On 01/13/2014 12:53 AM, Charlie Derwent wrote:
On Sun, Jan 12, 2014 at 11:01 PM, Dmitri Pal d...@redhat.com wrote:
On 01/11/2014 09:20 AM, Charlie Derwent wrote:
Hi
I'm experiencing an issue trying to use ipa-getcert on my IPA clients.
When I run a command similar to this
Martin,
Sorry for the late reply.
Thanks for spotting this. I suspect I cannot just change ldap in our IPA.
This is part of a production environment consisting solely of supported
RHEL 6.4 servers. I can snapshot the IPA servers (they are VM's) to be able
to roll back in case of trouble, but I
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts in the
IPA WEBUI on any of the IPA servers says Certificate format error: [Errno
-8015] error (-8015)
unknown.
I also notice that hosts says the certificate system is unavailable.
certmonger:
Hi there,
We have a working authentication system for GNU/Linux consisting in a Mit
Kerberos Server, and an OpenLDAP directory with a particular structure. I
was wondering if we could use Freeipa to administer those working
components as they are, without having to deploy a new Freeipa server
On Mon, 13 Jan 2014, tizo wrote:
Hi there,
We have a working authentication system for GNU/Linux consisting in a Mit
Kerberos Server, and an OpenLDAP directory with a particular structure. I
was wondering if we could use Freeipa to administer those working
components as they are, without having
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts in the
IPA WEBUI on any of the IPA servers says Certificate format error: [Errno
-8015] error (-8015)
unknown.
I also notice that hosts says the certificate system is
Ok, that's up to your preference.
The hotfix below worked for me in my test environment and is pretty low risk.
But of course, it is not RHEL rubber stamped. Eventually, you can evaluate
the fix yourself in a test environment.
HTH,
Martin
On 01/13/2014 02:41 PM, Fred van Zwieten wrote:
Martin,
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts in
the IPA WEBUI on any of the IPA servers says Certificate format error:
[Errno -8015] error
(-8015)
unknown.
On 13.1.2014 15:50, Alexander Bokovoy wrote:
On Mon, 13 Jan 2014, tizo wrote:
Hi there,
We have a working authentication system for GNU/Linux consisting in a Mit
Kerberos Server, and an OpenLDAP directory with a particular structure. I
was wondering if we could use Freeipa to administer those
Sigbjorn Lie wrote:
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts in
the IPA WEBUI on any of the IPA servers says Certificate format error: [Errno
-8015] error
On Mon, January 13, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts
in the IPA WEBUI on any of the IPA
Hi,
Thank you for your prompt reply Rob.
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts in
the IPA WEBUI on any of the IPA servers says Certificate format error:
On Mon, January 13, 2014 16:17, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
Thank you for your prompt reply Rob.
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking
On Mon, Jan 13, 2014 at 04:07:16PM +0100, Sigbjorn Lie wrote:
After I restarted dirsrv, pki-cad and then the httpd on ipa01 the status of
the request is now:
Request ID '20120119194518':
status: CA_UNREACHABLE
ca-error: Server failed request, will retry: 907 (RPC failed at
On 13/01/14 19:13, Nalin Dahyabhai wrote:
On Mon, Jan 13, 2014 at 04:07:16PM +0100, Sigbjorn Lie wrote:
After I restarted dirsrv, pki-cad and then the httpd on ipa01 the status of the
request is now:
Request ID '20120119194518':
status: CA_UNREACHABLE
ca-error: Server failed
This question is really about HA of FreeIPA. I've noticed that new records
cannot be added on the replica server while the primary is down.
Ideally these services should be always available even when the Primary
server is down (for maintenance or other reasons).
Is it possible to have another
Dimitar Georgievski wrote:
This question is really about HA of FreeIPA. I've noticed that new
records cannot be added on the replica server while the primary is down.
Ideally these services should be always available even when the Primary
server is down (for maintenance or other reasons).
Is
Sigbjorn Lie wrote:
On Mon, January 13, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA installation.
Looking up hosts
in the IPA
On 01/13/2014 01:33 PM, Rob Crittenden wrote:
Dimitar Georgievski wrote:
This question is really about HA of FreeIPA. I've noticed that new
records cannot be added on the replica server while the primary is down.
Ideally these services should be always available even when the Primary
server
I've got a strange situation where some of my workstations are
reporting difficulty when sshing to remote systems, but there's no
pattern I can discern. One user's machine can't get to system A, but
I can, though I can't ssh to his workstation directly.
Here's the
On 01/13/2014 02:44 PM, Bret Wortman wrote:
They're definitely different. I deleted the one in the file, then
tried again. It put the bad key back in the file. I blew the whole
file away and the same thing happened. Where is this key coming from
if not from IPA?
Puppet?
On 01/13/2014
I was referring to user accounts, and I believe they require certificates.
With the Primary IPA being down I was not able to create new user entries
on the replica servers.
Hopefully the CA fail-over requirement is addressed in a new release of
FreeIPA.
Thanks,
Dimitar
On Mon, Jan 13, 2014 at
On 01/13/2014 03:01 PM, Dimitar Georgievski wrote:
I was referring to user accounts, and I believe they require
certificates. With the Primary IPA being down I was not able to create
new user entries on the replica servers.
Hm? What kind of error you get? What does HTTP log shows on the
On Mon, Jan 13, 2014 at 02:44:29PM -0500, Bret Wortman wrote:
They're definitely different. I deleted the one in the file, then
tried again. It put the bad key back in the file. I blew the whole
file away and the same thing happened. Where is this key coming from
if not from IPA?
Can you try
On 13/01/14 19:37, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Mon, January 13, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Mon, January 13, 2014 15:58, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I seem to have issues with the certificate system on my IPA
I'm very new to IPA. I run a ODSEE and I need to add in krb5. ODSEE allows
us to store the KRB5 data in ldap, but there is no easy means of keeping
the LDAP and Kerberos password in sync for a given account.
I understand that IPA supplies Kerberos services. But is the krb5 password
the same
From what I understand I use currently...
You can use just LDAP...I'm currently using LDAP/KRB where
supported...and just straight LDAP on applications that don't support KRB
Thank you,
Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax:
On 01/13/2014 05:04 PM, Bob wrote:
I'm very new to IPA. I run a ODSEE and I need to add in krb5. ODSEE
allows us to store the KRB5 data in ldap, but there is no easy means
of keeping the LDAP and Kerberos password in sync for a given account.
I understand that IPA supplies Kerberos services.
Hello,
I manage a suite of machines and services which are used for collaborative
projects with external partners. I want to allow users within our organization
to authenticate with their existing Active Directory accounts, and I have set
up an External Users LDAP directory to establish
On 01/13/2014 06:29 PM, Nordgren, Bryce L -FS wrote:
Hello,
I manage a suite of machines and services which are used for
collaborative projects with external partners. I want to allow users
within our organization to authenticate with their existing Active
Directory accounts, and I have
Hi Dimitri,
Just to be sure I understand.
You have internal users - they are in AD. You have external users - they are
in LDAP.
You merge two directories and you want to replace this setup with IPA.
Yes.
It seems that to support your use case you would need to make the external
users be IPA
In my previous message, I asked about one-way trust with AD to provide a means
of extending our corporate AD with accounts for external cooperators. I
expect this is just a technical matter: either FreeIPA supports it or not, and
there's no conceptual obstacles. So, my password is the same, and
Been banging my head against the wall on this one for a few days, trying to get
a workable configuration for HP ILO to authenticate via FreeIPA.
I have a standard rhel6 environment (64 bit 6.4) with freeipa server
(ipa-3.0.0-37.el6).
The following works for me..
HP ILO4 Firmware 1.22
On Tue, 14 Jan 2014, Nordgren, Bryce L -FS wrote:
In my previous message, I asked about one-way trust with AD to provide
a means of extending our corporate AD with accounts for external
cooperators. I expect this is just a technical matter: either FreeIPA
supports it or not, and there's no
34 matches
Mail list logo