On Wed, Dec 05, 2018 at 11:37:36AM -0500, Christopher Young wrote:
> Ok. (Again, I apologize for all the previous messages).
>
> I found the record after JUST starting up the directory on my 'ipa02'
> system (the one with the pki-tomcat starting issues). I exported out
> a LDIF and imported that
74cmonty via FreeIPA-users wrote:
> I was instructed to delete the existing cert before executing
> ipa-pkinit-manage enable.
>
> And I have provided the output of getcert in an earlier response.
> I was told that this cert is incomplete/incorrect.
Again, no context :-(
Yes, I asked for the CUR
I was instructed to delete the existing cert before executing
ipa-pkinit-manage enable.
And I have provided the output of getcert in an earlier response.
I was told that this cert is incomplete/incorrect.
___
FreeIPA-users mailing list -- freeipa-users@
74cmonty via FreeIPA-users wrote:
> I have installed freeipa-server-common=4.7.0, so I don't understand the
> relation to an issue that should be fixed with 4.6.0.
You never did say before which version you were using...
> I have no restarted command ipa-pkinit-manage enable after opening port 8
In my opinion this issue is related to this bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1493531
Based on this I would consider to open another bug report.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe s
I have installed freeipa-server-common=4.7.0, so I don't understand the
relation to an issue that should be fixed with 4.6.0.
I have no restarted command ipa-pkinit-manage enable after opening port 8443 on
both, master and replica server.
In my opinion the root cause is different.
According to
> On 5 Dec 2018, at 19:01, Rob Crittenden via FreeIPA-users
> wrote:
>
> Ivars Strazdiņš via FreeIPA-users wrote:
>>
>>
>>> On 5 Dec 2018, at 14:47, Rob Crittenden wrote:
>>>
>>> Ivars Strazdiņš via FreeIPA-users wrote:
Hi,
just upgraded Centos to 7.6 and got FreeIPA upgraded to 4
Thank you so much! That appears to have worked!
-
[root@orldc-prod-ipa01 alias]# getcert list | grep
'pki-tomcat.*Server-Cert cert-pki-ca' -A10 -B3
Request ID '20181008203713':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alia
Ivars Strazdiņš via FreeIPA-users wrote:
>
>
>> On 5 Dec 2018, at 14:47, Rob Crittenden wrote:
>>
>> Ivars Strazdiņš via FreeIPA-users wrote:
>>> Hi,
>>> just upgraded Centos to 7.6 and got FreeIPA upgraded to 4.6.4.
>>>
>>> Now command "ipa user-show —all” does not return
>>> “krbpasswordexpi
Christopher Young wrote:
> Another thing I notice that confuses me... (see attached)
Yes. There are multiple services running on the same machine each with
their own private key.
> Is it normal to have this many certificate with the same Subject for
> an IPA server? I'm wondering if somewhere al
Ok. (Again, I apologize for all the previous messages).
I found the record after JUST starting up the directory on my 'ipa02'
system (the one with the pki-tomcat starting issues). I exported out
a LDIF and imported that into the 'ipa01' system. LDAP queries now
find the record. I do notice tha
Ugh. I'm sorry for spamming the list (not in my nature). I see that
I must have typo'ed the query. Let me get my head straight and I'll
update this. Again, I really apologize.
On Wed, Dec 5, 2018 at 10:48 AM Christopher Young wrote:
>
> Actually, I just noticed something with the 'serialno' at
Actually, I just noticed something with the 'serialno' attribute here.
It seems to not match the cn. That's very odd. I'm considering
just trying to manually change that and see what happens. Any
thoughts on that?
On Wed, Dec 5, 2018 at 10:41 AM Christopher Young wrote:
>
> AND... it looks
AND... it looks like I'll be changing my directory password after
this! LOL Ugh.
When you are in a hurry.
On Wed, Dec 5, 2018 at 10:39 AM Christopher Young wrote:
>
> Thanks again for the response! So, this is interesting. an
> ldapsearch actually does find a record, yet if I use something li
Thanks again for the response! So, this is interesting. an
ldapsearch actually does find a record, yet if I use something like
Apache Directory Studio to try and look at it, it doesn't show up.
[root@orldc-prod-ipa01 alias]# ldapsearch -h localhost -p 389 -D
'cn=Directory Manager' -w "B\$an
Please do not drop the public mailing list.
On ke, 05 joulu 2018, tarak sinha wrote:
Hi Alexander,
We recently build new IPA servers in our DC, new IPA server realm name will
be IPA.EXAMPLE.COM and old IPA realm was EXAMPLE.COM.
If you see only one user impacted to do SSO on this host rest of
Winfried de Heiden via FreeIPA-users wrote:
> Hi all,
>
> Awsome! OK, cannot user "ipaservers" hostgroup, but creating a new one
> wil work!
>
> Thanks a lot!
>
>
> Create a new hostgroup and used that one for the sudorule:
>
> [admin@freeipa1 ~]$ ipa sudorule-show sudo_freeipa_admins
> Rule
Hi all,
Awsome! OK, cannot user "ipaservers" hostgroup, but creating a new one
wil work!
Thanks a lot!
Create a new hostgroup and used that one for the sudorule:
[admin@freeipa1 ~]$ ipa sudorule-show sudo_freeipa_admins
Rule name: sudo_freeipa_admins
Enabled: TRUE
Command category: al
On ke, 05 joulu 2018, tarak sinha wrote:
user not working
[aalev...@deploy1.ops ~]$ kvno host/mstageegw3.example.com
kvno: Server not found in Kerberos database while getting credentials for
host/mstageegw3.example@example.com
[aalev...@deploy1.ops ~]$
*Working user on same host*
tsi...@de
Hi guys, thanks for your input here. Phones these days have very accurate time
on account of the demands of TDMA, so it never struck me that the phone could
be “out of sync”. Rather, there may be some TZ quirk that a single sync would
have cured the very first time I tried it and never knew to d
On ke, 05 joulu 2018, Robert Byrne via FreeIPA-users wrote:
Hi,
A belated thanks for the reply and I seem to have solved the problem. The cause
might have been obvious to others, but I will describe it here briefly in case
it helps others:
- We have a FreeIPA server and this exports a number
On Tue, 2018-12-04 at 09:43 +0100, Florence Blanc-Renaud via FreeIPA-
users wrote:
> On 12/3/18 6:10 PM, Brian Topping via FreeIPA-users wrote:
> > Hi all, I have a question about TOTP authenticators (Google Authenticator,
> > Authy, FreeOTP):
> >
> > Why is it that a given URL/QRCode can load in
> On 5 Dec 2018, at 14:47, Rob Crittenden wrote:
>
> Ivars Strazdiņš via FreeIPA-users wrote:
>> Hi,
>> just upgraded Centos to 7.6 and got FreeIPA upgraded to 4.6.4.
>>
>> Now command "ipa user-show —all” does not return
>> “krbpasswordexpiration” field anymore.
>> Is there another simple w
Hi,
A belated thanks for the reply and I seem to have solved the problem. The cause
might have been obvious to others, but I will describe it here briefly in case
it helps others:
- We have a FreeIPA server and this exports a number of directories by Samba.
FreeIPA was setup as described above
Ivars Strazdiņš via FreeIPA-users wrote:
> Hi,
> just upgraded Centos to 7.6 and got FreeIPA upgraded to 4.6.4.
>
> Now command "ipa user-show —all” does not return
> “krbpasswordexpiration” field anymore.
> Is there another simple way to find out when user's password expires? We kind
> of reli
Winfried de Heiden via FreeIPA-users wrote:
> Hi all,
>
> On a brand new install, sudo for hostgroup seems not to work. Ik create
> a sudo rule for admins, only to to "averything" on all servers within
> the hostgroup "ipaservers":
>
> Rule name: s3_sudo_freeipa_admins
> Enabled: TRUE
> Com
Hi,
just upgraded Centos to 7.6 and got FreeIPA upgraded to 4.6.4.
Now command "ipa user-show —all” does not return
“krbpasswordexpiration” field anymore.
Is there another simple way to find out when user's password expires? We kind
of relied on this to warn them in advance.
We could possibly
Hi all,
On a brand new install, sudo for hostgroup seems not to work. Ik create
a sudo rule for admins, only to to "averything" on all servers within
the hostgroup "ipaservers":
Rule name: s3_sudo_freeipa_admins
Enabled: TRUE
Command category: all
RunAs User category: all
RunAs Group ca
Thanks, I'll check it out.
On Wed, Dec 5, 2018, 5:19 PM Alexander Bokovoy On ke, 05 joulu 2018, tarak sinha wrote:
> >Yes, I can. thanks alex for your help. Let me know what needs to be done.
> >
> >[r...@deploy1.ops tsinha]# kvno -S host mstageegw3.example.com
> >kvno: invalid option -- S
> >usa
On ke, 05 joulu 2018, tarak sinha wrote:
Yes, I can. thanks alex for your help. Let me know what needs to be done.
[r...@deploy1.ops tsinha]# kvno -S host mstageegw3.example.com
kvno: invalid option -- S
usage: kvno [-4 | [-c ccache] [-e etype] [-k keytab]] service1 service2 ...
[r...@deploy1.op
Yes, I can. thanks alex for your help. Let me know what needs to be done.
[r...@deploy1.ops tsinha]# kvno -S host mstageegw3.example.com
kvno: invalid option -- S
usage: kvno [-4 | [-c ccache] [-e etype] [-k keytab]] service1 service2 ...
[r...@deploy1.ops tsinha]#
On Wed, Dec 5, 2018 at 4:28 PM
On ke, 05 joulu 2018, tarak sinha via FreeIPA-users wrote:
Hi Guys,
I am having issue to ssh with one host with SSO, all the users are able to
ssh without asking password but only my userid having issue with asking
password, I have tried to do kdestroy and did kinit again with userid along
with
Hello All,
thanks for the replie, I really appreciate it.
I will try with the package from snapshot.debian.org.
greetings, J.
Op zo 2 dec. 2018 om 10:43 schreef Timo Aaltonen :
> On 30.11.2018 18.28, Johan Vermeulen via FreeIPA-users wrote:
> > Hello All,
> >
> > first of all, we have great su
Hi Guys,
I am having issue to ssh with one host with SSO, all the users are able to
ssh without asking password but only my userid having issue with asking
password, I have tried to do kdestroy and did kinit again with userid along
with REALM but did not work. if you have any suggestions please le
On 12/4/18 9:55 PM, Marc Wiatrowski via FreeIPA-users wrote:
I'm trying to migrate a CentOS 6 IPA setup to CentOS 7. Both are fully
updated CentOS 6.10 (ipa-server-3.0.0-51) and CentOS 7.6
(ipa-server-4.6.4-10)
I've been following:
https://access.redhat.com/documentation/en-us/red_hat_enterp
35 matches
Mail list logo