On Mon, Oct 14, 2019 at 05:50:47PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
> On ma, 14 loka 2019, Kevin Vasko wrote:
> > Welp, I'm an idiot and you are completely 100% correct.
> >
> > It was indeed revoked, but the http servers certificate was revoked
> > and not the client..which is
Hello,
I’m trying to implement SSH Hostbased Authentication between IPA joined
machines but I’m with difficulties regarding:
* The /etc/ssh/ssh_known_hosts file.
In a FreeIPA environment the known_hosts are stored on IPA, and I’m
aware of the ProxyCommand
Ok guys, I’ve finally figured it out.
It was a software that put entries in wrong way on /etc/hosts.
So the host ended up with wrong name stored in Kerberos database and
known_hosts nor Kerberos authentication worked as expected.
Removing the wrong entries from /etc/hosts on the server solved
Rob,
After investigating the certs as you had suggested, I do have the whole
chain. The server cert has as its issuer:
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2
High Assurance Server CA
And the DigiCert.crt file has as its issuer and subject:
Issuer: C = US, O
Michael Schefczyk via FreeIPA-users wrote:
> Dear All,
>
> Trying to install ipa-server (4.7.1-11.module_el8.0.0+79+bbd20d7b package
> from @AppStream) on a new virtual CentOS Linux 8.0.1905 server within my LAN
> (fresh test install, the previous version on CentOS 7 did work), I
>
On ma, 14 loka 2019, Kevin Vasko wrote:
Welp, I'm an idiot and you are completely 100% correct.
It was indeed revoked, but the http servers certificate was revoked
and not the client..which is where I was focusing 100% of my
debugging. Which clears up a LOT of things. I originally was loading
Welp, I'm an idiot and you are completely 100% correct.
It was indeed revoked, but the http servers certificate was revoked
and not the client..which is where I was focusing 100% of my
debugging. Which clears up a LOT of things. I originally was loading
the ca.crt on an Ubuntu machine a few days
Elhamsadat Azarian wrote:
> I tryed to add HBAC rules to my user but it said : some operation
> failed. Users cannot be added when user category = all
Adding list back.
Try something like:
ipa hbactest --user elham --service ssh --host
There is an equivalent way to do it in the UI.
rob
>
>
