On 01/07/2015 06:36 AM, Ben .T.George wrote:
HI
If i check IPA client machine enrolled with ipa-client, the krb5.conf
file looks like below:
[root@kwttestmrbs001 krb5.include.d]# more /etc/krb5.conf
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdef
Ben .T.George wrote:
> HI
>
> thanks for the replay.
>
> i was trying for keytab and getting below error.
>
> [root@kwtpocpbis01 ~]# ipa-getkeytab -s kwtpocpbis01.solipa.local -p
> host/kwttestsolaris10.solipa.local -k /tmp/krb5.keytab -e des-cbc-crc
> Operation failed! All enctypes provided are
Andrew Chin wrote:
> Hello,
> I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed
> certificate to one signed by a commercial CA that browsers will recognize.
>
> The documentation at
> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP says
> "The certi
On 01/07/2015 02:21 PM, Sumit Bose wrote:
On Wed, Jan 07, 2015 at 01:22:36PM -0500, Brad House wrote:
I have a need to 'kinit' from within a cygwin environment in order to
perform an svn checkout over ssh. However, I can't figure out how to
get this to work properly with FreeIPA. We had a MIT
On Wed, Jan 07, 2015 at 01:22:36PM -0500, Brad House wrote:
> I have a need to 'kinit' from within a cygwin environment in order to
> perform an svn checkout over ssh. However, I can't figure out how to
> get this to work properly with FreeIPA. We had a MIT kerberos/
> OpenLDAP authentication sys
I have a need to 'kinit' from within a cygwin environment in order to
perform an svn checkout over ssh. However, I can't figure out how to
get this to work properly with FreeIPA. We had a MIT kerberos/
OpenLDAP authentication system prior to using FreeIPA and we had it
working there.
The window
Hello all,
Just an update on this issue for anyone else who experiences a similar issue.
It looks like the automatic renewal of the certificates failed on our
master due the certmonger service being "stuck". I stopped the
service, stopped IPA services, and then reset the date to a few days
prior
Still struggling with this...
$ sudo /sbin/service pe-puppet restart
[sudo] password for rundeck:
Stopping puppet: [ OK ]
Starting puppet: [ OK ]
So it asks for the password even though, via FreeIPA it isn't
On 01/07/2015 04:42 PM, Janelle wrote:
> Indeed you are correct - it was NOT the problem.
Good!
> Double checking the logs -
> showed an old ca.crt file from a previous install (something that should be
> done in the "uninstall" jobs - remove ALL the old folders, including /etc/ipa
> which has ol
Here is the snippet with the error:
2015-01-07T14:04:57Z DEBUG Adding CA certificates to the IPA NSS database.
2015-01-07T14:04:57Z DEBUG Starting external process
2015-01-07T14:04:57Z DEBUG args='/usr/bin/certutil' '-d'
'/etc/ipa/nssdb' '-A' '-n' 'ANOTHER.COM IPA CA' '-t' 'CT,C,C'
2015-01-07T1
Indeed you are correct - it was NOT the problem. Double checking the
logs - showed an old ca.crt file from a previous install (something that
should be done in the "uninstall" jobs - remove ALL the old folders,
including /etc/ipa which has old certs, etc.)
Thanks for the tip to look elsewhere
On 01/07/2015 02:51 PM, Janelle wrote:
> Hello fellow IPAers
>
> I know this has been written about before - the python scripts and
> fedora-domain vs rhel-domain on RHEL/CentOs 7. The question is - was there a
> permanent fix yet? I continue to run into it during installs and have to edit
> pytho
Hello,
I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed
certificate to one signed by a commercial CA that browsers will recognize.
The documentation at
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP says "The
certificate in mysite.crt must be sign
Hello fellow IPAers
I know this has been written about before - the python scripts and
fedora-domain vs rhel-domain on RHEL/CentOs 7. The question is - was
there a permanent fix yet? I continue to run into it during installs and
have to edit python files to get the client install to not error
HI
If i check IPA client machine enrolled with ipa-client, the krb5.conf file
looks like below:
[root@kwttestmrbs001 krb5.include.d]# more /etc/krb5.conf
#File modified by ipa-client-install
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = SOLIPA.LOCAL
dns_looku
Hello all,
With increasing number of blogs and articles about FreeIPA, it is sometimes
difficult to keep track of all of them.
To help you - users interested in the FreeIPA project - we started a brand new
FreeIPA Planet blog aggregator:
http://planet.freeipa.org/
On this page, you can periodic
Hi List
correct me if i am wrong.
currently my client krb5.conf holding AD details. and my client is Solaris
here is my file.
bash-3.2# more /etc/krb5/krb5.conf
[libdefaults]
default_realm = KWTTESTDC.COM
[realms]
KWTTESTDC.COM = {
kdc = kwttestdc001.kwttestdc.com:88
admin_server = kwttestdc00
17 matches
Mail list logo