Ralph Crongeyer via FreeIPA-users wrote:
> So it does allow me to login, however there is a popup that says:
> "Some operations failed.", and a link "View details", when I click on
> that it shows:
> "invalid 'PKINIT enabled server': all masters must have IPA master role"
> And there is a button
lune voo writes:
> Hello Robbie.
>
> That's also the strange part, the kpasswd does not work after that.
Can you post kerb logs for the failure?
Thanks,
--Robbie
signature.asc
Description: PGP signature
___
FreeIPA-users mailing list --
Andrey Bychkov via FreeIPA-users wrote:
> Hello, I fixed design page.
>
> https://www.freeipa.org/page/V4/NTP_Servers_Configuration
Tibor, do you have any input on this?
As I read this it will be up to the end-user to install their favorite
NTP client package, right? Otherwise installation is
sssd should be installed as a dependency when you install
freeipa-client. The sssd file itself is /etc/sssd/sssd.conf.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
Hello Robbie.
That's also the strange part, the kpasswd does not work after that.
Best regards.
Lune
Le mer. 24 oct. 2018 à 19:38, Robbie Harwood a écrit :
> lune voo via FreeIPA-users
> writes:
>
> > Hello everyone.
> >
> > I send you this mail because I encountered a strange problem
Hi,
Thanks for the information, But in ubuntu, there is not "sssd" file.
On Thu, Oct 25, 2018 at 12:14 AM Kristian Petersen
wrote:
> It is basically the same as on CentOS. The package you install is
> freeipa-client instead of ipa-client, but the command to enroll the host is
> the same.
>
>
Hi,
Actually, I had installed freeipa server on my centos7 machine. But in my
organization, we are using Ubuntu. Could you please give the steps so that
i can add my ubuntu servers as a client in freeipa for ssh access
management.
Thank you
jatinder
It is basically the same as on CentOS. The package you install is
freeipa-client instead of ipa-client, but the command to enroll the host is
the same.
On Wed, Oct 24, 2018 at 12:05 PM Jatinder Kumar via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi,
>
> Actually, I had
Hi,
Actually, I had installed freeipa server on my centos7 machine. But in my
organization, we are using Ubuntu. Could you please give the steps so that
i can add my ubuntu servers as a client in freeipa for ssh access
management.
Thank you
jatinder
lune voo via FreeIPA-users
writes:
> Hello everyone.
>
> I send you this mail because I encountered a strange problem trying to set
> a password for a user I just created.
>
> First, I created the user with ipa user-add and for the following result :
> Added user
>
> Then I added this user into
On ke, 24 loka 2018, Callum Smith via FreeIPA-users wrote:
Dear Rob,
I'm using the python-freeipa library:
(client is initialised and logged in - tested and working with other calls such
as user_show etc)
client.user_add(
options.username,
options.first_name,
Hello everyone.
I send you this mail because I encountered a strange problem trying to set
a password for a user I just created.
First, I created the user with ipa user-add and for the following result :
Added user
Then I added this user into a password policy group and it worked fine :
Then I
Dear Rob,
I'm using the python-freeipa library:
(client is initialised and logged in - tested and working with other calls such
as user_show etc)
client.user_add(
options.username,
options.first_name,
options.last_name,
options.name,
mail=options.mail,
So it does allow me to login, however there is a popup that says:
"Some operations failed.", and a link "View details", when I click on that
it shows:
"invalid 'PKINIT enabled server': all masters must have IPA master role"
And there is a button that says "OK", when I click on that it shows this:
Sorry, I've figured it out myself...
The problem was not with the Root CA certificate, the reported error is
misleading here.
Actually, the problem was with the certificate generated for the FreeIPA
itself.
It had CA:FALSE, because I forgot to select the right extension profile when
signing
Thank you Timo,
In the meantime I installed the freeipa-server on another clean Ubuntu server,
which worked well.
Then installed the client on this one, which also worked well. Would be good
however to understand what’s the issue with the first server.
Milos
> On 24 Oct 2018, at 13:20, Timo
Hi,
I am trying to configure FreeIPA as a SubCA, and the "RootCA" is self-made with
openssl. So I've signed the FreeIPA's request with my self-signed "root ca"
certificate, but it looks like FreeIPA doesn't like it:
ipa-server-install --external-cert-file=/root/rootca/rootcacert.pem
Thanks! Replies in line
Alexander Bokovoy wrote on 10/24/18 8:40 AM:
On ke, 24 loka 2018, Chris Dagdigian via FreeIPA-users wrote:
Is it possible to override the AD integration use of DNS queries to
find AD controllers and replace the auto-discovery with a named list
of domain controllers?
On ke, 24 loka 2018, Chris Dagdigian via FreeIPA-users wrote:
Is it possible to override the AD integration use of DNS queries to
find AD controllers and replace the auto-discovery with a named list
of domain controllers?
Where? In 'ipa trust-add' or in SSSD? The former has already a mechanism
Callum Smith wrote:
> Dear Rob,
>
> Running v4.5.0 (CentOS 7.4 distribution)
> API version 2.228
>
> Setting it to -1 gives:
> ValidationError: invalid 'uid': must be at least 1
Need more information on what exactly it is you are doing.
rob
>
> Regards,
> Callum
>
> --
>
> Callum Smith
>
Is it possible to override the AD integration use of DNS queries to find
AD controllers and replace the auto-discovery with a named list of
domain controllers?
We've got a setup in an AWS VPC and we've found that out of the 100 or
so domain controllers in DNS that a few of them refuse to talk
Dear Rob,
Running v4.5.0 (CentOS 7.4 distribution)
API version 2.228
Setting it to -1 gives:
ValidationError: invalid 'uid': must be at least 1
Regards,
Callum
--
Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e.
Callum Smith via FreeIPA-users wrote:
> Dear All,
>
> When using the API to create an account, if I don't specify the
> uidnumber I get this error:
>
> missing attribute "uidNumber" required by object class "posixAccount"
>
> I was expecting the uidNumber to function thus: "system will assign
Dear All,
When using the API to create an account, if I don't specify the uidnumber I get
this error:
missing attribute "uidNumber" required by object class "posixAccount"
I was expecting the uidNumber to function thus: "system will assign one if not
provided"
Am I missing something?
On 24.10.2018 09:57, Milos Cuculovic via FreeIPA-users wrote:
> Anyone who could help?
You are mixing Debian and Ubuntu repositories, I don't think that's a
proper solution in the long run. Server install on Ubuntu 18.10 should
work more or less, stock 18.04 has issues, and Debian is missing some
On 10/23/18 5:24 AM, None via FreeIPA-users wrote:
Hi Flo, the journalctl reports that request is rejected, error 2.
dogtag-ipa-ca-renew-agent-submit[29544]: Forwarding request to
dogtag-ipa-renew-agent
dogtag-ipa-renew-agent-submit[29558]: GET
Anyone who could help?
Milos Cuculovic
> On 15 Oct 2018, at 14:29, Milos Cuculovic wrote:
>
> I am trying to install after an uninstall the freeipa-server package on
> Debian, which is now failing. I normally removed all packages and config
> files, something seems to still cause issues. The
27 matches
Mail list logo
