Our users on their local machines (which are enrolled into our domain/realm)
access (mount read/write) our NFS shares as they need with their LDAP accounts.
We are wanting to allow users to use docker containers to mount/access these
same mount/NFS Servers. These containers are short lived so
On 3/11/20 5:01 PM, Alexander Petrenz via FreeIPA-users wrote:
Hi,
I'm new to FreeIPA and I have a conceptual question.
I have an existing PKI-Infrastructure with one root CA and three derived
Sub-CAs.
Now I want to change the PKI-Management to FreeIPA without replacing the
already existing
dmitriys via FreeIPA-users wrote:
> Hi!
> I rebuild my server now I use Centos 8
> I installed freeipa :
> # ipa-server-install
> and try to change self sign certificate on Comodo.
> My steps:
> - get root CA from gogetssl.com
> - ipa-cacert-manage -p password -n ARAX -t C,, install
Hi!
I rebuild my server now I use Centos 8
I installed freeipa :
# ipa-server-install
and try to change self sign certificate on Comodo.
My steps:
- get root CA from gogetssl.com
- ipa-cacert-manage -p password -n ARAX -t C,, install /root/ca.crt
- ipa-certupdate
- ipa-server-certinstall -w -d
Hi,
I'm new to FreeIPA and I have a conceptual question.
I have an existing PKI-Infrastructure with one root CA and three derived
Sub-CAs.
Now I want to change the PKI-Management to FreeIPA without replacing the
already existing Sub-CAs.
My first question is: Is it possible to have more
I have added freeipa users list as well to this thread
On Wed, Mar 11, 2020 at 6:31 PM Rob Crittenden wrote:
> Faraz Younus wrote:
> > Thanks pasted the text instead of screenshots.
>
> This will work. Can you post this to the freeipa-users list?
>
> rob
>
> >
> > First failed then successful
Alexander Bokovoy via FreeIPA-users wrote:
> On ke, 11 maalis 2020, Rob Crittenden wrote:
>> Alexander Bokovoy wrote:
>>> On ke, 11 maalis 2020, Fraser Tweedale via FreeIPA-users wrote:
> Makes me look at this a different way. Perhaps change the certstore to
> only return valid CA certs.
Sad.
https://puppet.com/docs/pe/2019.2/rbac_ldap_intro.html#connect_to_an_external_directory_service
It has
Example Active Directory settings
and
Example OpenLDAP settings
I tried using the OpenLDAP side, but the queries I see in the access logs are
looking for objectClasses like
On ke, 11 maalis 2020, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On ke, 11 maalis 2020, Fraser Tweedale via FreeIPA-users wrote:
Makes me look at this a different way. Perhaps change the certstore to
only return valid CA certs. That way they are stored if anyone ever
wants them but they
Alexander Bokovoy wrote:
> On ke, 11 maalis 2020, Fraser Tweedale via FreeIPA-users wrote:
>>> Makes me look at this a different way. Perhaps change the certstore to
>>> only return valid CA certs. That way they are stored if anyone ever
>>> wants them but they won't get pulled down for
Ok, thanks.
Alexander Bokovoy 於 2020年3月11日 週三 下午3:37 寫道:
> On ke, 11 maalis 2020, Lays Dragon via FreeIPA-users wrote:
> >Just as record: It looks like replica lost dnarange on my two servers
> >somehow,not sure if it is caused by update or it is already happen
> >before.since I notice that via
On Wed, Mar 11, 2020 at 9:12 AM Fraser Tweedale via FreeIPA-users
wrote:
>
> On Wed, Mar 11, 2020 at 09:26:54AM +0200, Alexander Bokovoy wrote:
> > On ke, 11 maalis 2020, Fraser Tweedale via FreeIPA-users wrote:
> > > > Makes me look at this a different way. Perhaps change the certstore to
> > >
On Wed, Mar 11, 2020 at 09:26:54AM +0200, Alexander Bokovoy wrote:
> On ke, 11 maalis 2020, Fraser Tweedale via FreeIPA-users wrote:
> > > Makes me look at this a different way. Perhaps change the certstore to
> > > only return valid CA certs. That way they are stored if anyone ever
> > > wants
On ke, 11 maalis 2020, Lays Dragon via FreeIPA-users wrote:
Just as record: It looks like replica lost dnarange on my two servers
somehow,not sure if it is caused by update or it is already happen
before.since I notice that via trying to add a user after update and
failed with: Allocation of a
On ke, 11 maalis 2020, Fraser Tweedale via FreeIPA-users wrote:
Makes me look at this a different way. Perhaps change the certstore to
only return valid CA certs. That way they are stored if anyone ever
wants them but they won't get pulled down for ipa-certupdate or
ipaclilent-install.
Or to
15 matches
Mail list logo