W dniu 27.08.2015 o 15:18, Rob Crittenden pisze:
Mateusz Małek wrote:
We're trying to adjust FreeIPA to our environment... quite a bit. Here
are some bullet points:
(...)
3. Passwords need to be generated automatically, so user administrator
won't be required to invent them for every single us
I suspect that was the issue -
Of course moved on to something else (hostname removed)
Request ID '20140520151448':
status: CA_UNREACHABLE
ca-error: Server at https://ldapserver/ipa/xml failed request, will
retry: 4301 (RPC failed at server. Certificate operation cannot be
comple
Mike LoSapio wrote:
Hey there -
I’m working a FreeIPA box (ipa-server-3.0.0-42) - Our original PKI
“master” was nuked a while ago and I have a suspicion that none of the
other “master” freeipa replicas were “promoted” (sorry for the over-use
of “ )
So we went ahead and ran through these instru
Hey there -
I¹m working a FreeIPA box (ipa-server-3.0.0-42) - Our original PKI ³master²
was nuked a while ago and I have a suspicion that none of the other ³master²
freeipa replicas were ³promoted² (sorry for the over-use of ³ )
So we went ahead and ran through these instructions and are curren
Hmm, please forgive me.
It appears that sshd was NOT running on hadron.
I HAD checked before, but ... I don't know... a big ball of wibbily wobbly
timey wimey...stuff must have happened.
Sorry for the waste of time.
On 28 August 2015 at 17:10, Roberto Cornacchia wrote:
> Hi,
>
> I have two hos
> Le 28 août 2015 à 17:41, Alexander Bokovoy a écrit :
>
> On Fri, 28 Aug 2015, Alexandre Ellert wrote:
>>
>>> Le 28 août 2015 à 17:09, Alexander Bokovoy a écrit :
>>>
>>> On Wed, 26 Aug 2015, Alexandre Ellert wrote:
> Le 28 juil. 2015 à 05:59, Alexander Bokovoy a écrit
> :
>>
On 08/28/2015 10:41 AM, Jan Pazdziora wrote:
That's new feature in FreeIPA 4.2:
http://www.freeipa.org/page/V4/User_Certificates
I'm glad to see that's being added.
I have IPA 3.0 on CentOS 6 (on a 32-bit system), so I won't be able to
use that feature.
I'm basically asking if there
On Fri, 28 Aug 2015, Ian Pilcher wrote:
On 08/28/2015 10:35 AM, Alexander Bokovoy wrote:
This is all explained in the official guide:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/service-certificates.html
I
On Fri, 28 Aug 2015, Alexandre Ellert wrote:
Le 28 août 2015 à 17:09, Alexander Bokovoy a écrit :
On Wed, 26 Aug 2015, Alexandre Ellert wrote:
Le 28 juil. 2015 à 05:59, Alexander Bokovoy a écrit :
If the problem is too hard to solve, maybe I should try to deploy another
replica ?
You ma
On Fri, Aug 28, 2015 at 10:38:46AM -0500, Ian Pilcher wrote:
> On 08/28/2015 10:35 AM, Alexander Bokovoy wrote:
> >This is all explained in the official guide:
> >https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/serv
On 08/28/2015 10:35 AM, Alexander Bokovoy wrote:
This is all explained in the official guide:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/service-certificates.html
I guess I should have been more clear. I n
> Le 28 août 2015 à 17:09, Alexander Bokovoy a écrit :
>
> On Wed, 26 Aug 2015, Alexandre Ellert wrote:
>>
>>> Le 28 juil. 2015 à 05:59, Alexander Bokovoy a écrit :
If the problem is too hard to solve, maybe I should try to deploy another
replica ?
>>> You may try that. Sorry for not
On Fri, 28 Aug 2015, Ian Pilcher wrote:
I need to create a few client certificates, and I'd like to use my pre-
existing IPA CA.
Is there a simple way to do this?
This is all explained in the official guide:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Dom
On Fri, Aug 28, 2015 at 05:10:31PM +0200, Roberto Cornacchia wrote:
> Hi,
>
> I have two hosts, "photon" and "hadron", and an LDAP user "roberto".
> The user can login successfully on both machines.
>
> The SSH pub key is uploaded
> .
> Running "sss_ssh_authorizedkeys roberto" from both clients r
I need to create a few client certificates, and I'd like to use my pre-
existing IPA CA.
Is there a simple way to do this?
Thanks!
--
Ian Pilcher arequip...@gmail.com
"I gre
On Fri, 28 Aug 2015, Roberto Cornacchia wrote:
Hi,
I have two hosts, "photon" and "hadron", and an LDAP user "roberto".
The user can login successfully on both machines.
The SSH pub key is uploaded
.
Running "sss_ssh_authorizedkeys roberto" from both clients returns the same
key.
Port 22 is op
You could try this (RH recommended way). It works for me better than
cleanallruv.pl as this sometimes leads to ldap freeze)
unable to decode: {replica 30} 5548fa20001e 5548fa20001e
unable to decode: {replica 26} 5548a9a8001a 5548a9a8001a
for all of them, on-by-one:
Hi,
I have two hosts, "photon" and "hadron", and an LDAP user "roberto".
The user can login successfully on both machines.
The SSH pub key is uploaded
.
Running "sss_ssh_authorizedkeys roberto" from both clients returns the same
key.
Port 22 is open on both clients, sshd is running on both clien
On Wed, 26 Aug 2015, Alexandre Ellert wrote:
Le 28 juil. 2015 à 05:59, Alexander Bokovoy a écrit :
If the problem is too hard to solve, maybe I should try to deploy another
replica ?
You may try that. Sorry for not responding, I have some other tasks that
occupy my time right now.
Can yo
Hi Janelle,
Using the cleanallruv.pl tool was the only way I was able to get ride of
the "unable to decode: {replica x}" entries.
This is how I used it, cleaning a replica ID at a time:
# For replica id: 40
cleanallruv.pl -v -D "cn=directory manager" -w - -b 'dc=example,dc=com' -r
40
Note that t
20 matches
Mail list logo