john john via FreeIPA-users wrote: > Thank you for your answer, > > I have a few questions: > 1. Should I perform "kinit admin" before "ipactl stop" command?
No, a ticket is not required. > 2. How did you determine that it was March 8 that I need to set the date on > the server? > Several certificates updated on March 5 and 7. IIRC some of the certificates were renewed in March and some weren't and expired in April. You want to be in the sweet spot of time so that all of the certificates are valid and not expired. > Maybe I need to set the date before March 5? > 3. IPA configured with next services: > > ipactl status > > Directory Service: RUNNING > krb5kdc Service: RUNNING > kadmin Service: RUNNING > httpd Service: STOPPED > ipa-custodia Service: RUNNING > ntpd Service: RUNNING > pki-tomcatd Service: RUNNING > ipa-otpd Service: RUNNING > ipa: INFO: The ipactl command was successful > > Do I understand correctly to start the dirsrv service I need to run the > "systemctl start [email protected]" command? The entry EXAMPLE.COM specified > in the "/etc/ipa/default.conf" parameter "realm = EXAMPLE.COM". Replaces dots with dashes in the realm. Or you can use dirsrv.target. > If I right then krb5kdc is krb5kdc.service, named didn't configured, httpd is > httpd.service, pki-tomcatd is [email protected] Correct. Note that you don't need to include the .service part when using systemctl if you want to save some typing. We have to do this manually rather than ipactl since it would start ntpd and bring time back to current. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
