I figured it out, everything actually works out of the box.
This script should get things going:
#!/bin/bash
# This script presumes a RL 8.4+ "Minimal Install" ready machine which has been
prepped
# for OTP install in IPA. Also, /export is the dir/volume being exported as NFS.
dnf upgrade -y
Hi
I'm trying very hard to find resources for how to set up ACLs on NFS with IdM
provided identities.
Things work fine with local users and groups, but the translation service
(idmapd?) is causing me trouble.
For reference, I'm running Rocky Linux 8.9 (equivalent to RHEL 8.9).
--
I just went to check on one of my replicas, and noticed that the IPA web server
seems to use a lot of CPU:
From htop:
PID USER PRI NI VIRT RES SHR S CPU%â–½MEM% TIME+ Command
507664 ipaapi 20 0 1353M 459M 16656 S 100.8 0.2 24h15:19 (wsgi:ipa)
-DFOREGROUND
Update!
Our organisation has four IPA servers. I tried to edit /etc/ipa/default.conf,
to point at a different one. Server two didn't work either, but server three
did!
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To
I don't get very far. Step one is non-existant, I never get the AS_REQ, even
going back several days in the log.
For step two, I get:
Mar 13 10:51:29 idm0.example.local krb5kdc[1704](info): TGS_REQ (6 etypes
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
Just updated the machine to newest Rocky Linux 8.9 and rebooted, problem
persists...
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of
root@naughtyhost:~# ipa host-show --all --raw naughtyhost|grep -i canon
krbcanonicalname: host/naughtyhost.example.local@EXAMPLE.LOCAL
Looks like that part is in order...? Does the capitalization matter?
--
___
FreeIPA-users mailing list --
I'm having a weird one. This has worked well on a number of other, identical
hosts, but one is repeatedly giving me trouble:
root@naughtyhost:~# ipa-getcert request -f /etc/pki/tls/certs/xrdp.pem -k
/etc/pki/tls/private/xrdp.key -r -w -v
New signing request "20240312125107" added.
State
I'm rolling out some servers providing a graphical desktop, and everything is
fine except this: our desktop software of choice is XRDP which needs a
certificate. It ships with a self-signed one, but that gives warnings on the
clients, so I'd much rather go with a FreeIPA managed one.
So after
I'm generating certificates for a bunch of not-enrolled,
not-certmonger-feasible services (our printer, for example) and I'd like a
little longer life cycle than the standard two years. I can't for the life
of me figure out where I can set that.
Thanks in advance.
We have a workflow where we sometimes reinstall enrolled hosts. The role of the
host does not change, IP, hostname etc. stay unchanged.
Our current workflow is to enter the GUI, select unprovision, set a one time
password, and then enroll the freshly installed host.
Do command line tools exist
11 matches
Mail list logo