Hi Tomasz.
This was one question to myself I made and on my understanding TLS has been
use, but I need confirmation.
Please, how can we confirm that TLS is been used?
Can you please advise?
Many thanks
Marcelo
___
FreeIPA-users mailing list --
I have downloaded and used cipherscan
./cipherscan.txt 127.0.0.1
I belie this does it. Correct?
Please advise.
Many thanks
Marcelo
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
Marcelo Carvalho via FreeIPA-users wrote:
> I have downloaded and used cipherscan
>
> ./cipherscan.txt 127.0.0.1
>
> I belie this does it. Correct?
You don't need to scan all the available ciphers unless you want to do
that as well. If you just want to verify that the IPA servers have TLS
Hi everybody.
I am back in charge of some freeipa servers and would like to check for best
documentation on upgrading FreeIPA to use TLS.
I have found:
Thank you so much Alexander. I will dive into that.
Many thanks
Marcelo.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
On Mon, Sep 25, 2023 at 04:05:33PM -, Marcelo Carvalho via FreeIPA-users
wrote:
> Hi everybody.
>
> I am back in charge of some freeipa servers and would like to check for best
> documentation on upgrading FreeIPA to use TLS.
Why dou you think FreeIPA isn't using TLS? How do you check?
There is an interesting design document already for DHCP with FreeIPA.
https://www.freeipa.org/page/DHCP_Integration_Design
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
We did most of this, and have been using it for a few years. However it depends
upon the ISC DHCP server, which is now EOL. The replacement, KEA, does not
support LDAP, and there are no plans for it to.
I think the reason is that they didn't want to put dynamic addresses in LDAP,
because LDAP
On Fri, Sep 22, 2023 at 12:03:19PM -, Jay Smith via FreeIPA-users wrote:
> Thank you very much for your hint Ulf. That's working for me.
>
> docker run -it \
> -h ${MK_FREEIPA_SERVER_DOMAIN_NAME} \
> --name ipa \
> --sysctl net.ipv6.conf.all.disable_ipv6=0 \
> -v
On Fri, Sep 22, 2023 at 12:10:50PM -, Jay Smith via FreeIPA-users wrote:
> I have the following Setup.
>
> MK_INTERNAL_SUB_DOMAIN=example.test
> MK_FREEIPA_SERVER_REALM=EXAMPLE.TEST
> MK_FREEIPA_SERVER_DS_PASSWORD=password
> MK_FREEIPA_SERVER_ADMIN_PASSWORD=password
>
Cristian Le via FreeIPA-users wrote:
> Ok, let me walk through some of the specific errors, and I will also
> censor out some of the output since this is going to the public
> mail-list as well.
>
> Starting from the beginning.
> - I have set the date to `1 month` before certificate expired with
Hello,
I have a trusted AD domain levant.abes.fr
I'm trying to get my to auto.home map get working with automount keys.
Everything is ok with the wildcard on the trusted domain
* vm701-dev.couchant.abes.fr:/export/home/levant.abes.fr/&
In addition to this, is there a way to do the same with the
Russ Long via FreeIPA-users wrote:
> Any other advice here? I have also tried setting system back to when
> certificates were valid, restarting certmonger and pki-tomcatd, and running
> getcert resubmit on the affected certs, this moves them to a "Monitoring"
> status, but they still never
Rob,
Thanks so much, running that command, and then the `ipa-cert-fix` with the
server in current time appears to have fixed the issue. I did manually run a
`getcert resubmit -i ID_HERE` for a couple certs that were still showing
CA_UNREACHABLE in `getcert list`, but not sure if that was
Today was my second attempt to lift FreeIPA servers to Fedora 38 from 37. Again
it failed.
Sync and healthchecks were fine, but an (admin) user can't log into the WebUI
and can't do sudo. Login works because I do key based authentication.
Kinit admin works, but kinit alone doesn't.
I have a
Alexander, thank you for explanation.
Maybe you can consult on where can a newbee that want to contribute
implementing Global Catalog within FreeIPA in order to support IPA-IPA trust
relationtship should start?
Are those open issues are the main factor that held implementation of that
feature?
I need to create a trust between a MS Domain Controller and my FreeIPA.
Documentation I found is
https://www.freeipa.org/page/Active_Directory_trust_setup
Can anybody confirm that the above is the most recommended documentation
related to FreeIPA Trust with Microsoft Active Directory Domain
On Пан, 25 вер 2023, dweller dweller via FreeIPA-users wrote:
Alexander, thank you for explanation.
Maybe you can consult on where can a newbee that want to contribute
implementing Global Catalog within FreeIPA in order to support IPA-IPA
trust relationtship should start?
Are those open issues
On Пан, 25 вер 2023, Marcelo Carvalho via FreeIPA-users wrote:
I need to create a trust between a MS Domain Controller and my
FreeIPA. Documentation I found is
https://www.freeipa.org/page/Active_Directory_trust_setup
Can anybody confirm that the above is the most recommended
documentation
Hello,
On Mon, Sep 25, 2023 at 2:41 AM Srikanth C via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
> Hi,
>
> I am looking for the process to migrate the DNS Zones and it's records
from one FreeIPA to other FreeIPA server. I have gone through the
documentation but didn't find any
20 matches
Mail list logo