[Freeipa-users] Re: FreeIPA replica in AWS

Ok, I got further this time.  Now I am getting this error:   [2/27]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 5 seconds elapsed Update succeeded   [3/27]: creating installation admin user   [4/27]: configuring certificate

[Freeipa-users] Re: FreeIPA replica in AWS

That's what I thought.  Thank you for confirming that! On Thursday, February 8, 2018 11:26 AM, Rob Crittenden via FreeIPA-users wrote: Andrew Meyer via FreeIPA-users wrote: > Ok, I got further this time.  Now I am getting this error: > >   [2/27]:

[Freeipa-users] Re: FreeIPA replica in AWS

Andrew Meyer via FreeIPA-users wrote: > Ok, I got further this time.  Now I am getting this error: > >   [2/27]: setting up initial replication > Starting replication, please wait until this has completed. > Update in progress, 5 seconds elapsed > Update succeeded > >   [3/27]: creating

[Freeipa-users] Re: FreeIPA replica in AWS

You're probably hitting the same issue. Check the docs [1] to see the minimum requirements. [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/installing-ipa#server-hw-recomendations On 02/08/2018 06:37 PM,

[Freeipa-users] FreeIPA UI not working - Only shows certificate management

Hi all, I have installed FreeIPA server on CentOS 6.9 but the GUI is not coming up completely. It only shows the following certificate system messages. Not sure why and here are the files in the /etc/httpd/alias: lrwxrwxrwx 1 root root 24 Jan 30 14:19 libnssckbi.so ->

[Freeipa-users] Re: FreeIPA UI not working - Only shows certificate management

Thank you for your prompt reply. I modified my SSH config and replaced the last line with:  LocalForward 443 127.0.0.1:443 But it still doesn't work and when I try to login to the VM, I get this error:  Privileged ports can only be forwarded by root Thanks for your help On Thursday, February

[Freeipa-users] Re: FreeIPA UI not working - Only shows certificate management

None via FreeIPA-users wrote: > Hi all, > What URL are you using? rob > > I have installed FreeIPA server on CentOS 6.9 but the GUI is not coming up > completely. It only shows the following certificate system messages. Not sure > why and here are the files in the /etc/httpd/alias: > >

[Freeipa-users] Re: FreeIPA UI not working - Only shows certificate management

I set up the same config for the user root, and as mentioned above, changed the last line of my SSH config so instead of port 8443, it now has 443, but it didn't work:http://127.0.0.1:443 This page isn’t working 127.0.0.1 didn’t send any data. ERR_EMPTY_RESPONSE On Thursday, February 8,

[Freeipa-users] Re: FreeIPA UI not working - Only shows certificate management

Tezarin via FreeIPA-users wrote: > It's installed on an EC2 instance which is only accessible through > tunneling and proxy: > So I added an entry in my ~/.ssh/config file like this: > > Host ipaserver >         HostName [EC2 IP] >         ProxyCommand ssh proxy-server -W %h:%p >        

[Freeipa-users] Re: FreeIPA replica in AWS

Andrew Meyer wrote: > Ok, I launched a new instance using 1CPU x 2GB.  I got further.  And > then all of sudden the promotion script killed itself? > > Done configuring ipa-custodia. > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >   [1/27]: creating certificate server

[Freeipa-users] Re: FreeIPA replica in AWS

Ok, I launched a new instance using 1CPU x 2GB.  I got further.  And then all of sudden the promotion script killed itself? Done configuring ipa-custodia.Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes  [1/27]: creating certificate server db  [2/27]: setting up initial

[Freeipa-users] Re: FreeIPA UI not working - Only shows certificate management

It's installed on an EC2 instance which is only accessible through tunneling and proxy:So I added an entry in my ~/.ssh/config file like this: Host ipaserver        HostName [EC2 IP]        ProxyCommand ssh proxy-server -W %h:%p        IdentityFile ~/.ssh/id_rsa        User testuser       

[Freeipa-users] Re: FreeIPA in EC2

> On 7 Feb 2018, at 21:51, Andrew Meyer via FreeIPA-users > > wrote: > > We are trying to deploy FreeIPA in our environment, this will be a mix of > local servers and server to manage auth in EC2. We have a

[Freeipa-users] pkinit

Hello, I recently upgraded to version 4.5 of FreeIPA. I only upgraded the server, not the clients. Do my clients now have to use pkinit? Or is it optional? How can I check what is being used? I’m concerned that if the environment now is so certificate centric, I will someday be locked out

[Freeipa-users] some confusion of reading this doc abt radius

Hi: all I m reading this : http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html It need create a service ac under radius/host.ipa.example.net...@ipa.example.net.au,\ cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' - BUt which file ldif I

[Freeipa-users] Re: IPA 4.5 with radius server

> On 8 Feb 2018, at 09:43, barry...@gmail.com wrote: > > any steps for IPA relate to keybros > or it is only can do in windows ad ? I’m not really sure what you’re asking. Kerberos is a fundamental service of the FreeIPA platform. -- Aljaž Srebrnič a.k.a g5pw My

[Freeipa-users] Re: freeipa and saml

08.02.2018, 13:29, "Alexander Bokovoy" : > On to, 08 helmi 2018, Николай Савельев via FreeIPA-users wrote: >> 07.02.2018, 22:20, "Rob Crittenden" : >>>  Николай Савельев via FreeIPA-users wrote:   Hi.   I have freeipa with AD trust.   I

[Freeipa-users] Re: FreeIPA replica in AWS

On 02/07/2018 10:53 PM, Andrew Meyer via FreeIPA-users wrote: I just got FreeIPA added as a client and then I tried to promote it as a replica. I got the following error: Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [error]

[Freeipa-users] Re: IPA-Server Deletion issues

Sure thing, Output on* lithium*: [root@lithium ~]# ipa-replica-manage del oxygen.eggvfx.ie --force --cleanup oxygen.eggvfx.ie: server not found [root@lithium ~]# ipa domainlevel-get --- Current domain level: 1 --- Output on *nitrogen*: [root@nitrogen