On Thu, Aug 03, 2017 at 06:09:22AM +1000, Fraser Tweedale wrote:
> On Wed, Aug 02, 2017 at 08:34:59AM -0400, Mark Haney wrote:
> > On 08/02/2017 07:25 AM, Fraser Tweedale wrote:
> > > On Tue, Aug 01, 2017 at 02:55:26PM -0400, Rob Crittenden wrote:
> > > >
> > > > Providing the dogtag debug log
On Wed, Aug 02, 2017 at 08:34:59AM -0400, Mark Haney wrote:
> On 08/02/2017 07:25 AM, Fraser Tweedale wrote:
> > On Tue, Aug 01, 2017 at 02:55:26PM -0400, Rob Crittenden wrote:
> > >
> > > Providing the dogtag debug log might be helpful. The replica install log
> > > shows that the GoDaddy CA
BIND uses the directives “type forward” and “forward first” in its
named.conf file. How can I make use of BIND directives when using ipa
dns? Because it is based on BIND, can I edit named-pkcs11 directly? Tejas
___
FreeIPA-users mailing list --
Hi,
I'm playing around with keycloak and wanted to use an SSL certificate
from IPA. I've looked around but didn't see any howto about using java
keytool with ipa-getcert. Has someone experience with it?
I was not successful adding key/cert created by certmonger into keytool,
and also not
On Wed, Aug 02, 2017 at 11:11:09PM +0200, Jochen Hein via FreeIPA-users wrote:
>
> Hi,
>
> I'm playing around with keycloak and wanted to use an SSL certificate
> from IPA. I've looked around but didn't see any howto about using java
> keytool with ipa-getcert. Has someone experience with it?
>
On 08/02/2017 01:43 AM, Ian Harding wrote:
On 08/01/2017 12:03 PM, Rob Crittenden wrote:
Ian Harding wrote:
On 08/01/2017 07:39 AM, Florence Blanc-Renaud wrote:
On 08/01/2017 03:11 PM, Ian Harding wrote:
On 08/01/2017 01:48 AM, Florence Blanc-Renaud wrote:
On 08/01/2017 01:32 AM, Ian
This may be related to the issue discussed here:
https://lists.fedorahosted.org/archives/list/freeipa-
us...@lists.fedorahosted.org/message/SC7GYMHMJ2DNT6BDDSWG5F4HL252EJOD/
But it seems not to be, layer 8 is still open though.
Using the instructions here
On Wed, Aug 2, 2017 at 12:03 PM, Harald Dunkel via FreeIPA-users
wrote:
> Hi folks,
>
> a small suggestion for the web interface: An option "show all"
> would be nice, e.g. for the list of active users, user groups or
> hosts. Currently it just shows 20
I didn’t specify any ID range. This was all done automagically by setup. I read
a lot of documentation, and I can’t remember that ever been mentioned. We
indeed had NIS at some point, but this is not supported any more by MS, and
FreeIPA should not just presume that we have gidNumber on all
On Thu, Jul 06, 2017 at 02:17:40PM -0400, Rob Crittenden wrote:
> john.bowman--- via FreeIPA-users wrote:
> > Since taking over our FreeIPA environment I've been unable to create a new
> > CA replica. A bunch of failed attempts and upgrades over the last year and
> > I keep running in to
On 08/02/2017 07:25 AM, Fraser Tweedale wrote:
On Tue, Aug 01, 2017 at 02:55:26PM -0400, Rob Crittenden wrote:
Providing the dogtag debug log might be helpful. The replica install log
shows that the GoDaddy CA chain was imported and trusted reasonably
(C,,) but the installer later claims it
I think the path that is triggered first is from the following code:
if new_cert == old_cert:
syslog.syslog(syslog.LOG_INFO, "Updated certificate not available")
# No cert available yet, tell certmonger to wait another 8 hours
return (WAIT_WITH_DELAY, 8 * 60 * 60, '')
Hi,
I have freeipa 4.4 cluster with CN intra.example.com.
We developed intranet on this same domain, but I can't create a valid
certificate for it.
I can't create service, because hostname is required. Is it other way to
sign the CSR?
What is the good practice for creating https certificates?
There is no gidNumber attribute on AD group objects. If I want to apply posix
attributes directly in AD, then I don't need FreeIPA, do I...
https://blogs.technet.microsoft.com/activedirectoryua/2016/02/09/identity-management-for-unix-idmu-is-deprecated-in-windows-server/
It is obvious that
Hi Petr,
On Wed, 2 Aug 2017 12:48:32 +0200
Petr Vobornik via FreeIPA-users wrote:
>
> Hello,
>
> 20 was a hard-coded paging limit. Since FreeIPA 4.5 (not sure if also
> in 4.4) the paging limit can be configured in Web UI under: "Top-right
> corner
Hi folks,
Problem: I have setup freeipa using a bad external CA.
Long story:
I have setup my freeipa servers using
ipa-server-install -n example.com -r EXAMPLE.COM --no-ntp --external-ca
--subject="O=example AG,C=DE" --setup-dns --forwarder=...
on ipa1.example.com. It created a csr, it was
On ke, 02 elo 2017, Igor Sever via FreeIPA-users wrote:
There is no gidNumber attribute on AD group objects. If I want to apply
posix attributes directly in AD, then I don't need FreeIPA, do I...
Okey, but how can I create certificate for domain intra.example.com?
I can't create host, because the hostname is required. When I try to add
service, I got output that principal is required.
Pozdrawiam,
Rafał Wądołowski
On 02/08/17 15:55, Rob Crittenden via FreeIPA-users wrote:
> Rafał
Cross-posted from https://github.com/freeipa/freeipa-container/issues/151
Context: I have one master running in a docker container, with freeIPA
4.2.3.
I'm trying to setup a new replica. I could not using the same docker
container version that runs the master. I've been told to use the latest
Rafał Wądołowski via FreeIPA-users wrote:
> Hi,
>
> I have freeipa 4.4 cluster with CN intra.example.com.
>
> We developed intranet on this same domain, but I can't create a valid
> certificate for it.
>
> I can't create service, because hostname is required. Is it other way to
> sign the CSR?
20 matches
Mail list logo