Having finished setting up an ipa server and replica, we're trying to test
failover to ensure that HA works as expected. We've been able to verify
the replication agreements and auto-discovery are working, and both servers
are picked up as expected at install time.
That said, we're seeing some od
Hello,
This has been bugging me for awhile but how do I turn off the
"Authentication Required" prompt that pops up on the GUI when I login to
IPA through browser? I can cancel it and lands on the /ipa/ui page but I'd
like to not see it by default.
Also I take it that the prompt is related to Ker
No dice on the rebuild and RUV cleaning. I'm still getting a pile of these on
dc1-van :
[15/Jan/2016:17:55:25 +] NSMMReplicationPlugin -
agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping
update operation with no message_id (uniqueid
6e6784a0-b5c911e5-b1f1cd78-f1
Hi,
We've been testing FreeIPA system for a while now and we're getting
closer to moving it into production.
I'm considering both CA-less and CA-ful installation types. I hope you
guys can help me make my mind and choose the right decision.
What are the pros and cons of each install type?
On 15/01/2016 15:55, Rob Crittenden wrote:
I've re-run ipa-certupdate in verbose mode and I could see that it
removes all certificates in different databases (/etc/httpd/alias,
/etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart
from /etc/pki/pki-tomcat/alias).
Yup, looks li
Peter Pakos wrote:
> On 15/01/2016 15:04, Rob Crittenden wrote:
>> Discussed in IRC last night but for the sake of history, he needed to
>> add the CA's to the dogtag NSS database in
>> /var/lib/pki/pki-tomcat/alias/ with a trust of C,,.
>
> Yes, I added new root certificates to /etc/pki/pki-tomca
On 15/01/2016 15:04, Rob Crittenden wrote:
Discussed in IRC last night but for the sake of history, he needed to
add the CA's to the dogtag NSS database in
/var/lib/pki/pki-tomcat/alias/ with a trust of C,,.
Yes, I added new root certificates to /etc/pki/pki-tomcat/alias and I
was able to star
Peter Pakos wrote:
> On 14/01/2016 18:51, Rob Crittenden wrote:
>> You need to add the new root certs to the pki NSS database.
>
> As far as I can see those 3 new CA certs are already in the database
> (unless you're talking about a different db):
>
> $ certutil -d /etc/pki/nssdb/ -L
>
> Certifi
Petr Spacek wrote:
> On 15.1.2016 08:48, David Kupka wrote:
>> On 14/01/16 22:09, Rob Crittenden wrote:
>>> Prasun Gera wrote:
This is an old thread, but I can confirm that this is still an issue on
RHEL 7.2 + 4.2. This creates problems when there are roles associated
with groups, bu
Yeah, I think we should produce a How To on FreeIPA.org as this is what many
people would look for. It was slightly tricky as there were 2 hickups involved:
* SELinux policy bug (WIP)
* ipa-cacert-manage bug where I had to comment one line
Petr/Jan, would you like to create the How To, since you p
Domingues Luis Filipe wrote:
> Hi all,
>
> On our infra, we have two machines running Fedora with FreeIPA installed.
>
> we have an issue with ns-slapd using 100% of CPU after a while. If we
> restart the service, it starts to use all CPU resources after one day.
>
> Outpute of the command strac
This is great. Can you post instructions for getting Let's Encrypt working
on 4.2.x ? I had created a thread, but I eventually got stuck, and it felt
a bit risky to modify low level things on a production system.
This is the thread for reference:
https://www.redhat.com/archives/freeipa-users/2015-
Hi all,
On our infra, we have two machines running Fedora with FreeIPA installed.
we have an issue with ns-slapd using 100% of CPU after a while. If we restart
the service, it starts to use all CPU resources after one day.
Outpute of the command strace -c -p running for 4 minutes is:
% time
On 12/18/2015 06:24 PM, Petr Vobornik wrote:
> The FreeIPA team would like to announce FreeIPA v4.3.0 release!
>
> It can be downloaded from http://www.freeipa.org/page/Downloads. The builds
> are
> available for Fedora rawhide. Builds for Fedora 23 are available in the
> official COPR repository
On 15.1.2016 08:48, David Kupka wrote:
> On 14/01/16 22:09, Rob Crittenden wrote:
>> Prasun Gera wrote:
>>> This is an old thread, but I can confirm that this is still an issue on
>>> RHEL 7.2 + 4.2. This creates problems when there are roles associated
>>> with groups, but group membership through
On 01/15/2016 08:32 AM, Nathan Peters wrote:
I think I've finally started to make some progress on this. I did a lot of
googling and found some stuff to run manually in 389 ds through ldapmodify
commands to clean RUVs. During this process the server crashed and when it
came back online, sud
16 matches
Mail list logo