[Freeipa-users] Strange CA error during FreeIPA connection

Hi, I report this issue about FreeIPA server: -- Request for enhancement A strange error is occurring when I try to access my FreeIPA. Issue The problem occurs when I try to access t

[Freeipa-users] Re: IdM with trust relationship with Samba AD DC - User accounts with passwords expired

Hello, On ti, 22 helmi 2022, Mateo Duffour via FreeIPA-users wrote: Hi, We currently have an IdM installation with a trust relationship with a Samba AD DC. Our user accounts reside on Samba AD DC, we dont have user accounts on IdM. We are having a problem with Samba user acounts that have its

[Freeipa-users] Re: Strange CA error during FreeIPA connection

Hi, are all the IPA services up and running on the replica (the kinit error suggests that either krb5.conf is badly configured or the kerberos server isn't running on the replica)? Please report the output of "ipactl status". flo On Wed, Feb 23, 2022 at 9:05 AM Alessandro Minonzio via FreeIPA-use

[Freeipa-users] Re: IdM with trust relationship with Samba AD DC - User accounts with passwords expired

Am Tue, Feb 22, 2022 at 03:40:27PM -0300 schrieb Mateo Duffour via FreeIPA-users: > Hi, > > We currently have an IdM installation with a trust relationship with a Samba > AD DC. Our user accounts reside on Samba AD DC, we dont have user accounts on > IdM. > We are having a problem with Samba

[Freeipa-users] Re: Local roles CA, DNS, DNSKeySync do not match globally used roles ADTRUST, CA, DNS, DNSKeySync.

On 2022-02-22 17:47, Rob Crittenden via FreeIPA-users wrote: Sigbjorn Lie via FreeIPA-users wrote: Hi list, After our upgrade from EL7 to EL8, the ipa-backup script is stating a warning: "Warning: Local roles CA, DNS, DNSKeySync do not match globally used roles ADTRUST, CA, DNS, DNSKeySync. A

[Freeipa-users] Re: Strange CA error during FreeIPA connection

Hi Florence, thanks for the support report the status of FreeIPA: [root@adv ~]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING ntpd Service: RUNNING pki-tomcatd Service: STOPPED ipa-otpd Service: STOPP

[Freeipa-users] Re: Not possible to find KDC with Autodiscovery

https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/NXQDRK3EXWJWWROHPXWTQTI2LMV3TLFV/ "IPA actually expects that primary domain and realm are the same (naming context above has to be the same as the primary domain) " We created DNS Records for the Domain and

[Freeipa-users] PTR records via/from DHCP

Hi guys. for zone such as this: 1.3.10.in-addr.arpa with dynamic updates from DHCP, IPA end up with PTR records like:   Record name: 30.1.3.10   PTR record: CROMO.private.road. to fix it - which end one should fiddle with, IPA's or DHCP's? many thanks, L. _

[Freeipa-users] Certificat REVOKED_EXPIRED / How to suppress ?

Hello Team How to delete expired certificats from IPA PKI and Dogtag definitively. We haven't found any help to do that. Can you help ? Bien à vous Mr Karim Bourenane +33686464439 +32 493 86 63 54 ___ FreeIPA-users mailing list -- freeipa-users@lists.f

[Freeipa-users] Re: Certificat REVOKED_EXPIRED / How to suppress ?

We have v4.6.8 API: 2.237 platform Bien à vous Mr Karim Bourenane +33686464439 +32 493 86 63 54 Le mer. 23 févr. 2022 à 16:05, Karim Bourenane a écrit : > Hello Team > > How to delete expired certificats from IPA PKI and Dogtag definitively. > We haven't found any help to do that. > > Can you

[Freeipa-users] Re: Certificat REVOKED_EXPIRED / How to suppress ?

Karim Bourenane via FreeIPA-users wrote: > Hello Team > > How to delete expired certificats from IPA PKI and Dogtag definitively. > We haven't found any help to do that. > > Can you help ? https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/UBHDH5SO4CBT3UL2LQ

[Freeipa-users] Re: PTR records via/from DHCP

lejeczek via FreeIPA-users wrote: > Hi guys. > > for zone such as this: 1.3.10.in-addr.arpa > > with dynamic updates from DHCP, IPA end up with PTR records like: > >   Record name: 30.1.3.10 >   PTR record: CROMO.private.road. > > to fix it - which end one should fiddle with, IPA's or DHCP's?

[Freeipa-users] reset another user's password from IPA client

Hello, We have a third-party software which needs to change other user's passwords without requiring the user to choose a new one.  It is able to do this for local users in /etc/passwd, but not for IPA users.   To try to solve this, we've to set up a special account and given it the following

[Freeipa-users] Re: reset another user's password from IPA client

Patrick Larkin via FreeIPA-users wrote: > Hello, > > We have a third-party software which needs to change other user's > passwords without requiring the user to choose a new one.  It is able to > do this for local users in /etc/passwd, but not for IPA users.   To try > to solve this, we've to set

[Freeipa-users] Re: Strange CA error during FreeIPA connection

Hi, so there are at least 2 issues to fix: - kinit admin fails - pki-tomcatd service and ipa-otpd service are stopped. For the first issue, can you run: # KRB5_TRACE=/dev/stderr kinit admin This will print more details (if DNS resolution is used etc...) For the 2nd issue, you need to have a look