[Freeipa-users] Re: Redhat Idm/IPA cross domain trust problems

Am Wed, Jun 09, 2021 at 07:32:49PM - schrieb thing.thing--- via FreeIPA-users: > Hi, > > I have RH's version of freeipa > (ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine. > RHEL8, RHEL7, > Debian10.9, Ubuntu20LTS and Centos7 clients work perfectly OK to IPA OK for >

[Freeipa-users] Re: Join command 500 errors, timeouts

Hi Rob, I have reduced that timeout and will tune it further. Regarding ISE errors, I think we can make the assumption that this is entirely an issue of the web timeouts, I haven't seen any evidence otherwise and will have another attempt at converting nodes tomorrow, and with a keener eye of

[Freeipa-users] Re: CentOS 6 Client installation stuck and don't complete

If no one else has any ideas, RHEL6 / Centos 6 is well obsolete so it maybe its to old for a sssd client to work with new? I suggest do a trail run on a "modern" Linux client version Centos 8.3 by the look of it to prove that everything works OK. Then if no one suggests anything you might

[Freeipa-users] Redhat Idm/IPA cross domain trust problems

Hi, I have RH's version of freeipa (ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine. RHEL8, RHEL7, Debian10.9, Ubuntu20LTS and Centos7 clients work perfectly OK to IPA OK for users in IPA.. For the cross domain trust however only RHEL8 and RHEL7 work. Debian10.9,

[Freeipa-users] Re: Invalid CA chain after ca chain renewal

Rob, thanks, that helped a lot. Would be great if removing the old cert automatically was an option in ipa-cacert-manage! Best, Philipp ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

[Freeipa-users] Re: How to blend IPA server 4.1.4 on F21 with server 4.6.8 on C7?

Bret Wortman via FreeIPA-users wrote: > Looks like we're missing an LDAP connection port? > > [09/Jun/2021:10:02:54][localhost-startStop-1]: LdapBoundConnFactory: init > Property internaldb.ldapconn.port missing value > > Full debug log is at >

[Freeipa-users] Re: Join command 500 errors, timeouts

Alfred Victor wrote: > Hi Rob, > > We did revert to 60s - I seem to remember some ldapsearch timing out > previously but maybe we could still greatly reduce this with no ill > effect. However, we saw no change in join success either way and I have > not changed anything in Apache as I would need

[Freeipa-users] Re: How to blend IPA server 4.1.4 on F21 with server 4.6.8 on C7?

Looks like we're missing an LDAP connection port? [09/Jun/2021:10:02:54][localhost-startStop-1]: LdapBoundConnFactory: init Property internaldb.ldapconn.port missing value Full debug log is at https://gist.github.com/wortmanb/7782c5c0c4318c2aec17f2eea589b567 -- Bret Wortman

[Freeipa-users] AD Trust Types

Quite some time ago I added a trust to another AD domain. IIRC I added an "external trust" for a reason I do not remember. What is the "Non-transitive external trust to a domain in another Active Directory forest" trust type for? Could I not just have added another "Active Directory domain"

[Freeipa-users] Re: How to blend IPA server 4.1.4 on F21 with server 4.6.8 on C7?

My misunderstanding, sorry. This is from the existing CA since that's where I thought the problem would be. Okay, going back and looking at the debug log on the new server to see if it's more revealing. -- Bret Wortman bret.wort...@damascusgrp.com On Tue, Jun 8, 2021, at 2:27 PM, Rob