On Thu, Jun 23, 2022 at 5:07 PM Christian Heimes via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On 23/06/2022 13.30, Serge Krawczenko via FreeIPA-users wrote:
> > kinit -kt keytab file
> > ldapsearch -Q -Y GSSAPI -h localhost
> > ipa
> >
&
On Wed, Jun 22, 2022 at 5:43 PM Rob Crittenden wrote:
> Serge Krawczenko via FreeIPA-users wrote:
> > keytab file for user principal
> > ipa-getkeytab -p user@REALM -k keytab.file
> >
> > in order to initiate it like
> > kinit -kt keytab.file
> >
> >
keytab file for user principal
ipa-getkeytab -p user@REALM -k keytab.file
in order to initiate it like
kinit -kt keytab.file
and they perform ldapsearch -Y or ipa from scripts for
example
and the questions are:
how could ipa-getkeytab corrupt the entire kerberos subsystem?
what is the proper wa
in the existing state
to RHEL8/Whatever recent IPA version?
Thank you
On Tue, May 24, 2022 at 7:57 PM Rob Crittenden wrote:
> This sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1779984
>
> 'pki-server cert-fix' fails when CS.cfg parameter
> selftests.container.order.
ary somehow or renew manually ? :(
On Mon, May 23, 2022 at 8:01 PM Rob Crittenden wrote:
> Serge Krawczenko via FreeIPA-users wrote:
> > Hello again
> > I was so hoping the story to end but nope.
> >
> > ipa-cert-fix managed to renew one of the certs
> > but fa
Hello again
I was so hoping the story to end but nope.
ipa-cert-fix managed to renew one of the certs
but failed on the following ones
Enter "yes" to proceed: yes
Proceeding.
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=pki-server cert-fix --ldapi-socket
/va
Great, Rob
I've gotten nearly everything just couple minor clarifications:
You're running into issue https://pagure.io/freeipa/issue/8600 which was
> fixed in 4.9+ so you don't have it. You'll need to work around it in the
> ipa_cert_fix.py code.
>
>
Florence mentioned nsSSLPersonalitySSL: Server
Grateful for your response, Rob
On Tue, May 17, 2022 at 9:41 PM Rob Crittenden wrote:
>
> > sh-4.2# ipa --version
> > VERSION: 4.6.8, API_VERSION: 2.237
> >
> > ipa-cert-fix fails with The ipa-cert-fix command failed, exception:
> > RuntimeError: Failed to get Server-Cert
> > Indeed, it doesn't
8 PM Florence Blanc-Renaud
wrote:
> Hi,
>
> On Mon, May 16, 2022 at 5:19 PM Serge Krawczenko via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>> Greetings,all
>>
>> I've been observing multiple issues for some time, unable to enroll
Greetings,all
I've been observing multiple issues for some time, unable to enroll new
clients etc.
Finally found out that the possible root cause is the expired Server-Cert
cert-pki-ca and therefore pki-tomcat service won't start
Here's the output of getcert list -d /etc/pki/pki-tomcat/alias/
Re
Hello there,
Something went wrong after recent yum update (CentOS 7)
The current version is 4.6.8-5.el7.centos.9
I have two FreeIPA replicas and one Active Directory agreement (winsync)
Here what i'm getting from cn=replicacn=mapping tree,cn=config
nsds5replicaLastUpdateStart: 19700101
11 matches
Mail list logo