[Freeipa-users] Re: Expired certificate problem

On Mon, Jan 08, 2018 at 10:15:29PM +0100, Giulio Casella via FreeIPA-users wrote: > After some time, requests go "CA_UNREACHABLE", caused by "RPC failed at > server. Request failed with status 500: Non-2xx response from CA REST API: > 500." when certmonger tries to renew httpd/dirsrv

[Freeipa-users] Re: IPA Password Vault

On Mon, Jan 08, 2018 at 06:48:11PM -0700, Sean Hogan via FreeIPA-users wrote: > > Hi Fraser, > > Thanks for the reply. Agreed that a vault stores a secret however when > that secret is say a pw for a shared ID like for instance root. While > a number of people can access the password

[Freeipa-users] Re: IPA Password Vault

Hi Fraser, Thanks for the reply. Agreed that a vault stores a secret however when that secret is say a pw for a shared ID like for instance root. While a number of people can access the password for root in the vault I might not want 20 people using the root pw at the sametime because I

[Freeipa-users] Re: ipa-client-install - error - Failed to obtain host TGT: Major (851968)

On 01/06/2018 08:51 PM, lejeczek via FreeIPA-users wrote: hi everyone I'm trying a client, when I do: $ ipa-client-install --no-ntp --force-join Discovery was successful! ... Also note that following ports are necessary for ipa-client working properly after enrollment: TCP: 464

[Freeipa-users] Re: replica install fails: CA_UNREACHABLE

On 01/06/2018 08:54 PM, lejeczek via FreeIPA-users wrote: hi I'm trying to install replica, process fails: ..   [3/5]: creating anonymous principal   [4/5]: starting the KDC   [5/5]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin   [1/2]:

[Freeipa-users] Re: ipa-client-install - error - Failed to obtain host TGT: Major (851968)

On 08/01/18 08:46, Florence Blanc-Renaud wrote: On 01/06/2018 08:51 PM, lejeczek via FreeIPA-users wrote: hi everyone I'm trying a client, when I do: $ ipa-client-install --no-ntp --force-join Discovery was successful! ... Also note that following ports are necessary for ipa-client

[Freeipa-users] Plugin for simple user attribute / textfield in Gui

Hi Guys, Comparing to the great demo of Ab: https://github.com/abbra/freeipa-userstatus-plugin I was wondering if someone created something like it but for a simple textfield as well. Reinventing the wheel is not good so maybe someone has a working example/plugin. Thanks! Matt

[Freeipa-users] Re: Forwarders don't work when enabled but do work when disabled

HI Martin, I disabled them from the GUI. What do you want to know about the config ? Cheers, Matt ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Expired certificate problem

After some time, requests go "CA_UNREACHABLE", caused by "RPC failed at server. Request failed with status 500: Non-2xx response from CA REST API: 500." when certmonger tries to renew httpd/dirsrv certificate. Any ideas to correctly debug this issue? Il 08/01/2018 17:56, Giulio Casella via

[Freeipa-users] Re: ipa-client-install - error - Failed to obtain host TGT: Major (851968)

lejeczek via FreeIPA-users writes: > $ ipa-client-install --no-ntp --force-join > > krb5kdc[1560686](info): preauth (encrypted_timestamp) verify > failure: Preauthentication failed > > But after many tries(randomly) suddenly it would succeed. Do the

[Freeipa-users] Re: Forwarders don't work when enabled but do work when disabled

Where and how do you have configured forwarders. Is it a global forwarder, or forward zone forwarder, zone forwarder. Do you have forward zones configured. etc.. 2018-01-08 21:17 GMT+01:00 Matt . via FreeIPA-users < freeipa-users@lists.fedorahosted.org>: > HI Martin, > > I disabled them from the

[Freeipa-users] Re: Centos7.4: users not seeing password expired notifications

On Mon, Jan 08, 2018 at 11:27:47AM +0100, Johan Vermeulen wrote: > Hello All, > > I "ve set up a new machine for this test and increased the log levels to 6. > Config for Freeipa-client is done with ipa-client-install, I use chrony in > stead of ntp and Selinux is enabled. > > When user logs in

[Freeipa-users] Re: Ubuntu -> Fedora and tomcat SetAllPropertiesRule warnings

Gentle bump (whilst I remember to nudge this). TL;DR Does anyone know the likely implications of error messages such as: "Setting property 'enableOCSP' to 'false' did not find a matching property." (then repeated for several other properties) On 4 January 2018 at 14:52, David Harvey

[Freeipa-users] Expired certificate problem

Hi, I've got a problem with certificate expiration. My setup is a CA-ful IPA installation, ipa-server-4.5.0-22 on a CentOS 7 host. I've been able to run ipa-cacert-manage renew, setting date in the past, but server certs (dirsrv and httpd) are not updated. Is there a way to force update?

[Freeipa-users] IPA Password Vault

Hello, I have recently been looking into the password vault for IPA and would like to implement however I have not been able to find an answer to a compliance question on it yet. Does the IPA PW vault limit checking out the password for a shared id to one person at a time? I am

[Freeipa-users] Re: Expired certificate problem

Il 08/01/2018 17:26, Rob Crittenden ha scritto: Giulio Casella via FreeIPA-users wrote: You need to stop ntpd, use date to go back when the web server cert is still valid, then restart certmonger. That generally will do it. Hi Rob, I already tried with date few hours before expiration, with