All good. I worked with duo support last night.
Thanks!
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
This is what I have been following:
https://github.com/gudmmk/howtos/blob/master/duo_authproxy-with-freeipa.md
https://duo.com/docs/authproxy-reference
https://help.duo.com/s/article/2209?language=en_US
https://community.duo.com/t/directory-sync-with-idm/2171/19
Here is the error output.
Hello,
I am trying to find the correct way to get the FreeIPA SSL certificate in pem
format.
So far I have the following commands:
kinit $USER_WITH_ADMIN_PRIVS
ipa ca-show
ipa ca-show --certificate-out=/etc/pki/tls/private/server.key
I don't think this is right. I need this to get the
Found the offending server which had a completely different IP address.
Deleted it anyways. Problem fixed. Thanks!
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
How do I remove it once I find it? I tried stopping sssd and deleting
everything in /var/lib/sss/db/* but it throw the same error when trying to SSH
to the new server.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To
I tried this. I ran into this problem earlier this year but can't remember
what I did to fix it.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora
Where did you run this? On a FreeIPA server? Or the affected server?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
I just ran sss_cache -H and that didn't fix it. Still getting this:
[andrew.meyer@jump01 ~]$ ssh ameyer@10.150.10.130
@@@
@WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
I recently cleaned up a few server in my home lab. Deleted servers that I no
longer needed. However It seems I have a server with an IP address that used
previously. FreeIPA is reporting that it is in
/var/lib/sss/pubconf/known_hosts but I can't reverse engineer the hostname by
doing sshkey
I recently had a server that didn't get added to DNS but was joined to FreeIPA
system. I just went backto fix it. I tried removing the host rebooting and
re-adding it to the FreeIPA system. After doing this new DNS records did not
get added. I went back to manually add the DNS records
Remove the ipv6_disabled=1 line from grub.
On Monday, March 30, 2020, 12:40:08 PM CDT, Rob Crittenden
wrote:
Andrew Meyer via FreeIPA-users wrote:
> I fixed it. Figured it out.
Great! I'm curious, what did you need to do?
thanks
rob
>
> Sent from Yahoo Mail on Android
I fixed it. Figured it out.
Sent from Yahoo Mail on Android
On Fri, Mar 27, 2020 at 8:45 AM, Rob Crittenden wrote:
Andrew Meyer via FreeIPA-users wrote:
> I am building out a new IPA server environment and I am getting the following
> error:
>
> [user@freeipa001 ~]$ sud
So I tried enabling but it doesn't seem like its working.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
I am building out a new IPA server environment and I am getting the following
error:
[user@freeipa001 ~]$ sudo ipa-server-install --setup-dns --setup-kra
--setup-adtrust --auto-reverse --ssh-trust-dns --auto-forwarders
--allow-zone-overlap
IPv6 stack has to be enabled in the kernel and some
I am trying to use the ansible-playbook to install the client on CentOS 8. I
am getting the following error:
TASK [ipaclient : Install - Check if one of password or keytabs are set]
Got it working. Need to refine instructions.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
Hello,
I was trying to search the mailing list before emailing about this but has
anyone set this up
https://archyslife.blogspot.com/2019/01/freeipa-integrating-your-dhcpd-dynamic.html
OR https://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update in
their environment?
In the past I
Glad to know this will be fixed!
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
[andrew.meyer@freeipa01 ~]$ sudo ipactl --ignore-service-failures start
Existing service file detected!
Assuming stale, cleaning and proceeding
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Starting httpd Service
Starting ipa-custodia Service
I am running CentOS 8.x and have updated to the latest version of IPA and
CentOS 8. I rebooted after updating and am now getting the following:
Jan 20 12:55:29 freeipa01 server[7889]: arguments used: stop
Jan 20 12:55:30 freeipa01 systemd[1]: Stopping 389 Directory Server
So since I was using an externally registered domain. The install script
didn't create the SSHFP records. I am still working on delegating DNS to my
FIPA server.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe
Ok I have pointed the domain to my IP address (also setup DDNS with the
registrar). Howevver BIND still fails.
Nov 14 20:46:28 freeipa01.asm.caprica.space named-pkcs11[23802]: starting BIND
9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 (Extended Support Version)
Nov 14 20:46:28
Sure. Give me a bit to gather that.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
I am trying to migrate to CentOS 8 in my home lab. And I have gotten FreeIPA
installed. However I am using caprica.space as my domain name but I don't
think bind/named likes me using that. Is this an issue the version in FreeIPA
or did I do something wrong? I found this out because FreeIPA
Hello I have setup ansible to use install freeipa client on my CentOS 7/8
machines. I am
able to get the packages installed however when it goes through the
configuration I am
getting the following:
TASK [ipaclient : Install - Ensure that IPA client packages are installed]
Would you mind showing me how you have FreeRADIUS setup?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
Does the user have be in both sets of IDMs?
On Thursday, July 25, 2019, 9:52:39 AM CDT, Alexander Bokovoy
wrote:
On to, 25 heinä 2019, Andrew Meyer via FreeIPA-users wrote:
>I have successfully gotten FreeIPA to communicate with MS Windows Server
>2012r2 using Active Driectory.
I have successfully gotten FreeIPA to communicate with MS Windows Server 2012r2
using Active Driectory. I am able to log in to my jump hosts via SSH. However
when I log using a windows user I get the following:
fedora1 :) > ssh james.kirk@meye...@jump01.asm.meyer.local
Password:
Last login:
I think I have emailed about this recently before but is there a way other than
using RADIUS to use a 3rd party 2FA provider (Duo, Authy or RSA) with the
current version of FreeIPA? I know that you could easily add it using 4.0 and
4.1 ( I could be wrong on the version).
If not is that
Excellent thank you!
On Monday, July 22, 2019, 12:01:53 PM CDT, François Cami
wrote:
On Mon, Jul 22, 2019 at 6:51 PM Andrew Meyer via FreeIPA-users
wrote:
>
> [andrew.meyer@freeipa01 ~]$ id james.kirk
> id: james.kirk: no such user
> [andrew.meyer@freeipa01 ~]$ id willia
:
On ma, 22 heinä 2019, Andrew Meyer via FreeIPA-users wrote:
> Once this is done I should be able to do id user.name and get the Active
> Directory user correct?
Resolving users is unrelated to mapping groups.
You should be able to resolve users already.
--
/ Alexander Bokovoy
Sr. Pri
Once this is done I should be able to do id user.name and get the Active
Directory user correct?
On Monday, July 22, 2019, 11:03:10 AM CDT, Alexander Bokovoy
wrote:
On ma, 22 heinä 2019, Andrew Meyer wrote:
>0;47m Getting this:
Number of
entries returned 1[andrew.meyer@freeipa01 ~]$
On Monday, July 22, 2019, 10:26:29 AM CDT, Alexander Bokovoy
wrote:
On ma, 22 heinä 2019, Andrew Meyer via FreeIPA-users wrote:
> He
Hello,I am working on setting up FreeIPA with AD integration and seem to be
running into an issue. Its possible that I am also doing something wrong.
I am setting it up to talk to MS Windows Server 2012r2. Following directions
on https://www.freeipa.org/page/Active_Directory_trust_setup
I
I was hoping to not use a radius server in between.
Sent from Yahoo Mail on Android
On Tue, Jul 9, 2019 at 3:59 PM, Jochen Hein wrote:
Andrew Meyer via FreeIPA-users
writes:
> I am trying to research how to add other 2FA providers to FreeIPA.
> Has anyone added Duo or somethin
I am trying to research how to add other 2FA providers to FreeIPA. Has anyone
added Duo or something else to FreeIPA/IPA in the most recent versions?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
I want to map my freeipa users to local users on a particular server. I have
read a few sites that say to do sss_override. However I am running into a
problem:
[andrew.meyer@server01 ~]$ sudo sss_override user-add andrew.meyer -n ameyer
Other than LOCAL view already exists in domain
Currently in my environment I have 6 servers 2 in my local office and 2 in each
region in AWS. The AWS servers are all running CentOS 7.x with FreeIPA 4.5.x
running on all 6. The AWS servers are all t2.medium w/ unlimited turned on.
Occasionally we issues with all 6 where one of the
Please disregard for now. I compared it to another server and found that
dir...@example.net is incorrect.
On Friday, November 16, 2018 2:46 PM, Andrew Meyer via FreeIPA-users
wrote:
I just noticed that I have 2 dirsrv systemctl units as well.
See below:
[root@freeipa02 slapd
389 Directory
Server[root@freeipa02 slapd-EXAMPLE-NET]#
On Friday, November 16, 2018 2:40 PM, Andrew Meyer via FreeIPA-users
wrote:
We have 2 servers in our AWS west environment running CentOS 7. The server
just went unresponsive and I rebooted it. After it came back up
We have 2 servers in our AWS west environment running CentOS 7. The server
just went unresponsive and I rebooted it. After it came back up it won't start
drisrv service. I get the following errors from systemd/journalctl:
[root@freeipa02 slapd-EXAMPLE-NET]# systemctl status dir...@example.net
I have this working w/o HBAC rules and not using OTP.
On Friday, November 16, 2018 8:21 AM, Eric via FreeIPA-users
wrote:
Any luck yet, Kevin? No luck here yet.
On Fri, Nov 9, 2018 at 10:56 PM, Kevin Vasko wrote: I’m
following this because I’m having same issue. Since the
I also had to extend the schema. I'm not in front of my instructions right now.
Sent from Yahoo Mail on Android
On Mon, Nov 12, 2018 at 12:27, Rob Crittenden via
FreeIPA-users wrote: Joyce Babu via
FreeIPA-users wrote:
> I am trying to setup PWM for allowing users to reset their
I just did this. I setup the pwm users under the normal account setup.
Sent from Yahoo Mail on Android
On Sat, Nov 10, 2018 at 10:57, Joyce Babu via
FreeIPA-users wrote: I am trying to
setup PWM for allowing users to reset their password. I found the following
guide on setting up PWM
I remember entering a ldap command that would show me the forwaders of all the
servers. However ipa dnsserver-find gave me exactly what I wanted.
On Wednesday, October 31, 2018 9:15 AM, Andrew Meyer via FreeIPA-users
wrote:
Please disregard.
On Wednesday, October 31, 2018 9:04
Please disregard.
On Wednesday, October 31, 2018 9:04 AM, Andrew Meyer via FreeIPA-users
wrote:
I have configured DNS forwarders in each of my FreeIPA servers. However I
want to be able to go back and verify they are there. I can't remember how to
get that information. I am
I have configured DNS forwarders in each of my FreeIPA servers. However I want
to be able to go back and verify they are there. I can't remember how to get
that information. I am running CentOS 7 latest with FreeIPA version 4.5.0. I
want to say there is an LDAP command I found.
This is not
Hello,I am working on getting pwm setup with FreeIPA. However I'm running into
some issues. I have it pretty much configured but I am getting error in the
logs for pwm.
Sep 4 11:09:21 pwm01 server: 2018-09-04T11:09:21Z, ERROR,
cluster.ClusterMachine, 5093 ERROR_CLUSTER_SERVICE_ERROR (error
So we are starting the final phase of our migration and I am trying to add all
the users to FreeIPA. But i'm getting an error and i'm not sure why. I've
also never gotten this in the past when adding users.
[root@freeipa01 ~]# ipa user-add user.name --first=User --last=name --email
Meyer via FreeIPA-users
wrote:
Has anyone setup the self service password module?I have it setup and working
on tomcat on a seperate server.
If so I have a few questions:
1) did you install this on the freeipa main server or another server?
2) Did you have allow anonymous searching for pwm? I
Has anyone setup the self service password module?I have it setup and working
on tomcat on a seperate server.
If so I have a few questions:
1) did you install this on the freeipa main server or another server?
2) Did you have allow anonymous searching for pwm? I have a user account
setup for
Meyer via FreeIPA-users wrote:
> So I decided to rebuild my setup at home. I am running this on CentOS 7
> latest and have gotten the server working just fine. I am trying to
> setup a client server and getting the following:
>
> [ameyer@jump01 vmware-tools-distrib]$ sudo ipa
So I decided to rebuild my setup at home. I am running this on CentOS 7 latest
and have gotten the server working just fine. I am trying to setup a client
server and getting the following:
[ameyer@jump01 vmware-tools-distrib]$ sudo ipa-client-install [sudo] password
for ameyer: DNS discovery
to trust the IPA CA.
rob
>
>
> On Monday, August 20, 2018 3:26 PM, Rob Crittenden via FreeIPA-users
> wrote:
>
>
> Andrew Meyer via FreeIPA-users wrote:
>> Hello,
>> I'm having some difficulty accessing the API. Following the directions
>> shown h
:
Andrew Meyer via FreeIPA-users wrote:
> Hello,
> I'm having some difficulty accessing the API. Following the directions
> shown here:
>
> Far away to be identical
> <https://vda.li/en/docs/freeipa-management-in-a-nutshell/>
>
>
>
>
>
Hello,I'm having some difficulty accessing the API. Following the directions
shown here:
Far away to be identical
|
| |
Far away to be identical
Identity management chaos or a development of a fun | |
|
I am trying to use the following curl commands:curl -kv -H
I know this is an old thread, but there are no changes to FreeIPA that
cnmonitor might conflict with are there?
On Thursday, February 1, 2018 1:34 PM, Rob Crittenden via FreeIPA-users
wrote:
Alex Corcoles via FreeIPA-users wrote:
> On Thu, Feb 1, 2018 at 5:25 PM, Jochen Hein
Is it possible to have a per server zone forwarder in /etc/named.conf and NOT
break replication?___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code
So I've had my FreeIPA setup for about 6 months now at my company. As of
recently i'm seeing some issues where if I try to dig against the servers I get
nothing back. I do not have a global forwarder setup because it should
automatically go outbound if its not in its own table, correct?
This
Thanks for the clarification!
On Thursday, June 7, 2018 2:32 PM, Jochen Hein via FreeIPA-users
wrote:
Rob Crittenden via FreeIPA-users
writes:
> I don't know where Keycloak upstream is.
Look at http://www.keycloak.org
Jochen
--
This space is intentionally left blank.
what is the difference between keycloak and freeipa?
Is there a free version of this? Is that what ipsilon is? If not is there a
repo for this?___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
Not sure if this is the right place for support w/ ipsilon. But I got it
installed and I'm able to browse the to website and login now. However when I
go to the login stack there are some button to the right of the login plugins,
and they say that's it. What does that mean? Also I've
What about on CentOS 7?
On Tuesday, May 22, 2018 5:08 AM, Jan Pazdziora via FreeIPA-users
wrote:
On Thu, May 17, 2018 at 10:53:13PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
> On to, 17 touko 2018, Andrew Meyer wrote:
> > So I followed the
In my current freeipa setup when I go in to the dns zone I see the
authoritative name server is incorrect. When I removed the server shouldn't it
have changed it?
Also when I go look at the bind config in
/var/named/dyndb-ldap/master/example.net/raw the SOA line shows the correct
server.
-dev.example.local/idp/login/gssapi/negotiate?ipsilon_transaction_id=94fe5ec3-1608-4977-840a-8b186f4eee28
On Thursday, May 17, 2018 2:25 PM, Alexander Bokovoy via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
On to, 17 touko 2018, Andrew Meyer via FreeIPA-users wrote:
>H
Has anyone installed this on their prod FreeIPA installation? I need to hook
FreeIPA into some other auth systems that don't support LDAP.___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
My company is wanting to use FreeIPA for everything. However we also utilize
other external services that have their own auth system but can support oauth,
or gsuite/facebook etc etc. Is this possible w/ FreeIPA?
Also,Searching through google I found this - Ipsilon. Would you recommend I
use
Ok. I will check this out.
Thank you!
On Monday, May 14, 2018 10:59 AM, Alexander Bokovoy via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
On ma, 14 touko 2018, Andrew Meyer via FreeIPA-users wrote:
>Hello,I am trying to add a new user to another group. T
Hello,I am trying to add a new user to another group. This group was setup for
another user. When I create the user is seems to do the same thing as when I
create them on a local system. I get a User and a group for the user as well.
However when I go to add another user to that newly
/named/dyndb-ldap/ipa/master/zone.net/ and try to cat the raw file and its
not there... I did a ipa-replica-manage re-initialize thinking that would
bring it over and it didn't.
BTW,This is CentOS 7.4 and FreeIPA 4.5.x.
Thank you!
On Friday, May 11, 2018 8:27 AM, Andrew Meyer via FreeIPA
On one of my FreeIPA servers I have an A record that points to the correct IP
in the web ui, but when I go look at the raw file in
/var/named/dyndb-ldap/ipa/master/zone.net/raw it is incorrect. I have done a
kinit admin, and then ipa-replica-manage re-initialize --from
So in my logs on I am getting the following:
-23-Apr-2018 01:25:20.041 clients-per-query decreased to 14
I have not seen this on any other DNS server I have come across. IS this normal
fro FreeIPA? Can the limits be increased by default?___
I seem to have 1 server that constantly gets out of sync with the other 3
servers. Currently I am getting this error when I try to add a user:Server is
unwilling to perform: Managed Entry Plugin rejected add operation (see errors
log).
I am trying to find the log files and figure out what I
Rob, For this are you referring to the search limit size?
On Friday, April 6, 2018 9:29 AM, Rob Crittenden via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
Andrew Meyer via FreeIPA-users wrote:
> So I'm having an issue with sudo policies where I have about ~200
&
Yes, but what about adding the hostgroup to the sudo policy? Do I still need
to add the netgroup instead?
On Wednesday, April 18, 2018 10:17 AM, Rob Crittenden via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
Andrew Meyer via FreeIPA-users wrote:
> Hello,
>
Hello, I have been doing a lot of research on trying to get host groups to work
with sudoers policies. However I'm finding that this can't be done and the
only achieved by using netgroups. Is this true? I just would like some
validation/confirmation before I go to far down the rabbit
I am trying to modify the TTL for records in my zone. When I try to do this I
am getting the following error:
[gatewayblend@freeipa01-dev ~]$ ipa dnsrecord-mod gatewayblend.local.
andrew-test.stl1 --ttl=300No option to modify specific record provided.Current
DNS record contents:
SSHFP record:
A while ago I removed my original 2 FreeIPA server after adding 4 new ones.
However in the DNS zone for my FreeIPA server in the authoritative nameserver
entry I still have the original nameserver. Should this have been changed when
I removed it? Does this have to be changed manually?
Another issue i'm having is that we have DNS setup with split horizon/views in
R53. We want to be able to get a copy of the internal zone from R53 from my
local FIPA servers. Is this possible? I have zone forwards setup in FIPA so
that if you are up in AWS VPC you can query R53. However I
So I'm having an issue with sudo policies where I have about ~200 commands in
my sudoers, I added those commands to a group and I got an error in the WebUI:
Search result has been truncated: Configured size limit exceeded
Also when I run the ipa sudocmdgroup-show I don't see all the commands.
2118.44 76.063
freeipa03.stl1. 10.1.6.250 3 u 51 64 37 33.218 2922.96
19.715*LOCAL(0) .LOCL. 5 l 57 64 37 0.000 0.000
0.000
On Tuesday, April 3, 2018 1:27 PM, Andrew Meyer via FreeIPA-users
<freeipa-users@lists.fedorahosted.org>
This is a mix of VMware VMs an AWS instances. All CentOS 7.
On Tuesday, April 3, 2018 1:04 PM, Rob Crittenden <rcrit...@redhat.com>
wrote:
Andrew Meyer via FreeIPA-users wrote:
> I need some clarification on this. I have my FreeIPA server in
> talking. NTP is working.
I need some clarification on this. I have my FreeIPA server in talking. NTP
is working. However Some servers are getting ntp drift. If I go into
/etc/ntp.conf I see that at the bottom FreeIPA adds server at the bottom of the
file.
### Added by IPA Installer ###server 127.127.1.0 iburstfudge
So today I come in to work and find that one of my FreeIPA servers isn't
synching with the rest of the cluster. I have a policy set to to go in a big
square. I tried doing a ipa-replica-manage force-sync --verbose and then tried
doing a re-initialize. I have the networks wide open to allow
I need some help with this. I am working with FreeIPA runnning on CentOS 7.4
verssion 4.5.0-22. I have 2 servers in my AWS VPC and 2 servers at my local
office.
For some reason I am not seeing replication happen (over ldaps?) from 1 server
in my local office to the two servers up there.
AWS
So for some reason yesterday my replication broke. Checked out the logs and
found this:Mar 20 14:16:02 freeipa01 systemd: ipa-dnskeysyncd.service: main
process exited, code=exited, status=1/FAILUREMar 20 14:16:02 freeipa01 systemd:
Unit ipa-dnskeysyncd.service entered failed state.Mar 20
While doing some troubleshooting on replication I found that I have an old
server in my replica list-ruvs. How would I go about removing that?___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
So I made the changes to the SecurityGroup in AWS and my local FreeIPA servers
can't talk up. I suspect this is something on the AWS side. :-(
On Tuesday, March 20, 2018 9:17 AM, Andrew Meyer via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
Thank you sir! I will
I have FreeIPA setup on CentOS 7 in AWS. However we are looking to lock down
communication over our VPN tunnel. Trying to do some research to see what
ports I need. I've gotten most of them, 80,443,88,464,389,636,123. I have it
setup to allow UDP/TCP for both sides. However in the amazon
Thanks for the response, I don't think we will be issuing SSL certs from
FreeIPA to systems in AWS running Amazon Linux 2.
On Monday, March 12, 2018 10:54 AM, Rob Crittenden via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
Andrew Meyer via FreeIPA-users wrote:
&g
I have emailed in previously fro issues w/ Amazon Linux 2 as a replica server
but I am wondering If I can use Amazon Linux 2 as a client machine to FreeIPA.
Will I run into the same issues with SSL (NSS vs OpenSSL) that I did with the
replica?
Thank
I am trying to follow HowTo/Remove replica in a managed topology - FreeIPA to
remove replica servers correctly. However when I do this I am running into an
error:
[andrew.meyer@infra-test-ipa ~]$ ipa topologysegment-delSuffix name:
domainSegment name:
I have a few more questions regarding joining client machines to the domain.
If I manually specify a FreeIPA server when joining the client to it, can I go
back and add the _srv_ to the line in /etc/sssd/sssd.conf ? Will doing that
work just like if I did autodiscover?
Can I specify more than 1
Meyer via FreeIPA-users wrote:
> I am trying to add another client in my main location and getting the
> following information:
> [user@freeipa01 ipa]$ sudo ipa-client-install --domain=stl1.example.net
> --realm=stl1.example.net --mkhomedir --enable-dns-updates
> Skip infra-test
I am trying to add another client in my main location and getting the following
information:[user@freeipa01 ipa]$ sudo ipa-client-install
--domain=stl1.example.net --realm=stl1.example.net --mkhomedir
--enable-dns-updatesSkip infra-test-ipa.example.net.stl1.example.net: LDAP
server is not
unt of grief.
rob
>
>
> On Tuesday, March 6, 2018 1:02 PM, Rob Crittenden via FreeIPA-users
> <freeipa-users@lists.fedorahosted.org> wrote:
>
>
> Andrew Meyer via FreeIPA-users wrote:
>> After getting the feedback previously from the mailing list (thank you
>
6, 2018 1:02 PM, Rob Crittenden via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
Andrew Meyer via FreeIPA-users wrote:
> After getting the feedback previously from the mailing list (thank you
> for all your help) I have deployed a CentOS 7 image in AWS. I was able
I think I figured out my problem. I think its the Amazon Linux replica.
named-pkcs11 keeps dying which is causing my issues.
On Monday, March 5, 2018 3:40 PM, Andrew Meyer via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
After getting the feedback previousl
After getting the feedback previously from the mailing list (thank you for all
your help) I have deployed a CentOS 7 image in AWS. I was able to add teh
client machine to the FreeIPA domain. The CentOS 7 instance is a t2.medium
which is a 2 proc by 4GB RAM. But when I go to promote it I get
ers@lists.fedorahosted.org> wrote:
On ma, 05 maalis 2018, Andrew Meyer via FreeIPA-users wrote:
>When reading about monitoring replication I see that I can get this
>setup using --setup-snmp, however on CentOS 7.x (latest) I don't have
>that option. Is it not in 4.5.0?
Can you point to your sourc
1 - 100 of 183 matches
Mail list logo