Hi Christopher,
I agree with Rob that replication issue is the most likely cause.
If there were replication issues, depending on your topology there
may be serial/request ID range conflicts too. But the most critical
issue is the about-to-expire certificate.
A couple of quick points/questions:
Output:
[root@orldc-prod-ipa01 alias]# ipa-csreplica-manage list -v
`hostname`.passur.local
Directory Manager password:
orldc-prod-ipa02.passur.local
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: Error (-1) Problem connecting to replica - LDAP
err
Christopher Young via FreeIPA-users wrote:
> Yeah. I definitely lost on this one at this point. As far as I can
> tell, SOMEHOW I'm missing these certs in the directory? Does that
> sound right?
>
> How would one go about making sure is corrected? I'm guess I'd need
> to regenerate some type o
Hello Mitchell, Yes I saw your similar issue. Was hoping this would spark
something instead of trying to hijack your post. I'm assuming yours was
not resolved? -Marc
On Tue, Dec 4, 2018 at 4:14 PM Mitchell Smith via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi Marc,
>
> I’
Yeah. I definitely lost on this one at this point. As far as I can
tell, SOMEHOW I'm missing these certs in the directory? Does that
sound right?
How would one go about making sure is corrected? I'm guess I'd need
to regenerate some type of certificate on the IPA host, but I'm afraid
of breaki
Hi Marc,
I’m having a similar issue migrating from Ubuntu 16.04 to Centos 7.
It’s a different attribute that it’s failing on, but it’s the same step in the
ipa-replica-install process.
I think this process needs to be made a bit more resilient and not just die on
non backwards compatible schem
I'm trying to migrate a CentOS 6 IPA setup to CentOS 7. Both are fully
updated CentOS 6.10 (ipa-server-3.0.0-51) and CentOS 7.6
(ipa-server-4.6.4-10)
I've been following:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy
IPA 4.5.4 (has been upgraded for years just to understand that there
is a history)
This system (ipa01) is the renewal master (in case that matters)
I'm getting the following error on 'getcert'. My gut tells me this is
kinda a big deal. :) I really could use some help figuring this one
out as I'm
On ti, 04 joulu 2018, Andrey Ptashnik wrote:
Alexander,
Please find output below:
[root@ipa-server-01 ~]# openssl x509 -text -in /var/kerberos/krb5kdc/kdc.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issue
Alexander,
Please find output below:
[root@ipa-server-01 ~]# openssl x509 -text -in /var/kerberos/krb5kdc/kdc.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=NIX.MYDOMAIN.COM, CN=ipa-server-01.ni
On ti, 04 joulu 2018, Rob Foehl via FreeIPA-users wrote:
On Tue, 4 Dec 2018, Fraser Tweedale wrote:
On Tue, Dec 04, 2018 at 01:49:04AM -0500, Rob Foehl via FreeIPA-users wrote:
Is the service principal necessary just to satisfy this requirement?
It is required, but you can use the host princ
hi Fraser,
On Mon, Dec 3, 2018 at 1:14 AM Fraser Tweedale wrote:
> Hi Naxto,
>
> The CSR's signature is indeed invalid. Were you able to solve the
> issue in the meantime?
>
yes, I generated a csr locally and saved it in the yubikey. If you do that,
everything works great.
I'll have a look to
On Tue, 4 Dec 2018, Fraser Tweedale wrote:
On Tue, Dec 04, 2018 at 01:49:04AM -0500, Rob Foehl via FreeIPA-users wrote:
Is the service principal necessary just to satisfy this requirement?
It is required, but you can use the host principal, i.e.
"host/foo.example.com@YOUR.REALM".
Ahhh, of c
On 12/3/18 6:10 PM, Brian Topping via FreeIPA-users wrote:
Hi all, I have a question about TOTP authenticators (Google Authenticator,
Authy, FreeOTP):
Why is it that a given URL/QRCode can load into all three authenticators, but
all three give different OTP values at any given time and only Fr
Hi,
the main problem is that getent passwd and getent group gives no
output exit code 2.
I've managed to solve original posted issue (by installing
libsasl2-modules-gssapi-mit package), but the main problem persist.
Sending output from commands provided, but it looks like that everything is
On ti, 04 joulu 2018, Andrey Ptashnik wrote:
Alexander,
Thank you for your time,
# getcert list -f /var/kerberos/krb5kdc/kdc.crt
No request found that matched arguments.
#
# ls -la /var/kerberos/krb5kdc/
total 16
drwxr-xr-x. 2 root root 82 Dec 3 22:56 .
drwxr-xr-x. 4 root root 31 Nov 2 1
16 matches
Mail list logo