Hello,I'm reinstalling a replica FreeIPA server in a CA-less environment.
I'm looked online and found:
https://www.redhat.com/archives/freeipa-users/2016-December/msg00391.html which
is similar (or exactly the problem), but theres no solid resolution. I recopied
/etc/ipa/ca.crt to the new
On 13 December 2017 at 23:29, Timo Aaltonen via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On 28.11.2017 22:58, Peter Fern via FreeIPA-users wrote:
> > On 23/11/17 05:34, David Harvey via FreeIPA-users wrote:
> >> Not sure why tomcat is more resilient when launched as root,
Hi Flo, Rob,
On 12/14/17 9:27 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
The files should contain multiple certificates (IPA CA and the external CA
certificates). If it is not the case, please check first if there were AVC
issues (if running in SElinux enforcing mode), and feel free
We perform monthly patching of our IPA servers on consecutive weeks. We have a
realm member server that loses it's 'A' record in DNS after every monthly
patching cycle on the first of our 2 IPA servers. And this member server is the
ONLY machine to have such a problem.
Using the DNS Admin GUI
We perform monthly patching of our IPA servers on consecutive weeks. We have a
realm member server that loses it's 'A' record in DNS after every monthly
patching cycle on the first of our 2 IPA servers. And this member server is the
ONLY machine to have such a problem.
Using the DNS Admin GUI
I've set up a replica in an IPA domain, and was surprised that it did
not have DNS configured the same way that the first IPA server does. Of
the following options that I specified on the first install, which do I
need to provide to a replica in order to get identical functionality,
and where
I've been having difficulties connecting a freeipa-client on Ubuntu 16.06
LTS, to a Redhat IPA server that has a trusted connection to Microsoft AD
server.
Ssh authentications are pretty slow, however, once I do get on, I find sudo
commands often do not work for several minutes saying I am not in
On 12/13/2017 04:39 PM, Harald Dunkel via FreeIPA-users wrote:
Hi Flo,
On 12/12/17 3:59 PM, Harald Dunkel via FreeIPA-users wrote:
My concern is, it looks much more restricted than the old root CA
cerificate:
# certutil -L -d /var/lib/pki/pki-tomcat/ca/alias
Certificate Nickname