On to, 03 elo 2017, Igor Sever via FreeIPA-users wrote:
I didn’t specify any ID range. This was all done automagically by
setup. I read a lot of documentation, and I can’t remember that ever
been mentioned. We indeed had NIS at some point, but this is not
supported any more by MS, and FreeIPA
On 08/02/2017 11:51 PM, Ian Harding via FreeIPA-users wrote:
On 08/02/2017 12:11 AM, Florence Blanc-Renaud wrote:
On 08/02/2017 01:43 AM, Ian Harding wrote:
On 08/01/2017 12:03 PM, Rob Crittenden wrote:
Ian Harding wrote:
On 08/01/2017 07:39 AM, Florence Blanc-Renaud wrote:
On 08/01/2017
Hi,
3. August 2017 03:03, "Fraser Tweedale via FreeIPA-users"
schrieb:
> On Wed, Aug 02, 2017 at 11:11:09PM +0200, Jochen Hein via FreeIPA-users wrote:
>> I'm playing around with keycloak and wanted to use an SSL certificate
>> from IPA. I've looked around
On 08/03/2017 02:10 AM, Tejas Desai via FreeIPA-users wrote:
BIND uses the directives “type forward” and “forward first” in its
named.conf file. How can I make use of BIND directives when using ipa
dns? Because it is based on BIND, can I edit named-pkcs11 directly? Tejas
Hi folks,
I found some very large log files in
/var/log/pki/pki-tomcat/ca
On the major CA host the "debug" file is >1GByte and was never
rotated. It seems that there is a responsible config file /etc/\
pki/pki-tomcat/ca/CS.cfg, setting
debug.append=true
On 08/02/2017 04:17 PM, Fraser Tweedale wrote:
- /var/log/ipareplica-install.log from replica
- /etc/pki/pki-tomcat/ca/debug from both master and replica
Those logs should do for a start.
I'd also like to see your /etc/pki/pki-tomcat/ca/CS.cfg from both
master and replica. Depending on
Bob Rentschler via FreeIPA-users wrote:
> This may be related to the issue discussed here:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/message/SC7GYMHMJ2DNT6BDDSWG5F4HL252EJOD/
>
I work with Randy and there was some custom python and javascript code
written to implement the extensions to the schema as I recall.
On Thu, Aug 3, 2017 at 8:15 AM, Rob Crittenden via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Randy Morgan via FreeIPA-users wrote:
> > When
Rob Crittenden writes:
> certmonger doesn't support storing certificates in a java keystore.
That's what I found out :-)
> The tricky bit might be in dealing with the CSR. certmonger needs the
> private key in order do the renewal.
>
> I guess one thing you could do is a
Jochen Kellner via FreeIPA-users wrote:
> Hi,
>
> 3. August 2017 03:03, "Fraser Tweedale via FreeIPA-users"
>
> schrieb:
>
>> On Wed, Aug 02, 2017 at 11:11:09PM +0200, Jochen Hein via FreeIPA-users
>> wrote:
>>> I'm playing around with keycloak and wanted
Bob Rentschler wrote:
> The query mismatch was a typo/mispaste, sorry about that.
>
> It was indeed at least partly permissions in the LDAP server, likely
> because a service is running the query.
>
> I solved the freeipa permissions with the below command, which is likely
> bad in some way but
On to, 03 elo 2017, Petr Fišer via FreeIPA-users wrote:
Hello,
We are currently deploying FreeIPA and we make use of custom attributes.
We defined them in custom.py script (located in
/usr/lib/python2.7/site-packages/ipaserver/plugins/custom.py).
custom.py looks like this:
from
Randy Morgan via FreeIPA-users wrote:
> When we setup our IPA server, we extended the schema to include 3 fields
> that were important to the work we do. When we performed the last
> update, those fields still show as required, but they are missing and we
> cannot add users to IPA unless we
The query mismatch was a typo/mispaste, sorry about that.
It was indeed at least partly permissions in the LDAP server, likely
because a service is running the query.
I solved the freeipa permissions with the below command, which is likely
bad in some way but did allow postmap to return the
On 08/03/2017 08:34 AM, Fraser Tweedale wrote:
Mark, that's great news; I'm glad you were able to resolve the
issue.
Everyone gets the tunnel vision sometimes :)
I wish you a successful rollout to production.
Cheers,
Fraser
Actually, let me update you on this. I finally got a chance to
Rafał Wądołowski wrote:
> Okey, but how can I create certificate for domain intra.example.com?
>
> I can't create host, because the hostname is required. When I try to add
> service, I got output that principal is required.
Like I said, every cert needs to live in a bucket (user, service, etc)
Kristian Petersen via FreeIPA-users wrote:
> I work with Randy and there was some custom python and javascript code
> written to implement the extensions to the schema as I recall.
My initial thought was that the freeIPA code was updated directly and
updating overwrote the customizations.
rob
>
So now that we have a nicely replicating domain and ca, I'd like to rid
myself of these revoked certificates which I tried as a way to fix the
replication and setting up of a CA. Is there a way to delete these
certs out of the store?
--
Mark Haney
Network Engineer at NeoNova
919-460-3330
The customizations that define the additions to the schema appear to be in
the javascript file /usr/share/ipa/ui/js/plugins/chemuser/chemuser.js. It
defines the additional fields we use that are causing us so much trouble.
I have included it below.
// Place in
Have you tried the replication management script?
ipa-replica-manage(1): Manage IPA replica - Linux man page
|
|
|
| ||
|
|
|
| |
ipa-replica-manage(1): Manage IPA replica - Linux man page
Manages the replication agreements of an IPA server. connect [SERVER_A]
-
On Wed, Aug 2, 2017 at 3:06 PM, Karl Forner via FreeIPA-users
wrote:
> Cross-posted from https://github.com/freeipa/freeipa-container/issues/151
>
> Context: I have one master running in a docker container, with freeIPA
> 4.2.3.
>
> I'm trying to setup a new
On Thu, Aug 3, 2017 at 9:57 PM, Alexandre Pitre via FreeIPA-users
wrote:
> I'm unable to rejoin a CentOS client to my FreeIPA realm. I ran the
> uninstall command on my client: ipa-client-install --uninstall
>
> As far as I know the uninstall was successful.
Hello,
We are currently deploying FreeIPA and we make use of custom attributes.
We defined them in custom.py script (located in
/usr/lib/python2.7/site-packages/ipaserver/plugins/custom.py). custom.py
looks like this:
from ipaserver.plugins.user import user
from ipalib.parameters import Int
On 08/03/2017 11:19 AM, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
I found some very large log files in
/var/log/pki/pki-tomcat/ca
On the major CA host the "debug" file is >1GByte and was never
rotated. It seems that there is a responsible config file /etc/\
On Thu, Aug 03, 2017 at 07:18:30AM -0400, Mark Haney wrote:
> On 08/02/2017 04:17 PM, Fraser Tweedale wrote:
> >
> > > - /var/log/ipareplica-install.log from replica
> > > - /etc/pki/pki-tomcat/ca/debug from both master and replica
> > >
> > > Those logs should do for a start.
> > >
> > > I'd
Oh, sorry, I forgot.
FreeIPA 4.4.0 on RHEL 7.
Petr Fišer
BCV solutions s.r.o.
Mobile: +420 607 618 243
E-mail: petr.fi...@bcvsolutions.eu
Jabber: petr.fi...@bcvsolutions.eu
On 08/03/2017 02:05 PM, Petr Fišer wrote:
Hello,
We are currently deploying FreeIPA and we make use of custom
26 matches
Mail list logo