Auto reboot fail , I just try manual bootup cermonger.service still fail
sudo systemctl -f start certmonger.service
Jan 30 11:03:01 dbus[537]: [system] Activating systemd to h
Jan 30 11:03:01 dbus-daemon[537]: dbus[537]: [system] Activ
Jan 30 11:03:13 systemd-logind[2922]: Failed to enable
On Mon, Jan 29, 2018 at 03:55:07PM +0100, Christof Schulze via FreeIPA-users
wrote:
> Hi,
>
> some certificates on our freeipa-cluster (3 servers) are have been not
> renewed till now, 2 hours before expiring. Can this be a problem?
>
> Some of the certificates, the ones expiring show
I think it is trying to write a lock file related to the X session to my
home directory, but it can't because the location doesn't exist.
Interestingly enough, I tried creating the directory manually and I get
"permission denied" even if running as root. Could this be a problem
related to IPA
On Mon, Jan 29, 2018 at 01:34:37PM +, Mike Kelly via FreeIPA-users wrote:
> Hi,
>
> I'm looking to use FreeIPA's PKI for OpenVPN... any pointers on the right
> way to generate per-user certificates? (Looking to generate certs for
> Android and Chrome OS, so I don't have an easy way to build a
My servers are centos but here is the script we run.
CENTOS
authconfig --enableldap \
--enableldapauth \
--ldapserver=servername.internal.com \
--ldapbasedn="cn=users,cn=accounts,dc=internal,dc=com" \
--enablemkhomedir \
--update
On Mon, Jan 29, 2018 at 4:51 PM, Kristian Petersen
Oddjobd is installed and is enabled and running at least. Where would you
configure it that I could check?
oddjobd.service - privileged operations for unprivileged applications
Loaded: loaded (/usr/lib/systemd/system/oddjobd.service; enabled; vendor
preset: disabled)
Active: active (running)
On ma, 29 tammi 2018, Alexandre Cardoso wrote:
Hi Alexander,
The final decision will be re-install everything “IPA” and do it again
now using same realm. In both sites so after the installation of first
IPA server the second one will be just run the ida-server-replica
right?
yes, just follow
hi,
could you try using ldapsearch with the -d 10 switch? That shoud give you
plenty of debugging info.
--
Groeten,
natxo
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
Sounds like oddjobd isn't installed/configured.
On Mon, Jan 29, 2018 at 3:23 PM, Kristian Petersen via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> I am trying to set up a workstation running RHEL 7 with Gnome graphical
> environment. I have enrolled this machine as a client
I am trying to set up a workstation running RHEL 7 with Gnome graphical
environment. I have enrolled this machine as a client in IPA using the
--mkhomedir flag, however, the home directory is not being created when I
log in. Because the home directory doesn't get created at log in GDM kicks
me
No-one a clue about this ?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi Alexander,
The final decision will be re-install everything “IPA” and do it again now
using same realm. In both sites so after the installation of first IPA server
the second one will be just run the ida-server-replica right?
Thanks
Alex
> On 29 Jan 2018, at 12:31, Alexander Bokovoy
Hi,
some certificates on our freeipa-cluster (3 servers) are have been not
renewed till now, 2 hours before expiring. Can this be a problem?
Some of the certificates, the ones expiring show "ca-error: Invalid
cookie: '' in the "getcert list" output, what makes me nervous.
We also have the
Hi,
I'm looking to use FreeIPA's PKI for OpenVPN... any pointers on the right
way to generate per-user certificates? (Looking to generate certs for
Android and Chrome OS, so I don't have an easy way to build a CSR on those
devices directly that I can find; I assume I want to just generate the
On ma, 29 tammi 2018, Alexandre Cardoso wrote:
Hi,
We have 2 major projects with several servers each project until now we
only have one IPA server and want to implement a second one in other
site for the other project and want to implement it also as a failover
to the other IPA server site.
Hi,
We have 2 major projects with several servers each project until now we only
have one IPA server and want to implement a second one in other site for the
other project and want to implement it also as a failover to the other IPA
server site.
So if I can have 2 domains and if possible to
On ma, 29 tammi 2018, Alexandre Cardoso wrote:
Hummm.that is bad…for me…
Is that a way I can change the already in place Realm without affecting
existing users/hosts so I can adapt to multi site/domain?
I don't think so. If you have different realms, you are dealing with two
different
Hummm.that is bad…for me…
Is that a way I can change the already in place Realm without affecting
existing users/hosts so I can adapt to multi site/domain?
Thanks
Alex
> On 29 Jan 2018, at 10:45, Alexander Bokovoy wrote:
>
> On ma, 29 tammi 2018, Alexandre Cardoso
On ma, 29 tammi 2018, Alexandre Cardoso wrote:
Thanks Alexander,
And if I have different realms this can work?
IPA only supports a single Kerberos realm.
--
/ Alexander Bokovoy
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
Thanks Alexander,
And if I have different realms this can work?
Thanks
Alex
> On 29 Jan 2018, at 10:33, Alexander Bokovoy wrote:
>
> On ma, 29 tammi 2018, Alexandre Cardoso via FreeIPA-users wrote:
>> Hi Guys,
>>
>> Is that any configuration where I can set up 2 or 3
On ma, 29 tammi 2018, Alexandre Cardoso via FreeIPA-users wrote:
Hi Guys,
Is that any configuration where I can set up 2 or 3 master replication
in multi site and each of those master have different domain such as
ipa.example-site1.com, ida.example2-site2.com?
Just use them. As long as there
Hi Guys,
Is that any configuration where I can set up 2 or 3 master replication in multi
site and each of those master have different domain such as
ipa.example-site1.com, ida.example2-site2.com?
Is this possible using the ida-server-replication?
Thanks in advance
Alex
22 matches
Mail list logo