On 23 April 2018 at 17:53, Lachlan Musicman wrote:
> On 23 April 2018 at 17:00, Alexander Bokovoy wrote:
>
>> On ma, 23 huhti 2018, Lachlan Musicman via FreeIPA-users wrote:
>>
>>> Am I making hard work of something that is relatively straight forward
I'm trying to promote a new client to a replica. I install the client first
then run ipa-replica-install. The client install goes OK but the
ipa-replica-install command fails with
RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
Seems the client was able to reach the CA so I'm
On Mon, 2018-04-23 at 17:25 +0100, lejeczek via FreeIPA-users wrote:
>
> and that hypothetical situation where it all works in LXC -
> still poses a question - what kind of an impact would the
> fact that it's an LXC have on dependencies chain, in terms
> of system's various services, systemd?
Hello to the mailing list!
We are running FreeIPA to handle authentication, and having an issue. We
have a few tools that can not use the full IPA stack (PAM/SSSD/Kerberos),
but instead have to talk to the underlying LDAP server directly. The
problem we are facing is when user passwords expire,
On 23/04/18 15:19, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
hi gents,
I'm trying to add replica but process fails:
...
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/27]: creating certificate server db
[2/27]: setting up initial replication
I seem to have 1 server that constantly gets out of sync with the other 3
servers. Currently I am getting this error when I try to add a user:Server is
unwilling to perform: Managed Entry Plugin rejected add operation (see errors
log).
I am trying to find the log files and figure out what I
lejeczek via FreeIPA-users wrote:
> hi gents,
>
> I'm trying to add replica but process fails:
> ...
> Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
> [1/27]: creating certificate server db
> [2/27]: setting up initial replication
> Starting replication, please wait
On 20/04/18 19:06, Rob Crittenden via FreeIPA-users wrote:
IPA does no testing using LXC containers so YMMV.
When I try to install a replica process gets stack at:
...
Done configuring ipa-custodia.
Configuring certificate server (pki-tomcatd). Estimated
time: 3 minutes
[1/27]: creating
hi gents,
I'm trying to add replica but process fails:
...
Configuring certificate server (pki-tomcatd). Estimated
time: 3 minutes
[1/27]: creating certificate server db
[2/27]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 4
On 04/20/2018 11:06 AM, lejeczek via FreeIPA-users wrote:
hi
I'd like to ask when, if at all, IPA's installer change nsswitch.conf?
I install a client, afterwards no sss in nsswitch, I install a replica
on that client, still no sss. Is this normal, expected?
many thanks, L.
On 23 April 2018 at 17:00, Alexander Bokovoy wrote:
> On ma, 23 huhti 2018, Lachlan Musicman via FreeIPA-users wrote:
>
>> Am I making hard work of something that is relatively straight forward and
>> solved elsewhere but I've missed?
>>
>> Ansible has "ignore_errors: True"
On ma, 23 huhti 2018, Lachlan Musicman via FreeIPA-users wrote:
Am I making hard work of something that is relatively straight forward and
solved elsewhere but I've missed?
Ansible has "ignore_errors: True" available, but I feel that is a weak get
out of jail free card. Given that this is
Not 100% sure where to send this. Am trying to write an Ansible playbook to
install SSSD and enroll the host in a domain.
The problem starts when the host exists in the domain and ipa-client is
already installed.
We can use Ansible's delegate module to remove host from domain enrollment
(would
13 matches
Mail list logo