On ti, 06 loka 2020, Randall Hodges via FreeIPA-users wrote:
I just started working for a new company and they handed me this IPA
replication server with an issue logging on to the web UI. I get errors
when we try to login. I have been all over the web looking for answers.
I have check the
On Wed, Oct 07, 2020 at 03:58:19AM -, Chuck Musser via FreeIPA-users wrote:
> ok got it. I did the kinit to do the update and was able to import the cert
> and update the certs collection.
>
> It took several attempts and the above advice to get the right procedure, but
> to recap, the
ok got it. I did the kinit to do the update and was able to import the cert and
update the certs collection.
It took several attempts and the above advice to get the right procedure, but
to recap, the steps (near as I can tell) are:
1. Create a PKCS#12 certificate from the server certificate,
On Tue, Oct 06, 2020 at 09:07:17PM -, Chuck Musser via FreeIPA-users wrote:
> Thanks for pointing me in the right direction. I created a PKCS#12 file with
> the certificate, private key and the full certificate chain and tried to
> install it, but it needed to have my CA's cert installed,
The packages are vernila Centos 8 stream packages.
java-1.8.0-openjdk-1.8.0.265.b01-4.el8.x86_64
slf4j-1.7.25-4.module_el8.3.0+454+67dccca4.noarch
On Tue, Oct 6, 2020 at 3:51 PM Alexander Scheel wrote:
> (It helps).
>
> That's different?
>
> Check out this stack trace:
>
> Stack:
(It helps).
That's different?
Check out this stack trace:
Stack: [0x7f479ec47000,0x7f479ed47000],
sp=0x7f479ed425d0, free space=1005k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x818313]
Thanks for pointing me in the right direction. I created a PKCS#12 file with
the certificate, private key and the full certificate chain and tried to
install it, but it needed to have my CA's cert installed, which it said to do
with "ipa-cacert-manage" and "ipa-certupdate". The install step
I will get the trace that you requested later. I however have a dump that
the process created during the replica setup process.
I don't know if it helps in anyway.
_Uz
On Tue, Oct 6, 2020 at 12:31 PM Alexander Scheel wrote:
> Hi,
>
> I've created a NSS DB on F32 and tested with recent Dogtag
Syncing from OpenLDAP RFC2307, for now we are ok losing change an IPA admin
has made with OpenLDAP being the source of truth until we cut over to IPA.
I can accomplish this another way but seems to get tricky if a group is
removed on the source system, I have to get it removed at IPA as well.
Chuck Musser via FreeIPA-users wrote:
> Hi,
>
> We operate our own certificate authority for our internal infrastructure and
> I'd like to replace the certificate that comes with the FreeIPA installation
> with one we've generated for this host. This is FreeIPA, version: 4.6.6,
> running on
Hi,
We operate our own certificate authority for our internal infrastructure and
I'd like to replace the certificate that comes with the FreeIPA installation
with one we've generated for this host. This is FreeIPA, version: 4.6.6,
running on CentOS Linux release 7.8.2003 (Core).
I looked
Alfred Victor wrote:
> Hi Rob,
>
> Thanks for confirming. Is there any way to simply accomplish a sync, or
> will we need to achieve this by adding/removing groups using ipa
> commands based on an ldapsearch?
There is no IPA tool to do a sync like this. If you add/remove groups in
IPA to achieve
Hi,
I've created a NSS DB on F32 and tested with recent Dogtag PKI / JSS
packages and can't reproduce.
Could you rerun PKCS12Export under gdb (modify /usr/bin/PKCS12Export
and change the last execution (${JAVA} ${JAVA_OPTIONS} ...) to start
with `gdb --args`)? This should give us a better
Hi All,
I have a curious issue where ipa-replica-install fails or rather crashes
just as it is about for complete.
Both the master and the replica are Centos 8 Stream. I have also tested a
replica on fedora 32 with the same result.
Just after ipa-custodia setup is complete I get the following
White, David via FreeIPA-users wrote:
>> I assume /usr/local/lib/python3.x isn't in your PYTHONPATH. This is a
>> dead-end though as many of the checks aren't applicable to 4.6.x.
>
> Ah, that makes sense.
>
>> I did a backport a few releases ago and built it against EPEL but it's still
>>
Alfred Victor via FreeIPA-users wrote:
> Hi FreeIPA,
>
> Maybe I've misunderstood how migrate-ds should work, worth mentioning
> the source directory is RFC2307 - if ipa migrate-ds migrates a user,
> then later that user is added more groups and the same migrate-ds
> command is run again, should
>I assume /usr/local/lib/python3.x isn't in your PYTHONPATH. This is a
> dead-end though as many of the checks aren't applicable to 4.6.x.
Ah, that makes sense.
> I did a backport a few releases ago and built it against EPEL but it's still
> rough.
>
Hi FreeIPA,
Maybe I've misunderstood how migrate-ds should work, worth mentioning the
source directory is RFC2307 - if ipa migrate-ds migrates a user, then later
that user is added more groups and the same migrate-ds command is run
again, should it not add the user into the corresponding groups
I just started working for a new company and they handed me this IPA
replication server with an issue logging on to the web UI. I get errors when we
try to login. I have been all over the web looking for answers. I have check
the permission of all the certs and they are correct all have 0644 on
On Tue, Oct 06, 2020 at 01:59:52PM +0200, Ronald Wimmer via FreeIPA-users wrote:
> On 06.10.20 13:57, Dominik Vogt via FreeIPA-users wrote:
> > To get a list of Ipa users one can type something like
> >
> >$ ipa user-find | grep "User login:" | sed -e "/.* //"
> >
> > This works on any ipa
White, David via FreeIPA-users wrote:
> Are any of you aware of any way to get these health checks working on a RHEL
> 7 system?
> https://github.com/freeipa/freeipa-healthcheck
>
> IIRC, these checks weren't really introduced until a newer version of
> FreeIPA, so they are only included on
Are any of you aware of any way to get these health checks working on a RHEL 7
system?
https://github.com/freeipa/freeipa-healthcheck
IIRC, these checks weren't really introduced until a newer version of FreeIPA,
so they are only included on RHEL 8 and above, but I'm wondering if there's a
way
On 06.10.20 13:57, Dominik Vogt via FreeIPA-users wrote:
To get a list of Ipa users one can type something like
$ ipa user-find | grep "User login:" | sed -e "/.* //"
This works on any ipa client, but can take a couple of seconds.
This is a bit clumsy when scripting because scripts are slow
To get a list of Ipa users one can type something like
$ ipa user-find | grep "User login:" | sed -e "/.* //"
This works on any ipa client, but can take a couple of seconds.
This is a bit clumsy when scripting because scripts are slow to
respond. Is there a quicker way to get that list?
Ciao
24 matches
Mail list logo