Hi all,
Having read up on whether replica servers can also replicate the lock
status of an account. I'm trying to find out what the current status is on
the latest FreeIPA v4.x.
What are the available options? Right now having to log into multiple IPA
servers to find lockouts is a real pita and s
This happen randomly, local root can login through SSH to the affected system
but for freeipa user, login was successful but there's no prompt.
When successfully logged in, it only display a message saying "Last login: xxx"
and then no prompt.
There's no sssd errors though, restarting the service
Greetings,
I'm trying to configure my replica IPA servers to support PKINIT.
[root@office-ipa-1 ~]# ipa-pkinit-manage enable
Configuring Kerberos KDC (krb5kdc)
[1/1]: installing X509 Certificate for PKINIT
PKINIT certificate request failed: Certificate issuance failed
(CA_UNREACHABLE: Server at
Hello,
On 6/22/23 16:08, Finn Fysj via FreeIPA-users wrote:
The installation of IPA server and replica does not produce desired result.
Even though the mkhomedir is set to true the feature is not enabled in the
authselect. Also the replica server does not replicate SUDO and HBAC rules from
the
The installation of IPA server and replica does not produce desired result.
Even though the mkhomedir is set to true the feature is not enabled in the
authselect. Also the replica server does not replicate SUDO and HBAC rules from
the IPA master.
Is the only solution to re-install the whole IPA s
There's no direct failures, however, it won't copy groups that already exists,
which is probably the case here. "Admins" already exists on the installed IPA.
It's understandable Rob, however, we don't use the full capabilities of
FreeIPA, only the LDAP and UI aspects of it.
Cheers.
___
> On Jun 21, 2023, at 18:07, Rob Crittenden wrote:
>
> Joe Rhodes via FreeIPA-users wrote:
>> Hello all!
>>
>> I have a CentOS 7 based FreeIPA system that I’m migrating to Rocky 9.
>> As suggested, I’ve created a Rocky 8 instance replica first.
>>
>> As I’ve been working on this (in a dev en
Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> Hi,
>
> We have an application that requires Active Directory. In order to
> provide SSO, the application gets a user certificate from AD and, as I
> understand, uses it towards a RHEL machine as a smart card. I installed
> AD's ca certifi
Hi,
We have an application that requires Active Directory. In order to
provide SSO, the application gets a user certificate from AD and, as I
understand, uses it towards a RHEL machine as a smart card. I installed
AD's ca certificates on the RHEL client and it works when sssd.conf is
all conf
