at 4:58 AM Rob Crittenden wrote:
> HUANG, TONY via FreeIPA-users wrote:
> > Hi,
> >
> > I am trying to achieve user authentication against IdM using user's
> > certificate. User certificate is requested to the built-in CA within IdM
> > and signed by it.
> >
Hi,
I am trying to achieve user authentication against IdM using user's
certificate. User certificate is requested to the built-in CA within IdM
and signed by it.
I am able to download the user's public cert via the web UI, but how can I
download the private key so I can define it in user's
Hi Rob,
Thanks for the reply. This is what I have done so far.
1. Installed my custom container - cn=Multicast,dc=example,dc=com
2. Created a group called x500 -
cn=x500,cn=groups,cn=accounts,dc=example,dc=com
3. Added my account "tony" into the x500 group
4. Created a x500 role
5. Created a
Hi,
I am trying to add ipa migrate-ds as a task using the command or shell
module, but it keeps on erroring out. How should I parse this?
ipa migrate-ds --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
Hello Rob,
I just want to provide feedback that your command worked. I must have done
something wrong initially. I am able to migrate all of the user private
groups over to the new IPA - although it all became regular POSIX groups,
at least I don't have to change permissions for 500+ users.
Hi Rob,
Just curious, does your old-ipa-server have User Private Group disabled or
enabled? Same question goes for your newly migrated IPA server.
I may end up disabling the use of User Private Group on the new server and
default everyone to "ipausers" Group.
I'll see what I can do about
Hi Rob,
I have been starting from scratch. I will check my logs again. My
environment is disconnected from the Internet and I can't easily copy and
paste to the thread. My IPA version is the same going from the old to the
new (4.8 I believe). The reason I had to do IPA to IPA migration is because
Hi Rob,
I've asked Red Hat support, and the support engineer is telling me that it
doesn't support migrating of User Private Group and has pointed me over to
https://bugzilla.redhat.com/show_bug.cgi?id=1261536 The support engineer is
also asking me to create new UPG.
Now my question is if ipa
I didn't get any errors regarding user private groups at all, and the UPGs
didn't even get migrated to become regular POSIX UNIX groups either. They
are just not there, so when I login I see a message complaining that
/usr/bin/id cannot find my group name.
I've tried importing the entire
Rob,
I've tried the command from the website below with the same result.
Furthermore, at the FreeIPA to FreeIPA section it states "The command
doesn't migrate user private groups.", which is very strange, because my
migration becomes more complicated when i have to change group ownership
and
Hi Rob,
Thanks for the reply.
User Private Group didn't get migrated. When I login I see Group number
being a number.
How do I migrate UPG over?
Thanks very much!
Tony
On Mon, Apr 10, 2023, 7:34 AM Rob Crittenden wrote:
> Tony Super via FreeIPA-users wrote:
> > Hello,
> >
> > I am trying
11 matches
Mail list logo
