Charles Hedrick via FreeIPA-users wrote:
> In case anyone else has the same problem, let me document what I did today
> with our IPA installation (Centos 7.3)
Sorry to hear you had so many problems.
>
> We started out by installing a primary with a default install, and doing
>
In case anyone else has the same problem, let me document what I did today with
our IPA installation (Centos 7.3)
We started out by installing a primary with a default install, and doing
ipa-replica-install with no parameters. That worked fine. We then install a
commercial certificate, because
We were in the same situation. I tried this solution, and it does fix the
problem with not being able to upgrade.
However it still leaves an inconsistency in the configuration. I was unable to
add a new replica. It failed at the CA step, even if the new replica was
installed without CA. The
On pe, 06 loka 2017, Marius Bjørnstad wrote:
Wow that's well spotted! That IP is the 4.4 server (I just blindly
assumed that it would use the value in krb5.conf, which is the 4.5
server). It goes to 248 every time.
strace showed me that kinit gets the IP address from
Just learned a new keyboard shortcut in my mail client. Didn't mean to send
without saying thanks a lot, that was very helpful.
> 6. okt. 2017 kl. 12.24 skrev Marius Bjørnstad via FreeIPA-users
> :
>
> Wow that's well spotted! That IP is the 4.4 server (I
Wow that's well spotted! That IP is the 4.4 server (I just blindly assumed that
it would use the value in krb5.conf, which is the 4.5 server). It goes to 248
every time.
strace showed me that kinit gets the IP address from
/var/lib/sss/pubconf/kdcinfo.OUS.NSC.LOCAL. This file contains only
On pe, 06 loka 2017, Marius Bjørnstad via FreeIPA-users wrote:
Thanks for the replies! I do have the krb5-pkinit package installed.
ipa-pkinit-manage status was disabled, but enabling it with ipa-pkinit-manage
enable didn't fix the problem.
$ ipa pkinit-status --server=SERVER_NAME
says PKINIT