[Freeipa-users] easy way to check ipa-client status

Sorarely, a second server is built with the same fqdn, causing an issue with the original server kerberos realm membership...thing. Is there an easy way to check/confirm this similar to how you'd check the computer accounts for M$ AD? Thanks in advance! -Jake

[Freeipa-users] dirsrv repeatedly hangs

We have experienced several cases of end users not being able to authenticate. While investigating I've found that I can not obtain kinit credentials on the local freeipa replicaipactl however shows all processes including Directory Server as running.  Doing ipactl restart hangs but service ipa

[Freeipa-users] Re: Swiching which FreeIPA server is the main CA

OK I think I got the ldapmodify to work. I reran the commands to check the two certs and they appear to match now. However, when I run an ipactl restart the system still fails on pki-tomcatd. On Mon, Oct 30, 2017 at 3:42 AM, Florence Blanc-Renaud wrote: > On 10/28/2017 01:15

[Freeipa-users] Re: Can't create new CA replica

I've finally had a chance to make this attempt and after running the clean up: # python /usr/share/pki/scripts/restore-subsystem-user.py -v Subsystem certificate: 2;4;CN=Certificate Authority,O=DOMAIN.TLD;CN=CA Subsystem,O=DOMAIN.TLD -BEGIN CERTIFICATE- *snip* -END CERTIFICATE-

[Freeipa-users] Re: Swiching which FreeIPA server is the main CA

On 10/28/2017 01:15 AM, Kristian Petersen via FreeIPA-users wrote: I forgot to include the results of the commands in case it is helpful: -bash-4.2$ ldapsearch -LLL -D 'cn=directory manager' -W -b uid=pkidbuser,ou=people,o=ipaca userCertificate description seeAlso Enter LDAP Password: dn:

[Freeipa-users] Re: Where is the replication configuration hiding?

On 10/30/2017 03:56 AM, Sergei Gerasenko via FreeIPA-users wrote: Hi, When searching for RUVs, agreements, etc, the following ldapsearch command can be used: ldapsearch -xLLL -h HOST -D "cn=directory manager" -W -b cn=config cn=replica nsds50ruv -o ldif-wrap=no That seems to work. The