do you have any news on this issue... i havea similar trouble...after yum
update from centos 7.4 to 7.6
the pki-tomcatd services failed to start...it worked for a while then failed
and now it won't start anymore...
looked at the certificate and all seems ok...
after a quick look at the
Continuing my adventures with FreeRADIUS ...
It seems that there's no escaping the need to create a dedicated LDAP
user for FreeRADIUS, so that it can see group membership information.
I've already created a FreeIPA service -
radius/ipa.example@example.com - so that I could issue a
Hostname is the same, just gave it a different IP and update the /etc/hosts file
lax4ipa01.mia.bill1st.local
r...@lax4ipa01.mia.bill1st:~$ tail /var/log/pki-ca/catalina.out
Oct 01, 2018 12:13:33 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-9444
Oct 01,
I kept the hostname the same and just changed the IP.
10.26.26.102 lax4ipa01.mia.bill1st.local
I disable IPA and NTP from starting after i cloned it
from /var/log/pki-ca/catalina.out
pasted some errris
CMS Warning: FAILURE: Cannot build CA chain. Error
java.security.cert.CertificateException:
On 1/28/19 11:02 AM, Ian Pilcher wrote:
Many moons ago I migrated my home FreeIPA server from CentOS 6 to CentOS
7 via replication. I've just tried to create a new user for the first
time since, and I hit:
Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed
On 26/01/2019 15:02, François Cami wrote:
> On Sat, Jan 26, 2019 at 11:21 AM François Cami wrote:
>> Hi,
>>
>> On Fri, Jan 25, 2019 at 2:06 PM lejeczek via FreeIPA-users
>> wrote:
>>> hi gents,
>>>
>>> I wonder if IPA when setup up on an "isolated" network segment, having
>>> one single point of
Many moons ago I migrated my home FreeIPA server from CentOS 6 to CentOS
7 via replication. I've just tried to create a new user for the first
time since, and I hit:
Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment
> Jason,
>
> Yes, bad search filter there - apologies.
>
> This one is better:
>
> # ldapsearch -xLLL -D "cn=Directory Manager" -W -b
> ou=certificateprofiles,ou=ca,o=ipaca
> '(&(nsds5ReplConflict=*)(objectclass=ldapsubentry))'
>
> The base DN you want to specify is
On ma, 28 tammi 2019, François Cami wrote:
On Mon, Jan 28, 2019 at 1:02 PM Ronald Wimmer via FreeIPA-users
wrote:
On 28.01.19 12:42, Alexander Bokovoy wrote:
> On ma, 28 tammi 2019, Ronald Wimmer via FreeIPA-users wrote:
> [...]
>> Is there any experience on how to deal with such a situation?
On Mon, Jan 28, 2019 at 1:02 PM Ronald Wimmer via FreeIPA-users
wrote:
>
> On 28.01.19 12:42, Alexander Bokovoy wrote:
> > On ma, 28 tammi 2019, Ronald Wimmer via FreeIPA-users wrote:
> > [...]
> >> Is there any experience on how to deal with such a situation?
> > Really depends on where these
On Mon, Jan 28, 2019 at 12:52 PM Ronald Wimmer wrote:
> On 28.01.19 12:36, François Cami wrote:
> > On Mon, Jan 28, 2019 at 12:20 PM Ronald Wimmer via FreeIPA-users
> > wrote:
> >>
> >> What would be a good solution to add systems where the FQDN cannot be
> >> changed?
> >
> > It's a pretty
On 28.01.19 12:42, Alexander Bokovoy wrote:
On ma, 28 tammi 2019, Ronald Wimmer via FreeIPA-users wrote:
[...]
Is there any experience on how to deal with such a situation?
Really depends on where these existing clients are located and what is
their function. Do they belong to some other
On 28.01.19 12:36, François Cami wrote:
On Mon, Jan 28, 2019 at 12:20 PM Ronald Wimmer via FreeIPA-users
wrote:
What would be a good solution to add systems where the FQDN cannot be
changed?
It's a pretty generic question, could you be more specific?
Legacy systems are in an AD domain.
On ma, 28 tammi 2019, Ronald Wimmer via FreeIPA-users wrote:
What would be a good solution to add systems where the FQDN cannot be
changed?
Would it make sense to add a second DNS A Record in the IPA domain for
each of these systems?
Is there any experience on how to deal with such a
On Mon, Jan 28, 2019 at 12:20 PM Ronald Wimmer via FreeIPA-users
wrote:
>
> What would be a good solution to add systems where the FQDN cannot be
> changed?
It's a pretty generic question, could you be more specific?
For instance, does that legacy system live in a zone controlled by AD?
>
What would be a good solution to add systems where the FQDN cannot be
changed?
Would it make sense to add a second DNS A Record in the IPA domain for
each of these systems?
Is there any experience on how to deal with such a situation?
Thanks a lot in advance!
Cheers,
Ronald
16 matches
Mail list logo