[Freeipa-users] Re: Cannot retrieve CRL from new EL9 IPA replica

On 4/11/24 09:03, Florence Blanc-Renaud wrote: > Hi, > > On Thu, Apr 11, 2024 at 12:34 AM Orion Poplawski via FreeIPA-users > <mailto:freeipa-users@lists.fedorahosted.org>> wrote: > > I've just added an EL9 IPA replica into our domain.  I seems to general

[Freeipa-users] Cannot retrieve CRL from new EL9 IPA replica

I've just added an EL9 IPA replica into our domain. I seems to generally be working fine, but trying to download the MasterCRL.bin fails: ==> /var/log/httpd/access_log <== 10.20.0.37 - - [10/Apr/2024:14:13:17 -0700] "GET /ipa/crl/MasterCRL.bin HTTP/1.1" 301 293 "-" "curl/7.76.1" ==> /var/log/htt

[Freeipa-users] Re: Show expiring certificates issued by IPA CA

On 1/20/23 15:39, Rob Crittenden wrote: > Jochen Kellner via FreeIPA-users wrote: >> Orion Poplawski via FreeIPA-users >> writes: >> >>> Does anyone know of a script or way to get a list of certificates issued by >>> the IPA CA that are about to expire? &

[Freeipa-users] Show expiring certificates issued by IPA CA

Does anyone know of a script or way to get a list of certificates issued by the IPA CA that are about to expire? Thanks. -- Orion Poplawski IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or.

[Freeipa-users] Re: ipa-replica-install fails

On 6/18/20 12:55 PM, Rob Crittenden wrote: > Orion Poplawski via FreeIPA-users wrote: >> I'm trying run ipa-replica-install on a non-IPA joined CentOS 8.2 system: >> >> ipa-replica-install --principal admin --admin-password='SECRET' >> >> Configuring

[Freeipa-users] ipa-replica-install fails

I'm trying run ipa-replica-install on a non-IPA joined CentOS 8.2 system: ipa-replica-install --principal admin --admin-password='SECRET' Configuring client side components This program will set up IPA client. Version 4.8.4 Using existing certificate '/etc/ipa/ca.crt'. Skip SERVER1: cannot verif

[Freeipa-users] Re: Strange ipa group-add gid behavior

On 4/30/19 2:51 PM, Alexander Bokovoy wrote: > On ti, 30 huhti 2019, Orion Poplawski wrote: >> On 4/30/19 2:14 PM, Rob Crittenden wrote: >>> Orion Poplawski via FreeIPA-users wrote: >>>> On 4/30/19 2:00 PM, Alexander Bokovoy wrote: >>>>> On ti, 30

[Freeipa-users] Re: Strange ipa group-add gid behavior

On 4/30/19 2:14 PM, Rob Crittenden wrote: > Orion Poplawski via FreeIPA-users wrote: >> On 4/30/19 2:00 PM, Alexander Bokovoy wrote: >>> On ti, 30 huhti 2019, Orion Poplawski via FreeIPA-users wrote: >>>> We're seeing some strange gid assignment behavior.  Whe

[Freeipa-users] Re: Strange ipa group-add gid behavior

On 4/30/19 2:00 PM, Alexander Bokovoy wrote: > On ti, 30 huhti 2019, Orion Poplawski via FreeIPA-users wrote: >> We're seeing some strange gid assignment behavior.  When I run ipa group-add >> on one ipa client I get gids in the expected range for my domain >> (8000-100

[Freeipa-users] Strange ipa group-add gid behavior

We're seeing some strange gid assignment behavior. When I run ipa group-add on one ipa client I get gids in the expected range for my domain (8000-1). But when it is run on one of our IPA servers we get numbers like 108500 or 58500. ipa idrange-find reports what I would expect everywhere: #