wed, Feb 09, 2022 at 11:09:02AM - schrieb Sascha Hartl via FreeIPA-users:
> Hello
>
> could now verify it's not the subdirectory
>
> i performe a homdirectory-override to /home/testuser in sssd.conf,
> the error is the same
>
> Failed to import environment: Process
Hi Edward,
thank you so much diving up to the RC. I opened
https://github.com/389ds/389-ds-base/issues/5158 to track that issue
regards
thierry
On 2/9/22 1:29 AM, Edward Valley via FreeIPA-users wrote:
Hi,
Finally, I made a bash script that:
1. Receives as arguments a 'base' and a
Hello
could now verify it's not the subdirectory
i performe a homdirectory-override to /home/testuser in sssd.conf,
the error is the same
Failed to import environment: Process org.freedesktop.systemd1 exited with
status 1
/etc/X11/xinit/Xsession: line 88: /home/testuser/ /usr/bin/ssh-agent
Hello
yes the directory is there
[root@as16148 testuser]# pwd
/home/domain/testuser
for direct ipa-user it works with your suggestion i got a desktop via xorg
[root@as16148 ipauser]# pwd
/home/ipauser
but for AD-User via IPA it doesn't work.
I think the subdirectory "domain" is a problem...
Am Wed, Feb 09, 2022 at 08:57:04AM - schrieb Sascha Hartl via FreeIPA-users:
> found this in addition
>
> [root@host testuser]# cat .xsession-errors
> Failed to import environment: Process org.freedesktop.systemd1 exited with
> status 1
> /etc/X11/xinit/Xsession: line 88:
Only a problem if you want to use SSHFP records to verify the host keys
presented by the SSH server running on the client.
When SSHing to the client from another machine that has been enrolled, the host
key will usually be verified by sss_ssh_knownhostsproxy which does not use
SSHFP records.
found this in addition
[root@host testuser]# cat .xsession-errors
Failed to import environment: Process org.freedesktop.systemd1 exited with
status 1
/etc/X11/xinit/Xsession: line 88: /home/domain/testuser/ /usr/bin/ssh-agent
/etc/X11/xinit/Xclients: No such file or directory
Hello
thanks for the answer but
added xrdp-sesman to the ruleset and it didn't work
[20220209-09:32:55] [INFO ] Socket 8: AF_INET connection received from
127.0.0.1 port 43158
[20220209-09:32:56] [INFO ] Terminal Server Users group is disabled, allowing
authentication
[20220209-09:32:56] [INFO
21 matches
Mail list logo
