On Thu, Jul 13, 2017 at 08:20:02AM -0400, Jeff Fouchard via FreeIPA-users wrote:
> The certificates are being issued via ipa-getcert. The certificates we get
> back are signed with what looks to be the old "self-signed" IPA CA
> certificate. The CN is the same as the new one, but the serial /
Hi,
I am getting an error logging into a FreeIPA server from a new FreeIPA client.
I have reset the password for the user using "kinit admin" but still no joy. Is
there another password that is needing to be set?.
Jul 14 13:53:41 ipa-client [sssd[krb5_child[2457]]]: Password has expired
Jul 14
On Thu, Jul 13, 2017 at 09:57:04AM -0400, Mark Haney via FreeIPA-users wrote:
> On 07/12/2017 08:34 PM, Fraser Tweedale wrote:
> >
> > Which version(s) of FreeIPA?
> ipa-server-4.4.0-14.el7.centos.7.x86_64
> >
> > Which service(s) (HTTP, LDAP?).
> HTTPS. I haven't checked LDAPS yet. It appears
On Thu, Jul 13, 2017 at 03:02:02PM +, Charles Hedrick via FreeIPA-users
wrote:
> I’ve installed ipa. Originally I did the default install, without DNS.
>
> I then updated to a commercial cert. Notes at the end.
>
> I just did a yum update. isa-upgrade failed with the following error:
>
>
Hi all!
In my setup I have 2 FreeIPA servers, both are masters (using location
without greater success, but I think that issue is a problem in layer 8
(between keyboard and chair)). Now when I have used FreeIPA for a while
I'm comfortable to let my home network use the FreeIPA for different
Hi,
I have had a success with installing the FreeIPA system but I needed to add
another client in order to reproduce the steps required for
building a client to authenticate with the server. I did the same steps as
before but I cannot get "another" client to authenticate with the server.
I’ve installed ipa. Originally I did the default install, without DNS.
I then updated to a commercial cert. Notes at the end.
I just did a yum update. isa-upgrade failed with the following error:
017-07-12T19:23:39Z DEBUG stderr=
2017-07-12T19:23:44Z DEBUG Loading Index file from
On 07/12/2017 08:34 PM, Fraser Tweedale wrote:
Which version(s) of FreeIPA?
ipa-server-4.4.0-14.el7.centos.7.x86_64
Which service(s) (HTTP, LDAP?).
HTTPS. I haven't checked LDAPS yet. It appears this is only related to
HTTPS. To give a bit of backstory, the primary host [ipa0] was
On 13.07.2017 11:50, Tobi Berninger via FreeIPA-users wrote:
Hey,
I am pretty new to this whole OpenLdap / Freeipa Buisness.
Is there any overview of all fields that openldap offers?
can anyone recommend me an good introduction to this topic ?
thank you all
j.
The certificates are being issued via ipa-getcert. The certificates we get
back are signed with what looks to be the old "self-signed" IPA CA
certificate. The CN is the same as the new one, but the serial / expiry
and issuer is different than what IPA is using for its own web-ui.
On Wed, Jul
Thank you for the answer.
I've verified the status of domain on both server and client.
On a server it appears that IPA domain (ipa.sub.mydomain.com) is always online.
However, status of AD domain (sub.mydomain.com) seems to be fluctuating between
Online and Offline and sometimes sssctl returns
On 07/13/2017 10:54 AM, Jakub Hrozek wrote:
Pavel, I think this looks a bit similar to
https://bugzilla.redhat.com/show_bug.cgi?id=1466934
do you agree? Do you have some suggestion to increase the wait timeout
in case the services are restarted?
It looks similar. The timeout is currently
Hi,
> To recover from this situation you should reinstall the old CA
> certificate via ipa-cacert-manage. If you can't find a copy of that
> lying around you should (for a self-signed IPA CA) be able to
> retrieve it from LDAP under ou=certificateRepository,ou=ca,o=ipaca.
> (Probably
Pavel, I think this looks a bit similar to
https://bugzilla.redhat.com/show_bug.cgi?id=1466934
do you agree? Do you have some suggestion to increase the wait timeout
in case the services are restarted?
On Thu, Jul 13, 2017 at 08:41:58AM +0200, Harald Dunkel wrote:
> Hi Jakub,
>
> it happened
14 matches
Mail list logo