Also, sorry for the followup, but I forgot to mention.
All services and communication seem to be working with the exception of the
following:
1. The joining new servers to IPA as the downloads the bundle for path A still
and puts in in /etc/ipa/ca.crt which will then fail on the API calls
On May 30, 2020, the AddTrust CA expired as a CA. I'll get to the IPA issue
after a bit of background in case everyone is not familiar. The external certs
we're using are from InCommon and were cross signed by AddTrust and when we
originally got the certs, the trust A path was below:
Florence,
I didn't change anything and it now works :\
Anyway I'll follow your recommandation and use external groups and so on.
Merci !
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
On to, 04 kesä 2020, dmitriys via FreeIPA-users wrote:
Good day!
I tried add windows host in Freeipa and get
04:05:59.302019 IP (tos 0x0, ttl 123, id 27536, offset 0, flags [none], proto
UDP (17), length 205)
cyberark-psm.exemple.com.54676 > ldap.exemple.com.kerberos: [udp sum ok] v5
On 6/4/20 10:07 AM, dmitriys via FreeIPA-users wrote:
Good day!
I tried add windows host in Freeipa and get
Hi,
can you provide a little more context? What do you mean by "add windows
host in Freeipa", which command are you running and what is the output?
It's difficult to understand from a
Hi,
in order to use AD users or groups in HBAC/sudo rules, you need to first
create an external group (ipa group-add --external extgrp) that will
contain your AD users/groups, then create a posix group (ipa group-add
grp) and add the external group as member of the posix group (ipa
Good morning all,
I created a lab with freeIPA and AD with a trust.
- AD domain : test.lu
- IPA domain : test2.lu
I have installed a Oracle Linux 8.2 VM as the client.
I created a freeIPA user group : tgo_admins
There are 2 members :
- ipalocaluser (local IPA account)
- aduser (AD account)
Good day!
I tried add windows host in Freeipa and get
04:05:59.302019 IP (tos 0x0, ttl 123, id 27536, offset 0, flags [none], proto
UDP (17), length 205)
cyberark-psm.exemple.com.54676 > ldap.exemple.com.kerberos: [udp sum ok] v5
04:05:59.303073 IP (tos 0x0, ttl 64, id 24242, offset 0,