[Freeipa-users] Re: Issue with Using 3rd part certificates for HTTP/LDAP

On 2/22/20 12:40 AM, dmitriys via FreeIPA-users wrote: When execute ipa-certupdate get this : ipapython.admintool: DEBUG: The ipa-certupdate command failed, exception: KerberosError: No valid Negotiate header in server response ipapython.admintool: ERROR: No valid Negotiate header in server

[Freeipa-users] Re: Issue with Using 3rd part certificates for HTTP/LDAP

When execute ipa-certupdate get this : ipapython.admintool: DEBUG: The ipa-certupdate command failed, exception: KerberosError: No valid Negotiate header in server response ipapython.admintool: ERROR: No valid Negotiate header in server response ipapython.admintool: ERROR: The ipa-certupdate

[Freeipa-users] Re: Issue with Using 3rd part certificates for HTTP/LDAP

On 2/21/20 5:56 PM, dmitriys via FreeIPA-users wrote: Hi! I use freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 on Ubuntu 18.04.4 LTS I installed freeipa-serve in default mode ( ipa-server-install ) Now i try change certificate on Comodo as write in this article

[Freeipa-users] Issue with Using 3rd part certificates for HTTP/LDAP

Hi! I use freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 on Ubuntu 18.04.4 LTS I installed freeipa-serve in default mode ( ipa-server-install ) Now i try change certificate on Comodo as write in this article https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP my steps: 1

[Freeipa-users] Re: disparity between ipa-client-install and ipa host-add

Jay Fenlason via FreeIPA-users wrote: > On Thu, Feb 20, 2020 at 05:19:50PM -0500, Rob Crittenden wrote: >> Jay Fenlason via FreeIPA-users wrote: >>> When attempting to debug another problem with FreeIPA, I noticed >>> something odd: >>> >>> If I have an IPA domain example.com, I can do an

[Freeipa-users] Re: Lost pass to replica's /root/cacert.p12 - can I re-create it? I have present dir manager pass and primary /root/cacert.p12

Morgan Cox via FreeIPA-users wrote: > Thank you for the response Rob! > > Is there anywhere I can see an example command for PKCS12Export ? Right, no man page :/ https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/command-line_tools_guide/pkcs12export > Reason: For

[Freeipa-users] Re: Reissue IPA LDAP cert with SAN

I did exactly that last month (with two servers running on RHEL rather than CentOS) and didn't run into any problems or surprises. -- Sam Morris PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 signature.asc Description: This is a digitally signed

[Freeipa-users] Re: clients not able to login

On Fri, Feb 21, 2020 at 12:32:54PM -, Sunil Phogat via FreeIPA-users wrote: > > On Thu, Feb 20, 2020 at 08:59:01AM -, Sunil via FreeIPA-users wrote: > > > > Hi, > > > > please check > > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html to see how > > to enable debugging in

[Freeipa-users] Re: clients not able to login

> On Thu, Feb 20, 2020 at 08:59:01AM -, Sunil via FreeIPA-users wrote: > > Hi, > > please check > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html to see how > to enable debugging in SSSD. There are also common issues described. > > Since there is a 'permission denied' error, I

[Freeipa-users] Re: Lost pass to replica's /root/cacert.p12 - can I re-create it? I have present dir manager pass and primary /root/cacert.p12

Thank you for the response Rob! Is there anywhere I can see an example command for PKCS12Export ? Reason: For PCI compliance, as we are using self signed certs > Morgan Cox via FreeIPA-users wrote: > > The PKCS12Export command can regenerate it. > > I'm curious though, what are you intending

[Freeipa-users] Netscape Portable Runtime error -5999

Hello, on one of our FreeIPA servers we recently got the following error messages: [05/Feb/2020:22:51:44.078229410 +0100] - ERR - write_function - PR_Write(392) Netscape Portable Runtime error -5999 (Invalid file descriptor.) [21/Feb/2020:08:25:39.507298208 +0100] - ERR - write_function -