Re: [Freeipa-users] can't register new clients

It failed again. [root@cache2-uat ~]# certutil -L -d sql:/etc/pki/nssdb Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI [root@cache2-uat ~]# Not sure if its related, but on the director

Re: [Freeipa-users] can't register new clients

Megan . wrote: > Sorry for being unclear. It still fails. Same error. Hmm, strange. Try being explicit about sql: # certutil -L -d sql:/etc/pki/nssdb And if there is a CA cert there, delete it. rob > > On Dec 5, 2014 4:39 PM, "Rob Crittenden" > wrote: > > Me

Re: [Freeipa-users] Cross-Realm authentification

On 5.12.2014 21:53, Alexander Bokovoy wrote: > On Fri, 05 Dec 2014, Alexander Bokovoy wrote: >> On Fri, 05 Dec 2014, Petr Spacek wrote: >>> On 5.12.2014 15:21, Andreas Ladanyi wrote: Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy: > >>> Ok, i see one difference: i didnt use

Re: [Freeipa-users] can't register new clients

Rob Crittenden wrote: > Megan . wrote: >> Good Day! >> >> I am getting an error when i register new clients. >> >> libcurl failed to execute the HTTP POST transaction. SSL connect error >> >> I can't find anything useful not the internet about the error. Can >> someone help me troubleshoot? >> >>

Re: [Freeipa-users] Cross-Realm authentification

On Fri, 05 Dec 2014, Alexander Bokovoy wrote: On Fri, 05 Dec 2014, Petr Spacek wrote: On 5.12.2014 15:21, Andreas Ladanyi wrote: Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy: Ok, i see one difference: i didnt use the "-requires_preauth" flag. Why did you use them ? Because this is rec

Re: [Freeipa-users] can't register new clients

Megan . wrote: > Good Day! > > I am getting an error when i register new clients. > > libcurl failed to execute the HTTP POST transaction. SSL connect error > > I can't find anything useful not the internet about the error. Can > someone help me troubleshoot? > > CentOS 6.6 x64 > ipa-client-

[Freeipa-users] can't register new clients

Good Day! I am getting an error when i register new clients. libcurl failed to execute the HTTP POST transaction. SSL connect error I can't find anything useful not the internet about the error. Can someone help me troubleshoot? CentOS 6.6 x64 ipa-client-3.0.0-42.el6.centos.x86_64 ipa-server

Re: [Freeipa-users] Cross-Realm authentification

On Fri, 05 Dec 2014, Petr Spacek wrote: On 5.12.2014 15:21, Andreas Ladanyi wrote: Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy: Ok, i see one difference: i didnt use the "-requires_preauth" flag. Why did you use them ? Because this is recommended by MIT documentation. The link between

Re: [Freeipa-users] [Freeipa-interest] Announcing FreeIPA 4.1.2 - NEED HELP WITH 2FA/OTP!!!

Hello, WE NEED HELP! The biggest and the most interesting feature of FreeIPA 4.1.2 is support for the two factor authentication using HOTP/TOTP compatible software tokens like FreeOTP (open source compatible alternative to Google Authenticator) and hardware tokens like Yubikeys. This feature a

Re: [Freeipa-users] sudo utilizing sssd rhel6.6

Thank you both. I was able to get this working by just adding the sudo_provider = ipa to sssd.conf. I removed all the ldap_uri and krb5_server lines to keep the file tidier. I had read service discovery works with sssd but was told by Redhat support it does not. I am happy to hear it does as it

Re: [Freeipa-users] Cross-Realm authentification

On 5.12.2014 15:21, Andreas Ladanyi wrote: > Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy: >> > Ok, i see one difference: i didnt use the "-requires_preauth" flag. Why did you use them ? >>> Because this is recommended by MIT documentation. The link between >>> realms has to be pr

Re: [Freeipa-users] Cross-Realm authentification

Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy: > >>> Ok, i see one difference: i didnt use the "-requires_preauth" flag. Why >>> did you use them ? >> Because this is recommended by MIT documentation. The link between >> realms has to be protected well, including preauth and good passwords

Re: [Freeipa-users] Cross-Realm authentification

On Fri, 05 Dec 2014, Alexander Bokovoy wrote: On Fri, 05 Dec 2014, Andreas Ladanyi wrote: I'm also getting errors but they are different to yours. Here is what I did: (on master.f21.test, realm F21.TEST): [root@master ~]# kadmin.local -x ipa-setup-override-restrictions -r F21.TEST Authenticat

Re: [Freeipa-users] Cross-Realm authentification

On Fri, 05 Dec 2014, Andreas Ladanyi wrote: I'm also getting errors but they are different to yours. Here is what I did: (on master.f21.test, realm F21.TEST): [root@master ~]# kadmin.local -x ipa-setup-override-restrictions -r F21.TEST Authenticating as principal root/ad...@f21.test with passw

Re: [Freeipa-users] Cross-Realm authentification

> I'm also getting errors but they are different to yours. Here is what I > did: > > (on master.f21.test, realm F21.TEST): > [root@master ~]# kadmin.local -x ipa-setup-override-restrictions -r > F21.TEST > Authenticating as principal root/ad...@f21.test with password. > kadmin.local: addprinc -re

Re: [Freeipa-users] strange error - disconnecting a replica?

On 12/05/2014 10:00 AM, Martin Kosek wrote: On 12/03/2014 06:23 PM, Janelle wrote: Hi all.. Was on vacation - now I'm back. Have a new problem I thought I would run by you -- I have replica agreements between a server and 3 others. They all show up in ipa-replica-manage list, BUT when I tr

Re: [Freeipa-users] strange error - disconnecting a replica?

On 12/05/2014 10:00 AM, Martin Kosek wrote: On 12/03/2014 06:23 PM, Janelle wrote: Hi all.. Was on vacation - now I'm back. Have a new problem I thought I would run by you -- I have replica agreements between a server and 3 others. They all show up in ipa-replica-manage list, BUT when I try to

Re: [Freeipa-users] strange error - disconnecting a replica?

On 12/05/2014 10:03 AM, thierry bordaz wrote: On 12/05/2014 10:00 AM, Martin Kosek wrote: On 12/03/2014 06:23 PM, Janelle wrote: Hi all.. Was on vacation - now I'm back. Have a new problem I thought I would run by you -- I have replica agreements between a server and 3 others. They all sho

Re: [Freeipa-users] strange error - disconnecting a replica?

On 12/03/2014 06:23 PM, Janelle wrote: Hi all.. Was on vacation - now I'm back. Have a new problem I thought I would run by you -- I have replica agreements between a server and 3 others. They all show up in ipa-replica-manage list, BUT when I try to disconnect one of them : ipa: INFO: Replic