far.
Thank you.
From: sipazzo
To: Martin Basti ; Freeipa-users
Sent: Friday, January 6, 2017 1:03 PM
Subject: Re: [Freeipa-users] Replication has stopped and server errors
I have changed the number of db locks to 4. After restart, each server
reports a lot of these type errors
one host on each of the servers. I have waited 30 minutes
and the results are:ipa1-dev - deletion replicated to all serversipa2-dr -
deletion replicated to all servers
ipa1-dr, ipa1-prod, ipa2-dev, ipa2-prod - deletions not replicated
From: Martin Basti
To: sipazzo ; Freeipa-users
Sent: Fr
I have 6 ipaservers in 3 locations running 4.2.0-15.0.1on RHEL 7. Ipa1-dev is
the CARenewal and CRL Master server and where most of our updates (host
enrollment,password changes) end up taking place. Servers hadbeen running fine.
Over the holidays we started having some replication issuesand loo
AMPLE.COM
subject: CN=ipa3.example.com,O=EXAMPLE.COM
expires: 2016-07-29 20:38:41 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
xpires: 2016-08-26 16:41:24 UTC
expires: 2016-06-06 23:36:29 UTC
expires: 2016-06-06 23:36:28 UTC
expires: 2016-06-06 23:36:28 UTC
expires: 2016-06-06 23:37:09 UTC
Again thank you, as always.
From: Rob Crittenden
To: sipazzo ; "freeipa-users@redhat.com"
Sent: F
ld, unsupported format.
Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key
database is in an old, unsupported format.
From: sipazzo
To: "freeipa-users@redhat.com"
Sent: Friday, July 29, 2016 9:06 AM
Subject: certificates expired - won't renew
I have seen many threads on this so sorry to bring it up again but I have a
freeipa domain, with 4 ipa servers running on redhat 6 version 3.0.0-50. The
certificates are expired/expiring and will not renew and it is causing many
issues for us. I have tried the many suggestions I have see in the
Sat, Aug 15, 2015 at 1:05 PM, Natxo Asenjo wrote:
On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden wrote:
sipazzo wrote:
and my users are able to authenticate to the directory but the hbac
rules are not being applied. Any user whether given access or not can
login to the Solaris systems
njo wrote:
> >
> >
> >On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden ><mailto:rcrit...@redhat.com>> wrote:
> >
> > sipazzo wrote:
> >
> >
> > and my users are able to authenticate to the directory but the hbac
> >
:
On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden wrote:
sipazzo wrote:
and my users are able to authenticate to the directory but the hbac
rules are not being applied. Any user whether given access or not can
login to the Solaris systems. The "allow-all" rule has been di
Hi I am using freeipa 3.0.0-47 in a mixed environment with rhel5-7 clients,
Solaris 10 clients and a handful of Solaris 11 clients. I followed this guide
in setting up the solaris clients: 3.8. Configuring a Solaris System as a
FreeIPA Client
| |
| | | | | |
| 3.8. Configuring a Sola
Thank you so much, that was it - just a wrong command. Appreciate the help and
quick response.
From: Simo Sorce
To: sipazzo
Cc: Freeipa-users
Sent: Tuesday, June 30, 2015 12:39 PM
Subject: Re: [Freeipa-users] keytab issue with service principal
On Tue, 2015-06-30 at 19:34 +
@example.com while getting initial credentials
Simo just responded that I had the command wrong. I re-ran it as he indicated
and received a service ticket. Thank you both so much.
From: Alexander Bokovoy
To: sipazzo
Cc: Freeipa-users
Sent: Tuesday, June 30, 2015 12:16 PM
Subject
oracledb/oracledbsrvr.example@example.com
2 06/30/15 17:12:13 oracledb/oracledbsrvr.example@example.com From:
Simo Sorce
To: sipazzo
Cc: Freeipa-users
Sent: Tuesday, June 30, 2015 11:52 AM
Subject: Re: [Freeipa-users] keytab issue with service principal
On Tue, 2015-06-30
I am trying to troubleshoot kerberos authentication for an oracle service
(oracledb) and getting the following error when testing the service keytab on
the database server (oracledbsrvr):
oracle@oracledbsrvr ~]# kinit -kt /opt/oracle/admin/oracledb.keytab -S
oracledb/oracledbsrvr.example.com
kin
.
On Wed, 3/25/15, Rob Crittenden wrote:
Subject: Re: [Freeipa-users] Fw: Need to replace cert for ipa servers
To: "sipazzo" , "freeipa-users@redhat.com"
Date: Wednesday, March 25, 2015, 2:43 PM
sipazzo wrote:
> Ok I finally was able to get a sandbox
environm
CT,,
NWF_GD u,u,u
Showing that the IPA Dogtag cert is now listed whereas it was not previously.
From: sipazzo
To: Rob Crittenden ; "freeipa-users@redhat.com"
Sent: Friday, March 13, 2015 1:32 PM
Subject: Re: [Freeipa-users] Fw: Need
This environment is over 350 servers, many of which are in production so I may
have to wait a bit for change management approval to attempt to resolve this
issue, particularly if you think it might break something. I will keep you
updated on my progress. Thank you much.
From: sipazzo
?
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rob Crittenden
Sent: Wednesday, March 11, 2015 7:20 PM
To: sipazzo; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Need to replace cert for ipa servers
sipazzo wrote:
> Tha
and Solaris clients so are not using sssd in all cases.
I know this is asking a lot but appreciate any help you can give.
Thank you.
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rob Crittenden
Sent: Wednesday, Marc
This is how use the automounter to automatically create home directories for
ipa users under /export/home/ and mount them under /home/ on Solaris 10, as
well as copy over the profile files and assign appropriate owner and group:
We first created a service account called "auth" in ipa to allow lda
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Wednesday, March 04, 2015 2:57 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Need to replace cert for ipa servers On 03/04/2015
04:32 PM, sipazzo wrote:
Good afternoon, we h
Subject: Re: [Freeipa-users] Need to replace cert for ipa servers On
03/04/2015 04:32 PM, sipazzo wrote:
Good afternoon, we have a freeipa 3.0.42 installation running on redhead 6.6
with a mix of rhel 5, rhel6 and Solaris clients. It was originally configured
with the built in dogtag certificate
Good afternoon, we have a freeipa 3.0.42 installation running on redhead 6.6
with a mix of rhel 5, rhel6 and Solaris clients. It was originally configured
with the built in dogtag certificate CA and then one of my co-workers added our
GoDaddy certificate to the certificate bundle. My understandi
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeipa-users digest..."
Today's Topics:
1. Re: Having trouble running FreeIPA with SRV records on
externally managed DNS (Petr Spacek)
2. freeipa managed sudoers on Solaris 10 (sipazzo
I am having trouble finding relevant documentation on using freeipa to manage
sudoers for a Solaris client. Has anyone successfully set this up without
adding a bunch of non-standard packages? I am running freeipa 3.0.0-42 and any
help is appreciated.
--
Manage your subscription for the Freeip
policy for admin account not working
To: "sipazzo" , "Freeipa-users@redhat.com"
Date: Monday, January 12, 2015, 11:48 AM
sipazzo wrote:
>
> Good morning, I created a
"service" password policy that prevents password
expiration and gave it a priority of
Good morning, I created a "service" password policy that prevents password
expiration and gave it a priority of 0. I then created a "service" user group
and applied the policy to the group. I added my admin user to this group so
their password would not expire. However, it continues to expire a
is much easier to
maintain.
Thanks again.
_
On Wed, 12/3/14, Lukas Slebodnik wrote:
Subject: Re: [Freeipa-users] sudo utilizing sssd rhel6.6
To: "sipazzo"
Cc: freeipa-users@redhat.com
Date: Wednesday, December 3, 2014, 7:38 AM
On (0
Good morning, I have a fairly new ipa domain (server version 3.0.0-42 and
clients mixed 3.0.0-37 and 3.0.0-42) set up with a mix of rhel6, rhel5 and
solaris. It seemed like my sudo config using sssd in rhel6.5 was working and
then we patched to 6.6 and it is broken. I had followed these setup
i
using profile
To: "sipazzo" , "Freeipa-users@redhat.com"
Date: Tuesday, October 28, 2014, 3:29 PM
Rob Crittenden wrote:
> sipazzo wrote:
>>
Yes I did generate the database on the IPA server and copied
it over. I thought that was what the instructions indic
bject: Re: [Freeipa-users] Solaris 10 client configuration using profile
To: "sipazzo" , "Freeipa-users@redhat.com"
Date: Monday, October 27, 2014, 3:41 PM
sipazzo wrote:
> /var/ldap exists on both client and server
and I was able to sudo to root and generate the *.db
am
unsure of the next step to troubleshoot this issue.
On Sat, 10/11/14, Alexander Bokovoy wrote:
Subject: Re: [Freeipa-users] Solaris 10 client configuration using profile
To: "Rob Crittenden"
Cc: "sipazzo" , "Freei
Hello, I am trying to set up a default profile for my Solaris 10 IPA clients as
recommended. I generated a profile on a Solaris with the attributes I needed
except I got an "invalid parameter" error when specifying the domainName
attribute like this -a domainName=example.com even though this par
34 matches
Mail list logo