john doe via FreeIPA-users wrote:
> Are there any options to deploy it within an existing domain with the
> constraints being:
>
> - no domain delegation
DNS domain delegation? Do you mean it doesn't delegate any domains or it
doesn't require delegation?
> - write access to the applicable zone
Sergiy Genyuk via FreeIPA-users
writes:
> Thank you for your reply, I do have ipv6 disabled and in capture do not see
> failed attempts.
> In capture it is only ipv4:
>
> 1 0.0 xx.xx.xx.xx -> yy.yy.yy.yy RADIUS 117 Access-Request(1)
> (id=214, l=75)
> 2 7.889686902 yy.yy.yy.yy ->
Thanks for that info, I don't see any suspicious errors in startup that I
haven't seen before. Just the following:
- Token named "NSS Generic Crypto Services", not "NSS Certificate DB",
skipping.
- Error opening "/etc/httpd/alias/pwdfile.txt": No such file or directory.
I don't think either of
Alfred Victor via FreeIPA-users wrote:
> Hi FreeIPA,
>
> We are testing an IPA deployment and regularly using expect to perform
> ipa migrate-ds commands to keep the IPA environment refreshed. However,
> I cannot seem to get any log trail of the migrates...it is proving
> difficult in expect to
Ilya Kogan wrote:
> Wow ok, that was easy. `getcert list` now reports correct expiration
> dates for those certificates and they're all in MONITORING. It still has
> that ca-error field although it's no longer trying to renew. Is that
> going to be an issue or is it just going to try again when
Hi FreeIPA,
We are testing an IPA deployment and regularly using expect to perform ipa
migrate-ds commands to keep the IPA environment refreshed. However, I
cannot seem to get any log trail of the migrates...it is proving difficult
in expect to capture/log the output, and there appears to be no
White, Daniel E. (GSFC-770.0)[NICS] wrote:
> For your amusement:
>
> Red Hat Support referred me to
>
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1273040 (A RHEL 7 RFE)
>
>
>
> and
>
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1654395 (The same RFE,
> pushed to RHEL 8)
Florence,
Thank you for answering this. Still no luck yet, out of options where to look
at:
BEFORE:
[root@server-02 ~]# ipa-server-install --uninstall
---8<--8<--8<---
Client uninstall complete.
The ipa-client-install command was successful
[root@ipa-server-02 ~]#
[root@ipa-server-02
Wow ok, that was easy. `getcert list` now reports correct expiration dates
for those certificates and they're all in MONITORING. It still has that
ca-error field although it's no longer trying to renew. Is that going to be
an issue or is it just going to try again when it's time to renew and
For your amusement:
Red Hat Support referred me to
https://bugzilla.redhat.com/show_bug.cgi?id=1273040 (A RHEL 7 RFE)
and
https://bugzilla.redhat.com/show_bug.cgi?id=1654395 (The same RFE, pushed to
RHEL 8)
…, saying, "You can also set a policy to automatically disable an account if
the
Hi Jochen,
Thank you for your reply, I do have ipv6 disabled and in capture do not see
failed attempts.
In capture it is only ipv4:
1 0.0 xx.xx.xx.xx -> yy.yy.yy.yy RADIUS 117 Access-Request(1)
(id=214, l=75)
2 7.889686902 yy.yy.yy.yy -> xx.xx.xx.xx RADIUS 90 Access-Accept(2)
Hello Sergiy,
Sergiy Genyuk via FreeIPA-users
writes:
> I have setup radius proxy (DUO) and associate user with it. Everything works
> except radius
> timeout. It is 5 seconds and you have to be blazing fast to push the button
> :-)
> I did adjust radius timeout in freeipa to 30 seconds but
Hello
I have setup radius proxy (DUO) and associate user with it. Everything works
except radius
timeout. It is 5 seconds and you have to be blazing fast to push the button :-)
I did adjust radius timeout in freeipa to 30 seconds but it is still 5
seconds. As well I
have tried a trick with
On 7/6/20 7:59 PM, Ilya Kogan via FreeIPA-users wrote:
Hi,
Thanks for the help so far! I've actually run `ipa-cert-fix` on both
nodes, it says everything is ok on both nodes. When I run it with
verbose mode, it spits out the command it's running and the certificate
it got, for example:
Hello,
I've been working with idm ad integration for some time now.
But one thing has always confused me.
In all the docs it will tell you to check the dns to see if the dns records
resolve.
dig +short -t SRV _kerberos._udp.idm.example.com.
dig +short -t SRV _ldap._tcp.idm.example.com.
dig
15 matches
Mail list logo
