Thank you very much Rob.
Let me remove the duplicate certificates and try to renew the certificates
again to see if "*ca-error: Internal error: no response to
"http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert_num=63=true=true
On (22/07/16 10:07), Rob Crittenden wrote:
>Junhe Jian wrote:
>> Hello,
>>
>> i have a problem to change/set the GID.
>>
>> I create a new Group with a GID 999 in GUI not work. IPA generate a new
>> GID within the Range.
>
>You are running into https://fedorahosted.org/freeipa/ticket/2886
>
Sébastien Julliot wrote:
Hi Petr,
Thanks for the documentations. I already had followed the steps from the
NIS migration page, it works, but does not solve my problem, which is to
change *already existing users* passwords.
When trying
ipa user-mod testuser --setattr
Linov Suresh wrote:
Could you please verify, if we have set correct trust attributes on the
certificates
*root@caer ~]# certutil -d /var/lib/pki-ca/alias/ -L*
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
subsystemCert cert-pki-ca
Auerbach, Steven wrote:
I don't think so. The sssd service is running on the client server. But it is configured with
cache_credentials=true. I also notice a key ipa_server = _srv_, ipa02.<>.local.
The thing is, that second name does was replaced a number of months ago by a server named
Hello, as in the link bellow, your help will be appreciated!
https://bugzilla.redhat.com/show_bug.cgi?id=1343796
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Current topology:
ipa-srv1<->ipa-srv2
ipa-srv1 already has CA installed but NOT ipa-srv2.
The reason I would like to add CA on ipa-srv2 is because I want the setup to
ultimately become ipa-srv2<->ipa-srv2<->ipa-srv3
however I am unable to create gpg replication file on ipa-srv2 (to be used to
Hello List,
what is the best way to include a local DNS Server?
Can I configure on a IPA DNS Server (extern) views for a internal DNS without
problems ?
Is the named Configuration is overwritten by Updates or other ?
I have read now much FreeIPA Doc's but found nothing for this Problem ?
--
On Fri, 2016-07-22 at 09:59 -0500, Alston, David wrote:
> Greetings!
>
> I realize that FreeIPA is supposed to be setup as master of its
> own domain, but are there any plans to continue the account
> replication functionality that has already been in FreeIPA? I had
> heard rumor that it
Greetings!
I realize that FreeIPA is supposed to be setup as master of its own
domain, but are there any plans to continue the account replication
functionality that has already been in FreeIPA? I had heard rumor that it
would be possible to have FreeIPA and Active Directory coexist in
I agree with you Jakub, I will start separate thread for separate
issues.
On Fri, Jul 22, 2016 at 10:31 AM, Jakub Hrozek wrote:
> On Fri, Jul 22, 2016 at 09:36:27AM -0400, Linov Suresh wrote:
> > I'm facing another issue now, my kerberos tickets are not renewing,
>
>
On Fri, Jul 22, 2016 at 09:36:27AM -0400, Linov Suresh wrote:
> I'm facing another issue now, my kerberos tickets are not renewing,
In general I think it's better to start separate threads about separate
issues. That way people who only scan the subject lines can see if this
thread is something
Hi Petr,
Thanks for the documentations. I already had followed the steps from the
NIS migration page, it works, but does not solve my problem, which is to
change *already existing users* passwords.
When trying
ipa user-mod testuser --setattr userpassword='{MD5}G3TITOeG1vuPf/IJyhw8WA=='
I get
On Fri, Jul 22, 2016 at 03:04:01PM +0100, Peter Pakos wrote:
> Jakub Hrozek wrote:
>
> > I'm glad it works now, but why did you choose to use the LDAP back end
> > over the IPA back end? By using LDAP, you gain the ability to not enroll
> > clients with ipa-client-install, but you loose the ease
Could you please verify, if we have set correct trust attributes on the
certificates
*root@caer ~]# certutil -d /var/lib/pki-ca/alias/ -L*
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
subsystemCert cert-pki-ca
under the "configure global security part" of jenkins, we can specify how
jenkins will fetch users for authentication. One option is
"Unix user/group database" . wherein, it will do a getent passwd and fetch
users from there.
Other is to specify ldap.
There are few other ways as well but haven't
Junhe Jian wrote:
Hello,
i have a problem to change/set the GID.
I create a new Group with a GID 999 in GUI not work. IPA generate a new
GID within the Range.
You are running into https://fedorahosted.org/freeipa/ticket/2886
This is fixed in freeIPA 3.2.
Basically 999 was the "magic"
Jakub Hrozek wrote:
> I'm glad it works now, but why did you choose to use the LDAP back end
> over the IPA back end? By using LDAP, you gain the ability to not enroll
> clients with ipa-client-install, but you loose the ease of
> manageability, HBAC, easy SUDO integration, not to mention you
I'm facing another issue now, my kerberos tickets are not renewing,
*[root@caer ~]# ipa cert-show 1*
ipa: ERROR: Ticket expired
*[root@caer ~]# klist*
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ad...@teloip.net
Valid starting ExpiresService principal
07/20/16 14:42:26
Hello,
i have a problem to change/set the GID.
I create a new Group with a GID 999 in GUI not work. IPA generate a new GID
within the Range.
In Commandline the same
ipa group-add --gid=999 --desc='Docker Group' docker
Added group "docker"
On Fri, Jul 22, 2016 at 06:17:32PM +0530, Rakesh Rajasekharan wrote:
> My specific requirement for having "enumerate=TRUE" was , we have a build
> server with the jenkins set up.
> And for authentication jenkins tries to get the localusers on the system.
I'm not sure what you mean by localusers,
Hi,
thanks a lot for help guys. It's working now. I can successfully read POSIX
attributes from AD.
Just now I'am storring uidNumber, gidNumber, gecos, loginShell and
unixHomeDirectory in AD.
I have trouble with homedir. It's using subdomain_homedir from sssd.conf and
not reflecting the
On 07/22/2016 11:42 AM, Sébastien Julliot wrote:
> Hello everyone,
>
> I am currently trying to deploy FreeIPA as the new idm system in my
> university but came across a problem I could not solve yet. I need to
> bypass the pre-hashed passwords verification, not only on the user creation.
>
>
A massive thank you to Jan Cholasta for handholding me while I was getting
this problem fixed. This is how we did it...
1. List all CA certificates in LDAP directory:
ldapsearch -b cn=certificates,cn=ipa,$basedn
2. Using ldapdelete (or LDAP browser), get rid of all certificates that
shouldn't
A massive thank you to Jan Cholasta for handholding me while I was getting
this problem fixed. This is how we did it...
1. List all CA certificates in LDAP directory:
ldapsearch -b cn=certificates,cn=ipa,$basedn
2. Using ldapdelete, get rid of all certificates that shouldn't be there,
in my
Hello everyone,
I am currently trying to deploy FreeIPA as the new idm system in my
university but came across a problem I could not solve yet. I need to
bypass the pre-hashed passwords verification, not only on the user creation.
Due to several constraints, our workflow involves periodically
On Fri, Jul 22, 2016 at 10:28:30AM +0200, Lukas Slebodnik wrote:
> On (22/07/16 13:25), Rakesh Rajasekharan wrote:
> >Hi,
> >
> >I am running freeipa version 4.2.0 and sssd version 1.13.0
> >
> >I have set "enumerate=True" to show IPA users as well in getent passwd.
> >
> >However, the getent
On 21.7.2016 22:05, Diogenes S. Jesus wrote:
> Hi everyone.
>
> I'm currently planning on deploying FreeIPA as the Master KDC (among other
> things to leverage from the API and some other built-in features - like
> replicas).
> However I find (correct if I'm wrong) FreeIPA not very modular -
Ben and Petr,
Thanks for your inputs, I'll keep an eye on those bug reports.
Roberto
On 22 July 2016 at 09:51, Petr Spacek wrote:
> On 22.7.2016 04:43, Ben Lipton wrote:
> > I'm not familiar enough with Fedora release engineering to know how this
> gets
> > fixed
On 22.7.2016 04:43, Ben Lipton wrote:
> I'm not familiar enough with Fedora release engineering to know how this gets
> fixed permanently, but I'll share some investigation I've done.
>
> This appears to be due to a change in the selinux-policy-targeted package that
> happened recently. As of the
On 07/22/2016 05:08 AM, Devin Acosta wrote:
I have just installed a newly created FreeIPA server running CentOS 7.2.
I have a (wildcard) SSL Certificate that I want to use for the FreeIPA
Web Management GUI. I tried to follow the directions listed here at the
URL
of
31 matches
Mail list logo