Mahalo for the quick response. I will review your recommendation.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
On ti, 13 heinä 2021, Angelo Alvarez via FreeIPA-users wrote:
Aloha. If I configure users to authenticate using smart card, is it
possible to disable the user's password, so it can no longer be used
for authentication and does not require updating every 60 days, etc.?
Assuming that the
Aloha. If I configure users to authenticate using smart card, is it possible to
disable the user's password, so it can no longer be used for authentication and
does not require updating every 60 days, etc.?
___
FreeIPA-users mailing list --
Kees Bakker via FreeIPA-users wrote:
> Hi Flo,
>
> Do you have a hint how I can get to the point where I can execute
> the pki securitydomain-host-del command? All examples [2] on the Internet
> are from the time when there was a /root/ca-agent.p12 and ipaCert.
> I think that has been migrated to
# SSSD 2.5.2
The SSSD team is proud to announce the release of version 2.5.2 of the
System Security Services Daemon. The tarball can be downloaded from:
https://github.com/SSSD/sssd/releases/tag/2.5.2
See the full release notes at:
https://sssd.io/release-notes/sssd-2.5.2.html
RPM
Kees Bakker wrote:
> Thanks Flo,
>
> Yes! That's the one.
>
> Anyway, back to ipahealthcheck. How can we improve it so that users
> don't have to struggle
> with pdb in discovering what is actually wrong? ("we" => Rob :-)
>
> Only because I came across the following I was able to see the
It is now time for me to try and follow the suggested pki commands.
However, I don't have a /root/ca-agent.p12
There is quite a bit of documentation on the Internet, but it might not all be
up-to-date.
Here [1] the file /root/ca-agent.p12 is mentioned under "PKI Admin Certificate".
"PKI admin
Hello,
I see the following error in the sssd_nss logs on the IPA server:
[nss] [cache_req_common_get_acct_domain_recv] (0x0080): CR #2: Could not get
account domain [1432158301]: GetAccountDomain() not supported
That seems to be related to the error bellow , which I get when running groups
Thanks Flo,
Yes! That's the one.
Anyway, back to ipahealthcheck. How can we improve it so that users don't have
to struggle
with pdb in discovering what is actually wrong? ("we" => Rob :-)
Only because I came across the following I was able to see the problem using
dsconf.
(Pdb)
The correct search filter must include (objectClass=ldapSubEntry):
ldapsearch -H ldaps://linge.example.com -W -D 'cn=Directory Manager' -b
'o=ipaca' '(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))'
nsds5ReplConflict
HTH,
flo
On Sat, Jul 10, 2021 at 3:20 PM Kees Bakker via FreeIPA-users <
10 matches
Mail list logo