[Freeipa-users] Migration sequencing

2023-10-09 Thread Johnnie W Adams via FreeIPA-users
Hi, folks, We've got a small shop with around a hundred RHEL boxes and a small user base currently authenticating against LDAP using one user naming scheme. Our plan is to migrate these to freeipa (actually Red Hat IdM) with a one-way trust with AD using a different naming scheme. I'm trying

[Freeipa-users] Re: backup / restore

2023-10-09 Thread Frederic Ayrault via FreeIPA-users
Le 09/10/2023 à 16:47, Florence Blanc-Renaud a écrit : Is this your external CA? I assume that its subject conflicts with the default subject name that IPA installer would pick. If that's the case, you can force ipa-ca-install to use a different subject name with the --ca-subject option.

[Freeipa-users] Re: backup / restore

2023-10-09 Thread Florence Blanc-Renaud via FreeIPA-users
Hi, On Mon, Oct 9, 2023 at 10:22 AM Frederic Ayrault wrote: > Bonjour, > > Le 09/10/2023 à 09:42, Florence Blanc-Renaud a écrit : > > Hi, > > On Mon, Oct 9, 2023 at 9:19 AM Frederic Ayrault via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Bonjour, >> >> When I run the

[Freeipa-users] Re: backup / restore

2023-10-09 Thread Frederic Ayrault via FreeIPA-users
Bonjour, Le 09/10/2023 à 09:42, Florence Blanc-Renaud a écrit : Hi, On Mon, Oct 9, 2023 at 9:19 AM Frederic Ayrault via FreeIPA-users > wrote: Bonjour, When I run the command, I get this message CA is not configured on this system

[Freeipa-users] Re: backup / restore

2023-10-09 Thread Florence Blanc-Renaud via FreeIPA-users
Hi, On Mon, Oct 9, 2023 at 9:19 AM Frederic Ayrault via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Bonjour, > > When I run the command, I get this message > > CA is not configured on this system > The ipa-cacert-manage command failed. > > > "replace our external CA to an

[Freeipa-users] Re: backup / restore

2023-10-09 Thread Frederic Ayrault via FreeIPA-users
Bonjour, When I run the command, I get this message CA is not configured on this system The ipa-cacert-manage command failed. Thank you Regards, Frederic Frédéric AYRAULT Administrateur Systèmes et Réseaux Laboratoire d'Informatique de l'Ecole polytechnique

[Freeipa-users] Re: backup / restore

2023-10-09 Thread Mohammad Rizwan Yusuf via FreeIPA-users
Hello, What procedure did you follow to renew your CA from external to self-signed. Please look at the this doc https://www.freeipa.org/page/V4/CA_certificate_renewal#ca-certificate-management-utility $ ipa-cacert-manage renew --self-signed Above command should renew CA to self-signed On