Ok. It seems that /etc/sudoers has "Defaults " rule where I had no
such rule in IPA. so after creating it seems secure_path is working
now
вт, 3 сент. 2024 г. в 19:34, Alexander Bokovoy :
>
> On Аўт, 03 вер 2024, alexey safonov via FreeIPA-users wrote:
> >Hi,
> >
Hi,
I've checked all related output in Google search and this mailing
list, but still have no answer to a question, why secure_path option
is ignored by IPA?
here is what I have in IPA
Sudo Option: !requiretty, !authenticate,
secure_path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/s
Hi,
I'm not sure if it's related to freeipa or not, but we have home
users, who are using forticlient VPN. And everytime they are connected
forti generates new ifname with name like vpn0086432eee /
vpn0001d1e094 /etc.
Would it be possible to change sssd to use dyndns_ifname with
wildcard? like vp
Got it. thanks. Would it be possible to use for KDS self-signed
certificate, while for dirsrv/http normal certificate signed by public
CA?
пн, 19 июн. 2023 г. в 14:46, Florence Blanc-Renaud :
>
> Hi,
>
>
> On Sun, Jun 18, 2023 at 3:47 AM alexey safonov via FreeIPA-users
> wro
I'm just surprised than, how other replicas has PKINIT?
пт, 16 июн. 2023 г. в 23:07, Rob Crittenden :
>
> alexey safonov via FreeIPA-users wrote:
> > Hi, I've a FreeIPA setup 4.10.1 (that's a long-living setup that was
> > upgraded many times). It is CA-less
Hi, I've a FreeIPA setup 4.10.1 (that's a long-living setup that was
upgraded many times). It is CA-less setup (Inititally we had CA, but
than it was removed). So now 4 of my servers are saying that PKINIT
is enabled and one server is saying "disabled".
I tried to re-install replica, but it says
Works now. thanks
пт, 19 мая 2023 г. в 15:13, Alexander Bokovoy :
>
> On Fri, 19 May 2023, alexey safonov via FreeIPA-users wrote:
> >After upgrading to RHEL 9.2 it seems I must enable SID in my prod setup.
> >
> >So when I tried I'm getting an error message
> >
After upgrading to RHEL 9.2 it seems I must enable SID in my prod setup.
So when I tried I'm getting an error message
[18/May/2023:23:09:46.570447195 +0800] - ERR - get_ranges - [file
ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range
struct.
[18/May/2023:23:09:46.571579606 +08
That is definitely an issue with 9.2 as I had 9.1 before with no problem at all
пн, 15 мая 2023 г. в 20:08, Sam Morris via FreeIPA-users
:
>
> On Mon, May 15, 2023 at 09:28:22AM +0300, Alexander Bokovoy via FreeIPA-users
> wrote:
> > On su, 14 touko 2023, Sam Morris wrote:
> > > On Fri, May 12, 2
gt; - 2032806 - Error replacing a replica with CentOS Stream 9
> The fix requires an update of both pki and ipa packages.
>
> flo
>
> On Mon, Feb 6, 2023 at 4:21 AM alexey safonov via FreeIPA-users
> wrote:
>>
>> I have 5 servers on CentOS 8 stream, and while trying to
placing a replica with CentOS Stream 9
> The fix requires an update of both pki and ipa packages.
>
> flo
>
> On Mon, Feb 6, 2023 at 4:21 AM alexey safonov via FreeIPA-users
> wrote:
>>
>> I have 5 servers on CentOS 8 stream, and while trying to update to
>> Rocky
oth pki and ipa packages.
>
> flo
>
> On Mon, Feb 6, 2023 at 4:21 AM alexey safonov via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>> I have 5 servers on CentOS 8 stream, and while trying to update to
>> Rocky 9.1 I found that re-creating new re
I have 5 servers on CentOS 8 stream, and while trying to update to
Rocky 9.1 I found that re-creating new replicas only with one server
it is successful. And the others provide an error
It fails with this error (full log attached):
[22/29]: Importing RA key
Error storing key "keys/ra/ipaCert": C
13 matches
Mail list logo