Bret Wortman via FreeIPA-users
writes:
> If this is the correct search, then no. It's gone.
Now, if you don't have the private keys any longer (see Rob's mail), we
should consider your CA really gone. I'd look at ipa-ca-install and
something like
https://www.freeipa.org/page/V4/CA-less_to_CA-fu
I think you should read this carefully, but it should work:
>
> https://access.redhat.com/documentation/en-us/red_hat_
> enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_
> guide/server-roles#server-roles-promote-to-ca
>
> The whole CA data is replicated among all ldap server
Bret Wortman via FreeIPA-users wrote:
> If this is the correct search, then no. It's gone.
>
> # ldapsearch -D 'cn=directory manager' -b 'o=ipaca' -W
> Enter LDAP Password:
>
> # extended LDIF
> #
> # LDAPv3
> # base with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # s
hi,
On Wed, Feb 21, 2018 at 4:48 PM, Bret Wortman via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> I may be going about this in the hardest way possible, so let me stop and
> roll everything back to my root need:
>
> I have two IPA servers which manage our infrastructure. We u
If this is the correct search, then no. It's gone.
# ldapsearch -D 'cn=directory manager' -b 'o=ipaca' -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses:
Bret Wortman via FreeIPA-users
writes:
> I may be going about this in the hardest way possible, so let me stop
> and roll everything back to my root need:
>
> I have two IPA servers which manage our infrastructure. We used to
> have three, but a catastrophic failure on one led to its total
> loss
Is there a way to specify a policy for 1 zone to be on 1 server or on a set of
servers in 1 location?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
I may be going about this in the hardest way possible, so let me stop
and roll everything back to my root need:
I have two IPA servers which manage our infrastructure. We used to have
three, but a catastrophic failure on one led to its total loss. And it
was our CA.
So now we have no CA -- i
My only hbac rule is "allow_all", and it's enabled. I hadn't gotten
around to setting up any additional ones yet.
On 02/21/2018 10:14 AM, Rob Crittenden wrote:
Bret Wortman via FreeIPA-users wrote:
Any ideas why I might be prevented from logging in on a system through
GDM and the console, but
those are different services
ssh is sshd
local console login in most cases: login
for x windows this depends on display manager and login manager:
lightdm gdm and so on
W dniu 21.02.2018 o 16:14, Rob Crittenden via FreeIPA-users pisze:
Bret Wortman via FreeIPA-users wrote:
Any ideas why I
Bret Wortman via FreeIPA-users wrote:
> Any ideas why I might be prevented from logging in on a system through
> GDM and the console, but if I log in as root and:
>
> # ssh bretw@localhost
>
> I'm able to log in without issues? And it'll tell me about failed logins
> for every time I try through
Any ideas why I might be prevented from logging in on a system through
GDM and the console, but if I log in as root and:
# ssh bretw@localhost
I'm able to log in without issues? And it'll tell me about failed logins
for every time I try through GDM or the console.
This is on a brand new IPA
Bob Clough via FreeIPA-users wrote:
> I'm having some issues talking to our new Freeipa servers via TLS from Python
> 3.5 on Debian Stretch. Previously we had a Freeipa 4.2 server on Fedora 23
> which was not showing this error, but i suspect that's because it had SSLv3
> turned on. I'm also h
I'm having some issues talking to our new Freeipa servers via TLS from Python
3.5 on Debian Stretch. Previously we had a Freeipa 4.2 server on Fedora 23
which was not showing this error, but i suspect that's because it had SSLv3
turned on. I'm also having a similar error with etherpad's ldap s
14 matches
Mail list logo
