[Freeipa-users] Urgent Help Needed - CA subsystem certificate renewal

Dear All, In our Issuing CA, all the subsystem certificates are expired except the caSigningCert. I can generate the new certificate requests via certutil, but how can i get them signed? your swift response is appreciated. Regards, Kamal -- Manage your subscription for the Freeipa-users mailin

Re: [Freeipa-users] Unable to Login until Trust is Repaired

On 11/13/2014 08:37 AM, Jonathan Bradford wrote: > 3.0 is a pretty old version, I mean a lot has changed in trust area between 3.0 and 3.3. > Any chance you can use that? > What distro do you use? I'm not sure if I can use a newer version. I'm using RHEL Server 6.5. I'm connected to a Satellite

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

On 11/13/2014 03:02 AM, Walter van Lille wrote: Thanks Rich, I have installed the packages and run gdb again. Hopefully the attached file is more useful. The symbols are there. However, the server is almost completely idle - no hangs, no deadlocks, no waiting on I/O. You must catch dirsrv w

Re: [Freeipa-users] Synchronization Agreements between FreeIPA and AD

On 11/13/2014 05:14 AM, Сапегин Валерий wrote: Hi Rich! I turned on the log and see the following records [13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - agmt="cn=meTocsbi-it-dc01.csbigroup.ru " (csbi-it-dc01:389): State: start_backoff -> backoff [

Re: [Freeipa-users] Unable to Login until Trust is Repaired

> 3.0 is a pretty old version, I mean a lot has changed in trust area between 3.0 and 3.3. > Any chance you can use that? > What distro do you use? I'm not sure if I can use a newer version. I'm using RHEL Server 6.5. I'm connected to a Satellite server, but it is a disconnected Satellite not allo

Re: [Freeipa-users] Unable to Login until Trust is Repaired

On Wed, 12 Nov 2014, Jonathan Bradford wrote: This is my first post on the IPA mailing list. Hey guys :) I've successfully walked through the IdM Red Hat document on "Integrating with Active Directory Through Cross-Realm Kerberos Trusts" using separate DNS domains. I've reached the part where yo

Re: [Freeipa-users] Unable to Login until Trust is Repaired (Jonathan)

On 11/13/2014 08:15 AM, Jonathan Bradford wrote: Dmitri: Thanks for the reply. > Do you need to repair the trust for every single user or just once? Yes, I have to repair the trust for every new user added to Active Directory who needs access to an IdM resource. Only once per user though. > Wha

Re: [Freeipa-users] Unable to Login until Trust is Repaired (Jonathan)

Dmitri: Thanks for the reply. > Do you need to repair the trust for every single user or just once? Yes, I have to repair the trust for every new user added to Active Directory who needs access to an IdM resource. Only once per user though. > What it is your AD domain topology? My AD topology is

Re: [Freeipa-users] Synchronization Agreements between FreeIPA and AD

Hi Rich! I turned on the log and see the following records [13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - agmt="cn= meTocsbi-it-dc01.csbigroup.ru" (csbi-it-dc01:389): State: start_backoff -> backoff [13/Nov/2014:14:27:02 +0300] - acquire_replica, supplier RUV: [13/Nov/2014:14:27:02 +0300] N

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

Hmm, the symbols are there now, but all threads are idle, DS is just waiting on work to do. Which client do you expect to connect to DS, maybe you need to debug this client. On 11/13/2014 11:02 AM, Walter van Lille wrote: Thanks Rich, I have installed the packages and run gdb again. Hopefully

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

On Thu, 13 Nov 2014, Andreas Ladanyi wrote: Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x ipa-setup-override-restrictions Please don't do this, use the

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

>> Hi, >> >> I set up the 389 LDAP server to support des-cbc-crc enctype. >> >> I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 >> (single-DES). I created the principal with: >> >> kadmin.local -x ipa-setup-override-restrictions > Please don't do this, use the ipa service-add and ipa