[Freeipa-users] Lost IPA master Left with replica only

2019-01-18 Thread Rob van Halteren via FreeIPA-users
Hello, I am fairly new to freeipa. Sorry for that. I have a freeipa installation with 1 master in domain bxl.mydomain and a replica in ams.mydomain. At this stage I have lost the master. I did not install the master and replica myself, but from the documentation I learned that the master

[Freeipa-users] Per-host 2FA and "Second Factor (optional)" message

2019-01-18 Thread Chris Herdt via FreeIPA-users
I'd seen previous posts (now a few years old) on enabling per-host 2-factor authentication with FreeIPA. I'm using FreeIPA 4.6.4 on CentOS 7. I followed what I think are the correct steps to enable 2FA on a specific host, but the behavior is a little strange: User A: enable both Password and Two

[Freeipa-users] Re: Per-host 2FA and "Second Factor (optional)" message

2019-01-18 Thread Alexander Bokovoy via FreeIPA-users
On pe, 18 tammi 2019, Chris Herdt via FreeIPA-users wrote: I'd seen previous posts (now a few years old) on enabling per-host 2-factor authentication with FreeIPA. I'm using FreeIPA 4.6.4 on CentOS 7. I followed what I think are the correct steps to enable 2FA on a specific host, but the

[Freeipa-users] Re: Per-host 2FA and "Second Factor (optional)" message

2019-01-18 Thread Chris Herdt via FreeIPA-users
On Fri, Jan 18, 2019 at 1:04 PM Alexander Bokovoy wrote: > On pe, 18 tammi 2019, Chris Herdt via FreeIPA-users wrote: > >I'd seen previous posts (now a few years old) on enabling per-host > 2-factor > >authentication with FreeIPA. I'm using FreeIPA 4.6.4 on CentOS 7. I > >followed what I think

[Freeipa-users] Re: Lost IPA master Left with replica only

2019-01-18 Thread Rob Crittenden via FreeIPA-users
Rob van Halteren via FreeIPA-users wrote: > Hello, > > I am fairly new to freeipa. Sorry for that. > > I have a freeipa installation with 1 master in domain bxl.mydomain and a > replica in ams.mydomain. At this stage I have lost the master. > I did not install the master and replica myself, but

[Freeipa-users] SSO

2019-01-18 Thread Николай Савельев via FreeIPA-users
I'm planning use SSO with freeipa and choosing provider between ipsilon-project and keycloack. I tried ipsilon about year ago, there were some bugs. And I see that project almost die. Just 2 commits during the year. But keycloack seems very big and dificult to me. I'm terrified. What do you

[Freeipa-users] Re: SSO

2019-01-18 Thread Brian Topping via FreeIPA-users
> On Jan 18, 2019, at 9:18 PM, Николай Савельев via FreeIPA-users > wrote: > > I'm planning use SSO with freeipa and choosing provider between > ipsilon-project and keycloack. > I tried ipsilon about year ago, there were some bugs. And I see that project > almost die. Just 2 commits during

[Freeipa-users] Re: Expired Certificates.

2019-01-18 Thread Bhavin Vaidya via FreeIPA-users
Thank you Rob. After falling date more than a day prior to oldest expiring date, restarted certmonger, it showed SUBMITTING for sometime and went back to CA_UNREACHABLE with Internal Error. WRT Fraser's IdM

[Freeipa-users] Re: Expired Certificates.

2019-01-18 Thread Rob Crittenden via FreeIPA-users
Bhavin Vaidya wrote: > Thank you Rob. > > After falling date more than a day prior to oldest expiring date, > restarted certmonger, it showed SUBMITTING for sometime and went back > to CA_UNREACHABLE with Internal Error. You'll need to look in the CA debug log to try to discern why it isn't