Hi Alexander,
You're correct, turns out I wasn't using the correct domain for the
--domain parameter. I thought I was. Here's the command I used.
ipa-client-install -U -p admin -w Passw0rd! --enable-dns-updates --mkhomedir
--domain=ipa.ad.com --realm=IPA.AD.COM --no-ntp --debug
All of my client
so far we have pure domainlevel0 consisting of Centos7 servers. The plan is to
add Fedora Server 26 which will initially also be at domanlevel0.
Are there any pitfalls that we should watch out for with these two different
versions of OS?
thank you___
Fr
Hello,
We have Kerberos authentication failing on our replica server as well as
client. We are also not able to add any more client or replica server.
Master FreeIPA server ds01:/etc/krb5.keytab, we get multiple entries.
[root@ds01 log]# klist -kt /etc/krb5.keytab
Keytab name: FILE:/etc/krb5
Hey Rob,
I have an update that'll close out this thread.
We discovered that the code in the pki-ca was looking for a CN of the IPA RA's
serial number in ou=certificateRepository,ou=ca,o=ipaca. This didn't exist and
we realized it might be part of the problem. It turns out that it was which
he
Looks like I missed your answers.
Question: Do I need to run that command on all RHEL6 CA servers or just one of
them? (We currently have 2 RHEL 6 CA servers.)
Thank you for the reply!
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahos
On 8/10/17 11:37 AM, Ian Harding via FreeIPA-users wrote:
[root@freeipa-sea ianh]# ldapsearch -LLL -D 'cn=directory manager' -W
-b "cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config"
"objectClass=nsds5replicationagreement" nsds5replicaLastUpdateStatus
Enter LDAP Password:
dn:
cn=cloneAgreemen
Julian Gethmann wrote:
> On 08/14/2017 09:51 PM, Rob Crittenden wrote:
>> Julian Gethmann wrote:
>>> On 08/14/2017 05:46 PM, Rob Crittenden wrote:
Julian Gethmann wrote:
> Hallo,
>
> On 08/14/2017 04:21 PM, Rob Crittenden wrote:
>> Julian Gethmann via FreeIPA-users wrote:
>
I found that adding in 70.9.10.in-addr.arpa. the entry (name="6", type=PTR,
data=ipa.quartzbio.com.) (N.B: ends with a ".") fixed the problem;
%host 10.9.70.6
6.70.9.10.in-addr.arpa domain name pointer ipa.quartzbio.com.
On Tue, Aug 15, 2017 at 12:05 PM, Karl Forner wrote:
> Hello,
>
> I'm stru
Hello,
I'm struggling to setup a new replica.
I am now wondering if the DNS configuration is good, especially the reverse
DNS.
When I run ipa-replica, from the host, using the name server from the
freeIPA master, I get:
ipa : DEBUGCheck forward/reverse DNS resolution
ipa : DEB
On ma, 14 elo 2017, Alexandre Pitre via FreeIPA-users wrote:
Although, the explanation from Alexander Bokovoy made perfect sense, I'm
still facing the issue after I re-established the AD trust successfully:
(Tue Aug 15 02:23:40 2017) [sssd[be[domain.ad.com]]] [sdap_cli_auth_step]
(0x1000): the c
On ma, 14 elo 2017, Steve Weeks via FreeIPA-users wrote:
So we just got lucky with the fedora 25 systems?
If we move the Linux system to host.ipa.example.com and leave the Windows
stuff as ad.example.com we should be fine?
Yes, as long as AD is not a sub-domain of IPA in terms of AD domain +
DN
11 matches
Mail list logo