[Freeipa-users] Re: ghost replica for radius server

that was easy - THANX Florence. My ghost replica still doesn’t show in ipa_check_consistency. Any ideas on that? grant@radius01:~[20221118-3:56][#97]$ ipa server-state $HOSTNAME --state=enabled ipa: WARNING: Automatic update of DNS system records failed. Please re-run update of system records

[Freeipa-users] Re: ghost replica for radius server

Hi, I believe you are hitting a known issue: 2132047 Check hidden status for PKINIT certificate creation The workaround is to set the replica as not hidden (ipa server-state $HOSTNAME --state=enabled), re-run ipa-pkinit-manage enable on the

[Freeipa-users] Re: Microsoft November 2022 updates breaks Active Directory integration

On pe, 18 marras 2022, Sam Morris via FreeIPA-users wrote: On 17/11/2022 15:09, Rob Crittenden via FreeIPA-users wrote: Rob Crittenden wrote: Microsoft addressed a number of CVEs last week which introduced some authentication issues. After installation of these patches, user authentication on

[Freeipa-users] Re: ghost replica for radius server

Grant Janssen via FreeIPA-users wrote: > that was easy - THANX Florence. > > My ghost replica still doesn’t show in ipa_check_consistency. > Any ideas on that? > > grant@radius01:~[20221118-3:56][#97]$ ipa server-state $HOSTNAME > --state=enabled > ipa: W

[Freeipa-users] Re: Microsoft November 2022 updates breaks Active Directory integration

On 17/11/2022 15:09, Rob Crittenden via FreeIPA-users wrote: Rob Crittenden wrote: Microsoft addressed a number of CVEs last week which introduced some authentication issues. After installation of these patches, user authentication on Linux systems integrated in Active Directory no longer works

[Freeipa-users] Re: "ipa-cacert-manage renew" is failing

Hi, On Thu, Nov 17, 2022 at 7:59 PM Sean McLennan via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > > ^ This one (caSigningCert cert-pki-ca) is IPA CA and expires 2022-11-11 > but > > it definitely looks wrong, unless IPA was installed with custom (and > > puzzlin) options:

[Freeipa-users] Re: "ipa-cacert-manage renew" is failing

> I'm asking you to compare because it's unexpected to see a subject > CN=localhost for the IPA CA. Someone has probably messed up with some > commands and replaced the original IPA CA with a wrong one in the > /etc/pki/pki-tomcat/alias database. If that's the case, we can put the > right CA back

[Freeipa-users] ipa-healthcheck errors

Hello, After todays update I noticed I am now running rocky 8.7 freeipa was updated just fine and is working nicely. However after running ipa-healthcheck I was treated with a HUGE amount of errors. After some digging I found that certmonger stopped tracking of all my certs. Figuring out how