RHEL 8.1 client
On 1/10/20 4:08 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> [root@client01 ~]# rpm -qa openldap
> openldap-2.4.46-10.el8.x86_64
>
> [root@server2 ~]# certutil -L -d /etc/dirsrv/slapd-IPA-DOMAIN-ORG -n
> Server-Cert
> Certificate:
> Data:
&
list ; Christian Heimes
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Re: Problem adding a RHEL 8.1 client
On 1/10/20 2:55 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello Christian,
>
> It is an standard installation.
>
> [root@server2 ~]# cat /proc/sys/crypto/fips_
ject: Re: [Freeipa-users] Re: Problem adding a RHEL 8.1 client
On 10/01/2020 12.49, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Seems that I have found the problem. It is TLSv1.3, I have tried to connect
> with TLSv1.2 and connection was OK:
Hi,
is the IPA server on RHEL 7.7 in FIPS mod
INFO - slapd_daemon -
> Listening on /var/run/slapd-IPA-DOMAIN-ORG.socket for LDAPI requests
> [10/Jan/2020:08:54:02.506101255 +0100] - ERR - set_krb5_creds - Could
> not get initial credentials for principal
> [ldap/server2.ipa.domain@ipa.domain.org] in keytab
> [FILE:/etc/dirsr
ES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
Thanks & Regards.
-Original Message-
From: Florence Blanc-Renaud
Sent: Thursday, January 09, 2020 21:06
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Problem adding a RHEL 8.1 client
On 1/9
Florence Blanc-Renaud
Sent: Thursday, January 09, 2020 21:06
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Problem adding a RHEL 8.1 client
On 1/9/20 4:07 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello,
>
> I'm trying to add a RHEL 8.1
nuary 09, 2020 21:06
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Problem adding a RHEL 8.1 client
On 1/9/20 4:07 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello,
>
> I'm trying to add a RHEL 8.1 client with the following spec:
>
>
Hello,
I'm trying to add a RHEL 8.1 client with the following spec:
OS: RHEL 8.1 (Ootpa)
IPA: ipa-client-4.8.0-10
SSSD: sssd-2.2.0-19.el8.x86_64
My IDM server has:
OS: RHEL 7.7 (Maipo)
IPA: ipa-server-4.6.5-11.el7_7.3
SSSD: sssd-1.16.4-21.el7_7.1
When I try to add the client using "ipa-client-in
Hi,
Thanks for the tip.
I try to login executing: ssh -l USER@AD.DOMAIN HOSTNAME
Unfortunately I have tested with:
LOGIN_TIMEOUT 90
And also changing on sshd_conf:
LogLevel DEBUG3
ClientAliveInterval 600
LoginGraceTime 600
ClientAliveCountMax 3
And on sssd.conf:
ldap_enumeration_search_timeout
Hello,
AFAIK you should create a replica on the VPS (with all the IPA services that
have the actual server) and once it will be ready, you should decommission the
actual server.
Thanks & Regards.
___
FreeIPA-users mailing list -- freeipa-users@lists.f
Hello,
I don't think it is a good idea to create a IPA posix group with the same GID.
I think the best option is adding the IPA user to the local group as you tried
to do. The only problem is that you used the short username, and you need to
use username@domain. Something like this:
# groupmems
Hello,
We execute a script after any server creation that uses the FreeIPA API for
adding the sever to the proper Hostgroup. As we already have the HBAC rules
created with the hostgroups, the teams that should access to the servers are
allowed automatically.
Regards.
_
hello,
I have 3 IDM clusters with RHEL 7.5 and ipa-server-4.5.4-10 (they are
independents, 1 for my company and other 2 for 2 clients), with domain names:
1) ipa.mydomain.com
2) ipa.client1_domain.com
3) ipa.client2_domain.com
All of them have a trust with an AD domain:
1) ad-domain.mydomain.com
Hello again,
I have resolved the problem myself.
Following https://access.redhat.com/solutions/659243 the sssd cache must be
erased using:
service sssd stop; rm -f /var/lib/sss/db/*; service sssd start
seems that the way I used "sss_cache -E" doesn't work on this.
Thanks & Regards.
From: SOLE
hello,
I have a IDM cluster (Master + Replica) verison 4.5.4 on REHL 7.4. I have
created a trust with an AD 2016 domain AD.COMPANY.ORG. Some users are working
properly, but I created a new AD user and it is not working. Checking on the
sssd logs I found:
[sdap_idmap_sid_to_unix] (0x0040): Objec
ogin on ipa.mydomain.com services. Is that possible?
That's the reason because I'm thinking that "Selective authentication" can be
de problem.
Regards.
On ke, 30 tammi 2019, SOLER SANGUESA Miguel via FreeIPA-users wrote:
>Hello,
>I have 2 AD domains on windows 2016 w
Hello,
I have 2 AD domains on windows 2016 with a forest trust, two-way, and
"Selective authentication":
mydomain.com <--trust--> other.company.org
Now I have built an IDM instance on RHEL 7.5 and IPA version 4.5.4 on the
subdomain "ipa.mydomain.com". I need to use users from the 2 domains above
Yes, it is clear. Thank you very much.
On 1/11/19 12:12 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> You are right, on the client /etc/ipa/ca.crt has just the IPA CA, but on the
> servers it has 3 certificates:
> - IPA CA
> - ICC-inter
> - ICC-root
>
> The w
rtificates. Can
you please let me know the correct way?
3) if it is a bug. Has been fixed on newer releases or it is planned on future
releases?
Thank you very much.
On 1/10/19 3:24 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Ipa cert-show is working now after copying the certifi
ct: Re: [Freeipa-users] Re: Testing requested - certificate checking tool
On 1/9/19 4:21 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello,
>
> Now it works and it shows the real problem I have. I have 2 master, I have
> changed the HTTP certificate on both (using ipa-c
n
Sent: Thursday, January 03, 2019 21:22
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Re: Testing requested - certificate checking tool
Rob Crittenden via FreeIPA-users wrote:
> SOLER SANGUESA Miguel via FreeIPA-users wrote:
>> Hello,
>>
>&
Hello,
I have run the tool on an environment where I've installed my own certificate
for HTTPS (following this tutorial:
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP), and it
complains when find the root certificate of my certificate:
# python2 ipa-checkcerts.py
ipa: I
I've been working for 1 year with a configuration that allow us to use AD users
with short names for login on RHEL 6 clients and also the information on the
client was showed with shortnames. Example:
ssh AD_user@IDM_client1.mydomain.com
PASSWORD:
[AD_user@IDM_client1 ~]$ ls -la
total 60
drwxr-x
Seems it will work on RHEL 7.6. but you must configure it on the IPA client.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https:/
Cc: Rob Crittenden ; SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Re: How to use HBAC rules on services where is
used Ipsion
On ke, 11 heinä 2018, SOLER SANGUESA Miguel via FreeIPA-users wrote:
>I have added the service on IPA and changed on the HBAC rule form "any
>servi
2018 14:08
To: FreeIPA users list
Cc: Rob Crittenden ; SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Re: How to use HBAC rules on services where is
used Ipsion
On ke, 11 heinä 2018, SOLER SANGUESA Miguel via FreeIPA-users wrote:
>I have added the service on IPA and changed on the HB
kovoy
Sent: Tuesday, July 10, 2018 15:31
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel ; Rob Crittenden
Subject: Re: [Freeipa-users] Re: How to use HBAC rules on services where is
used Ipsion
On ti, 10 heinä 2018, Rob Crittenden via FreeIPA-users wrote:
>SOLER SANGUESA Miguel via FreeIP
I have added the service on IPA and changed on the HBAC rule form "any service"
to "ipsilon", but now I can not login on ipsilon.
Also I've checked that there is no '/etc/pam.d/ipsilon' file
Thanks & Regards.
__
Miguel Soler Sangüesa
Consultant - Linux Systems Administ
Hello,
RHEL 7.5 with IPA server 4.5.4
RHEL 7.5 with IPA client 4.5.4 for installing Ipsilon from RHEL repositories
(v1.0.0) and added manually patch:
https://pagure.io/ipsilon/pull-request/44#request_diff
I have configured Jira with the plugin for SAML2 (SAML Single Sign On (SSO)
Jira,
SAML/S
I changed using this procedure:
Change DM password
You will have to edit the main server config file (dse.ldif). Before you do
that, you must shutdown the server. If the server is running and you edit
dse.ldif, your changes will be lost:
# stop-dirsrv
Next, generate the new password using the
ject: Re: [Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0
(RHEL 7.4) to 4.5.4 (RHEL 7.5)
SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello,
>
> Thanks for your instructions, step to step seems it is improving.
> Unfoutunately it is not solve yet, now I have t
4.so
>>> #5 0x7f5bd21f8dd5 in start_thread () at /lib64/libpthread.so.0
>>> #6 0x7f5bd18a5b3d in clone () at /lib64/libc.so.6 Thread 6
>>> (Thread 0x7f5ba5540700 (LWP 15587)):
>>> #0 0x00007f5bd21fc945 in pthread_cond_wait@@GLIBC_2.3.2 () at
>>&g
d2858c8b in _pt_root () at /lib64/libnspr4.so
> #15 0x7f5bd21f8dd5 in start_thread () at /lib64/libpthread.so.0
> #16 0x7f5bd18a5b3d in clone () at /lib64/libc.so.6 Thread 2
> (Thread 0x7f5ba30ff700 (LWP 15606)):
> #0 0x7f5bd21fc2ae in pthread_rwlock_wrlock () at
> /lib64
numResponses: 2
>> # numEntries: 1
>>
>> Thanks & Regards.
>> __
>> -Original Message-
>> From: Rob Crittenden
>> Sent: Tuesday, May 01, 2018 15:18
>> To: FreeIPA users list
>> Cc: SOLER SANGUESA Miguel
nds on how much work it has to do.
The 389-ds access and/or error logs may provide details.
rob
>
> Thanks.
>
> -Original Message-
> From: Alexander Bokovoy
> Sent: Tuesday, May 01, 2018 9:56
> To: FreeIPA users list
> Cc: SOLER SANGUESA Miguel
> Subject:
exing task and while 2
hours seems a bit excessive, it depends on how much work it has to do.
The 389-ds access and/or error logs may provide details.
rob
>
> Thanks.
>
> -Original Message-
> From: Alexander Bokovoy
> Sent: Tuesday, May 01, 2018 9:56
> To: FreeIPA u
a services?
Thanks.
-Original Message-
From: Alexander Bokovoy
Sent: Tuesday, May 01, 2018 9:56
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Problem on dirsrv when updating from 4.5.0 (RHEL
7.4) to 4.5.4 (RHEL 7.5)
On ti, 01 touko 2018, SOLER SANGUESA
hello,
I have an IPA master that updated from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5). An
hour later I tried to do the same with the unique replica I have, but after
update dirsrv is not starting.
It says it is needed run "ipa-server-upgrade", but it also fails:
# ipactl start
Upgrade required: ple
hello,
I want to do a one-way AD trust on a multidatacenter environment. This is the
topology (2 AD servers and 2 IPA servers on each location replicated each
other):
DATACENTER1:
AD1dc1.ad.example.com
AD2dc1.ad.example.com
IPA1dc1.ipa.example.com
IPA2dc1.ipa.example.com
DATACENTER2:
AD1dc2.a
39 matches
Mail list logo