On Mon, Jan 08, 2018 at 10:15:29PM +0100, Giulio Casella via FreeIPA-users
wrote:
> After some time, requests go "CA_UNREACHABLE", caused by "RPC failed at
> server. Request failed with status 500: Non-2xx response from CA REST API:
> 500." when certmonger tries to renew httpd/dirsrv
On Mon, Jan 08, 2018 at 06:48:11PM -0700, Sean Hogan via FreeIPA-users wrote:
>
> Hi Fraser,
>
> Thanks for the reply. Agreed that a vault stores a secret however when
> that secret is say a pw for a shared ID like for instance root. While
> a number of people can access the password
Hi Fraser,
Thanks for the reply. Agreed that a vault stores a secret however when
that secret is say a pw for a shared ID like for instance root. While
a number of people can access the password for root in the vault I might
not want 20 people using the root pw at the sametime because I
On 01/06/2018 08:51 PM, lejeczek via FreeIPA-users wrote:
hi everyone
I'm trying a client, when I do:
$ ipa-client-install --no-ntp --force-join
Discovery was successful!
...
Also note that following ports are necessary for ipa-client working
properly after enrollment:
TCP: 464
On 01/06/2018 08:54 PM, lejeczek via FreeIPA-users wrote:
hi
I'm trying to install replica, process fails:
..
[3/5]: creating anonymous principal
[4/5]: starting the KDC
[5/5]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]:
On 08/01/18 08:46, Florence Blanc-Renaud wrote:
On 01/06/2018 08:51 PM, lejeczek via FreeIPA-users wrote:
hi everyone
I'm trying a client, when I do:
$ ipa-client-install --no-ntp --force-join
Discovery was successful!
...
Also note that following ports are necessary for
ipa-client
Hi Guys,
Comparing to the great demo of Ab:
https://github.com/abbra/freeipa-userstatus-plugin I was wondering if someone
created something like it but for a simple textfield as well.
Reinventing the wheel is not good so maybe someone has a working example/plugin.
Thanks!
Matt
HI Martin,
I disabled them from the GUI.
What do you want to know about the config ?
Cheers,
Matt
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
After some time, requests go "CA_UNREACHABLE", caused by "RPC failed at
server. Request failed with status 500: Non-2xx response from CA REST
API: 500." when certmonger tries to renew httpd/dirsrv certificate.
Any ideas to correctly debug this issue?
Il 08/01/2018 17:56, Giulio Casella via
lejeczek via FreeIPA-users
writes:
> $ ipa-client-install --no-ntp --force-join
>
> krb5kdc[1560686](info): preauth (encrypted_timestamp) verify
> failure: Preauthentication failed
>
> But after many tries(randomly) suddenly it would succeed.
Do the
Where and how do you have configured forwarders. Is it a global forwarder,
or forward zone forwarder, zone forwarder. Do you have forward zones
configured. etc..
2018-01-08 21:17 GMT+01:00 Matt . via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:
> HI Martin,
>
> I disabled them from the
On Mon, Jan 08, 2018 at 11:27:47AM +0100, Johan Vermeulen wrote:
> Hello All,
>
> I "ve set up a new machine for this test and increased the log levels to 6.
> Config for Freeipa-client is done with ipa-client-install, I use chrony in
> stead of ntp and Selinux is enabled.
>
> When user logs in
Gentle bump (whilst I remember to nudge this).
TL;DR
Does anyone know the likely implications of error messages such as:
"Setting property 'enableOCSP' to 'false' did not find a matching property."
(then repeated for several other properties)
On 4 January 2018 at 14:52, David Harvey
Hi,
I've got a problem with certificate expiration. My setup is a CA-ful IPA
installation, ipa-server-4.5.0-22 on a CentOS 7 host.
I've been able to run ipa-cacert-manage renew, setting date in the past,
but server certs (dirsrv and httpd) are not updated.
Is there a way to force update?
Hello,
I have recently been looking into the password vault for IPA and would
like to implement however I have not been able to find an answer to a
compliance question on it yet.
Does the IPA PW vault limit checking out the password for a shared id to
one person at a time? I am
Il 08/01/2018 17:26, Rob Crittenden ha scritto:
Giulio Casella via FreeIPA-users wrote:
You need to stop ntpd, use date to go back when the web server cert is
still valid, then restart certmonger. That generally will do it.
Hi Rob,
I already tried with date few hours before expiration, with
16 matches
Mail list logo