> I'm having problems with replication on my two node ipa cluster (left-right,
> right-left) so I tried to re-initialize my replica.
>
> [root@idm02 ~]# ipa topologysegment-find domain
>
> -
Tiemen Ruiten wrote:
> Hello,
>
> Sorry for the late reply. This is the latest FreeIPA version in CentOS
> 7.3 (4.4.0-14).
>
> Indeed the helpdesk role should be sufficient. I tried with the User
> Administrator role as well, but that made no difference. Since it's
> working for you, it's
I can only second that. Official FreeIPA plugins for Postfix and Dovecot would
be immensely helpful.
Someone made a plugin that adds mailAlternateAdress to the scheme and ui, which
is somewhat related to this issue:
https://github.com/pdf/freeipa-user-mailalternateaddress
On ma, 07 elo 2017, Sameer Gurung via FreeIPA-users wrote:
Hi All,
I have a network consisting of both windows and linux clients running
windows server 2008 (active directory) and centos 7 (freeipa). Obviously,
the windows clients authenticate against the *AD DC* *(domain windows.foo)* and
the
On ma, 07 elo 2017, Yuri Moens via FreeIPA-users wrote:
The previous error_log I attached was already created with log level = 100.
I've tried to run the command again and attached the log file again but it
seems to be pretty much the same.
I see in the logs that it fails at the verification
Yeah, I was referring to the instructions in
https://www.freeipa.org/page/Certmonger#Manually_renew_a_certificate which
discuss manual renewal of a certificate which is interesting to us since the
all the nodes in the IPA cluster on prod have the same cert that's expiring on
Tuesday.
For what
> On 10 Aug 2017, at 20:15, Eddleman, David via FreeIPA-users
> wrote:
>
> >This probably means the user can’t be resolved at all, so the authentication
> >process doesn’t even make it to the PAM phase. Does ‘getent passwd
> >user@domainfqdn’ work?
>
>This probably means the user can’t be resolved at all, so the authentication
>process doesn’t even make it to the PAM phase. Does ‘getent passwd
>user@domainfqdn’ work?
Returns nothing.
>Are you testing on the IDM server itself or on one of the clients? I would
>suggest to make the IDM server
Scott Stevson via FreeIPA-users wrote:
> Hey Rob,
>
> You may recall earlier when I said that we wound up pulling an expired cert
> on one of our staging IPA replicas after updating the xmlrpc_server variable
> to point to a different host. It's not clear to us how best to fix that cert
>
On 08/10/2017 04:47 PM, Harald Dunkel wrote:
Hi folks,
On Wed, 2 Aug 2017 16:24:00 +0200
Florence Blanc-Renaud wrote:
Hi,
You can follow the steps described here:
The clients machines on my network from time to time get brought to
another network and plugged in to test programs that are being
developed. In the past this hasn't been an issue as it's usually a short
stay and thus the kerberos key is cached and doesn't expire. Recently I
have had a user
Hey Rob,
You may recall earlier when I said that we wound up pulling an expired cert on
one of our staging IPA replicas after updating the xmlrpc_server variable to
point to a different host. It's not clear to us how best to fix that cert
(although I suppose we could roll back time on the
Hello all, I have enabled password+OTP authentication for a user and able
to sync tokens and SSH. While ssh to server using FIPA credentials it's
asking authentication in two steps as First Factor and Second Factor . But
i just want to give it in a single line password ,Can any one suggest how
to
Hello,
following steps works in my cloned test scenario:
cp
/var/log/pki/server/upgrade/10.2.2/1/oldfiles/var/lib/pki/pki-tomcat/conf/Catalina/localhost/ca.xml
/etc/pki/pki-tomcat/Catalina/localhost/ca.xml
rsync -a
On 08/09/2017 09:30 PM, Ian Harding via FreeIPA-users wrote:
On 8/9/17 3:05 AM, thierry bordaz wrote:
Hi Ian,
Thanks for having gather those data.
#
# So pkidbuser entries have a same (old) userCertificate likely
generated during install
# But only freeipa-sea has a new
(Thu Aug 10 02:47:25 2017) [sssd[be[ipa.corp.example.com]]] [sdap_get_tgt_recv]
(0x0400): Child responded: 14 [Client not found in Kerberos database], expired
on [0]
(Thu Aug 10 02:47:25 2017) [sssd[be[ipa.corp.example.com]]] [sdap_kinit_done]
(0x0100): Could not get TGT: 14 [Bad address]
(Thu
I ran into that problem too [1]. The only way I got it to work was to place
the credential cache in /tmp. Like so:
$ KRB5CCNAME=/tmp/krb5cc_keesb kinit
I think the file name does not matter, but I'm not quite sure.
[1] https://www.redhat.com/archives/freeipa-users/2017-March/msg00049.html
I’m not sure if my problem is with IPA or Kerberized NFSv4 but I’m hoping the
list may be able to help.
I’m trying to get a Kerberized NFSv4 client going on an Ubuntu 16.04LTS system
that’s enrolled to IPA with an AD trust. I can mount the filesystem
successfully with:
mount -o sec=krb5 -t
18 matches
Mail list logo