Have you tried the replication management script?
ipa-replica-manage(1): Manage IPA replica - Linux man page
|
|
|
| ||
|
|
|
| |
ipa-replica-manage(1): Manage IPA replica - Linux man page
Manages the replication agreements of an IPA server. connect [SERVER_A]
-
On Thu, Aug 3, 2017 at 9:57 PM, Alexandre Pitre via FreeIPA-users
wrote:
> I'm unable to rejoin a CentOS client to my FreeIPA realm. I ran the
> uninstall command on my client: ipa-client-install --uninstall
>
> As far as I know the uninstall was successful.
On Wed, Aug 2, 2017 at 3:06 PM, Karl Forner via FreeIPA-users
wrote:
> Cross-posted from https://github.com/freeipa/freeipa-container/issues/151
>
> Context: I have one master running in a docker container, with freeIPA
> 4.2.3.
>
> I'm trying to setup a new
The customizations that define the additions to the schema appear to be in
the javascript file /usr/share/ipa/ui/js/plugins/chemuser/chemuser.js. It
defines the additional fields we use that are causing us so much trouble.
I have included it below.
// Place in
Kristian Petersen via FreeIPA-users wrote:
> I work with Randy and there was some custom python and javascript code
> written to implement the extensions to the schema as I recall.
My initial thought was that the freeIPA code was updated directly and
updating overwrote the customizations.
rob
>
So now that we have a nicely replicating domain and ca, I'd like to rid
myself of these revoked certificates which I tried as a way to fix the
replication and setting up of a CA. Is there a way to delete these
certs out of the store?
--
Mark Haney
Network Engineer at NeoNova
919-460-3330
On to, 03 elo 2017, Petr Fišer via FreeIPA-users wrote:
Hello,
We are currently deploying FreeIPA and we make use of custom attributes.
We defined them in custom.py script (located in
/usr/lib/python2.7/site-packages/ipaserver/plugins/custom.py).
custom.py looks like this:
from
Rob Crittenden writes:
> certmonger doesn't support storing certificates in a java keystore.
That's what I found out :-)
> The tricky bit might be in dealing with the CSR. certmonger needs the
> private key in order do the renewal.
>
> I guess one thing you could do is a
I work with Randy and there was some custom python and javascript code
written to implement the extensions to the schema as I recall.
On Thu, Aug 3, 2017 at 8:15 AM, Rob Crittenden via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Randy Morgan via FreeIPA-users wrote:
> > When
On 08/03/2017 08:34 AM, Fraser Tweedale wrote:
Mark, that's great news; I'm glad you were able to resolve the
issue.
Everyone gets the tunnel vision sometimes :)
I wish you a successful rollout to production.
Cheers,
Fraser
Actually, let me update you on this. I finally got a chance to
Bob Rentschler wrote:
> The query mismatch was a typo/mispaste, sorry about that.
>
> It was indeed at least partly permissions in the LDAP server, likely
> because a service is running the query.
>
> I solved the freeipa permissions with the below command, which is likely
> bad in some way but
The query mismatch was a typo/mispaste, sorry about that.
It was indeed at least partly permissions in the LDAP server, likely
because a service is running the query.
I solved the freeipa permissions with the below command, which is likely
bad in some way but did allow postmap to return the
Randy Morgan via FreeIPA-users wrote:
> When we setup our IPA server, we extended the schema to include 3 fields
> that were important to the work we do. When we performed the last
> update, those fields still show as required, but they are missing and we
> cannot add users to IPA unless we
Jochen Kellner via FreeIPA-users wrote:
> Hi,
>
> 3. August 2017 03:03, "Fraser Tweedale via FreeIPA-users"
>
> schrieb:
>
>> On Wed, Aug 02, 2017 at 11:11:09PM +0200, Jochen Hein via FreeIPA-users
>> wrote:
>>> I'm playing around with keycloak and wanted
Bob Rentschler via FreeIPA-users wrote:
> This may be related to the issue discussed here:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/message/SC7GYMHMJ2DNT6BDDSWG5F4HL252EJOD/
>
Rafał Wądołowski wrote:
> Okey, but how can I create certificate for domain intra.example.com?
>
> I can't create host, because the hostname is required. When I try to add
> service, I got output that principal is required.
Like I said, every cert needs to live in a bucket (user, service, etc)
On Thu, Aug 03, 2017 at 07:18:30AM -0400, Mark Haney wrote:
> On 08/02/2017 04:17 PM, Fraser Tweedale wrote:
> >
> > > - /var/log/ipareplica-install.log from replica
> > > - /etc/pki/pki-tomcat/ca/debug from both master and replica
> > >
> > > Those logs should do for a start.
> > >
> > > I'd
On 08/03/2017 11:19 AM, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
I found some very large log files in
/var/log/pki/pki-tomcat/ca
On the major CA host the "debug" file is >1GByte and was never
rotated. It seems that there is a responsible config file /etc/\
Oh, sorry, I forgot.
FreeIPA 4.4.0 on RHEL 7.
Petr Fišer
BCV solutions s.r.o.
Mobile: +420 607 618 243
E-mail: petr.fi...@bcvsolutions.eu
Jabber: petr.fi...@bcvsolutions.eu
On 08/03/2017 02:05 PM, Petr Fišer wrote:
Hello,
We are currently deploying FreeIPA and we make use of custom
Hello,
We are currently deploying FreeIPA and we make use of custom attributes.
We defined them in custom.py script (located in
/usr/lib/python2.7/site-packages/ipaserver/plugins/custom.py). custom.py
looks like this:
from ipaserver.plugins.user import user
from ipalib.parameters import Int
On 08/02/2017 04:17 PM, Fraser Tweedale wrote:
- /var/log/ipareplica-install.log from replica
- /etc/pki/pki-tomcat/ca/debug from both master and replica
Those logs should do for a start.
I'd also like to see your /etc/pki/pki-tomcat/ca/CS.cfg from both
master and replica. Depending on
Hi folks,
I found some very large log files in
/var/log/pki/pki-tomcat/ca
On the major CA host the "debug" file is >1GByte and was never
rotated. It seems that there is a responsible config file /etc/\
pki/pki-tomcat/ca/CS.cfg, setting
debug.append=true
On 08/03/2017 02:10 AM, Tejas Desai via FreeIPA-users wrote:
BIND uses the directives “type forward” and “forward first” in its
named.conf file. How can I make use of BIND directives when using ipa
dns? Because it is based on BIND, can I edit named-pkcs11 directly? Tejas
On 08/02/2017 11:51 PM, Ian Harding via FreeIPA-users wrote:
On 08/02/2017 12:11 AM, Florence Blanc-Renaud wrote:
On 08/02/2017 01:43 AM, Ian Harding wrote:
On 08/01/2017 12:03 PM, Rob Crittenden wrote:
Ian Harding wrote:
On 08/01/2017 07:39 AM, Florence Blanc-Renaud wrote:
On 08/01/2017
Hi,
3. August 2017 03:03, "Fraser Tweedale via FreeIPA-users"
schrieb:
> On Wed, Aug 02, 2017 at 11:11:09PM +0200, Jochen Hein via FreeIPA-users wrote:
>> I'm playing around with keycloak and wanted to use an SSL certificate
>> from IPA. I've looked around
On to, 03 elo 2017, Igor Sever via FreeIPA-users wrote:
I didn’t specify any ID range. This was all done automagically by
setup. I read a lot of documentation, and I can’t remember that ever
been mentioned. We indeed had NIS at some point, but this is not
supported any more by MS, and FreeIPA
26 matches
Mail list logo