Thanks for your input Rob - you've said enough to scare me off the topic!
Cheers
Angus
From: Rob Crittenden
Sent: 08 October 2020 20:52
To: FreeIPA users list
Cc: Angus Clarke
Subject: Re: [Freeipa-users] Stop/Disable Apache on IdM servers
Angus Clarke via Fre
On 08.10.20 19:05, Rob Verduijn via FreeIPA-users wrote:
duh it moved again
https://github.com/gssapi/gssproxy/tree/main/docs
the example is your answer
https://github.com/gssapi/gssproxy/blob/main/docs/NFS.md
I didn't even know this is possible. Thanks a lot!
Cheers,
Ronald
_
Hi Rob
I have fired up Apache Directory Studio, and have navigated the LDAP tree to the cn=NTP entry.
Should I be deleting the entire cn=NTP entry, with all attributes; or just the ipaConfigString "startOrder 45"?
thanks
Chris
- Original message -From: Rob Crittenden via FreeIPA-use
Hi.
On 10/8/20 9:06 PM, Rob Crittenden via FreeIPA-users wrote:
Radosław Kujawa via FreeIPA-users wrote:
Hi list.
Is it possible to add email subjectAltName to a certificate when it is
being signed by the IPA?
How would the profile know what e-mail to add?
These certificates are treated
Radosław Kujawa via FreeIPA-users wrote:
> Hi list.
>
> Is it possible to add email subjectAltName to a certificate when it is
> being signed by the IPA?
>
> My use case is that I have CSRs generated by the users. The tool used to
> generate the CSR does not allow to add me to include an email
>
Christopher Lamb via FreeIPA-users wrote:
> Hi All
>
> Last night we successfully upgraded our ipa server to OEL 7.9, and
> ipa-server-4.6.8-5.el7.
>
> However the ipa.service will not start, because it fails at the NTP Service.
>
> All other ipa components start if we use the --ignore-servic
Angus Clarke via FreeIPA-users wrote:
> Hello
>
> We have a single mesh of FreeIPA servers in several different locations,
> we capture logs (apache ErrorLog directive) to a log server in each of
> those locations. When auditors ask us questions we have to trawl log
> servers from all locations as
François Cami via FreeIPA-users wrote:
> On Thu, Oct 8, 2020 at 7:00 PM Albert Szostkiewicz via FreeIPA-users
> wrote:
>>
>> Unfortunately I am unable to pinpoint what happened.
>> No replica, some backups, but not sure how far to look for yet.
>>
>> dirsrv@HOME-MYDOMAIN-COM
>> works and it's acti
On Thu, Oct 8, 2020 at 7:00 PM Albert Szostkiewicz via FreeIPA-users
wrote:
>
> Unfortunately I am unable to pinpoint what happened.
> No replica, some backups, but not sure how far to look for yet.
>
> dirsrv@HOME-MYDOMAIN-COM
> works and it's active
>
> but only
> dirsrv@IPA-MYDOMAIN-COM
> does
duh it moved again
https://github.com/gssapi/gssproxy/tree/main/docs
the example is your answer
https://github.com/gssapi/gssproxy/blob/main/docs/NFS.md
Rob
Op do 8 okt. 2020 om 19:03 schreef Rob Verduijn :
> Hi,
> Check this, it is already installed on your rhel/centos server, and works
>
Hi,
Check this, it is already installed on your rhel/centos server, and works
great with ipa.
( in fact the lead dev is also a dev on ipa )
https://pagure.io/gssproxy
Rob
Op do 8 okt. 2020 om 18:20 schreef Kevin Vasko via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:
> Hello,
>
> We hav
Unfortunately I am unable to pinpoint what happened.
No replica, some backups, but not sure how far to look for yet.
dirsrv@HOME-MYDOMAIN-COM
works and it's active
but only
dirsrv@IPA-MYDOMAIN-COM
does not
I am little bit confused as my domain is 'home.mydomain.com' therefore i wasn't
sure if
On Thu, Oct 8, 2020 at 6:27 PM Albert Szostkiewicz via FreeIPA-users
wrote:
>
> Hi!
>
> My dirsrv@IPA-MYDOMAIN-COM.service on IPA server fails to start due to
> missing configuration. How can I re-create one ?
>
> journalctl:
> ds_systemd_ask_password_acl[10117]: grep:
> /etc/dirsrv/slapd-IPA-MY
Want to note that my domain is 'home.mydomain.com' not 'ipa.mydomain.com'
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://do
Hi!
My dirsrv@IPA-MYDOMAIN-COM.service on IPA server fails to start due to missing
configuration. How can I re-create one ?
journalctl:
ds_systemd_ask_password_acl[10117]: grep:
/etc/dirsrv/slapd-IPA-MYDOMAIN-COM/dse.ldif: No such file or directory
ns-slapd[10122]: INFO - dse_check_file - The c
Hello,
We have an application that does some data processing on our NFS server. Users
typically just ssh into a box which then has a kerberos key generated for them,
which allows them access the NFS share and run the script.
We are wanting to set this up in a more automated fashion. Such as run
Hi list.
Is it possible to add email subjectAltName to a certificate when it is
being signed by the IPA?
My use case is that I have CSRs generated by the users. The tool used to
generate the CSR does not allow to add me to include an email
subjectAltName. The problem is that private key is h
Hi All
Last night we successfully upgraded our ipa server to OEL 7.9, and ipa-server-4.6.8-5.el7.
However the ipa.service will not start, because it fails at the NTP Service.
All other ipa components start if we use the --ignore-service-failures option.
# ipactl start --ignore-service-failu
Hello
We have a single mesh of FreeIPA servers in several different locations, we
capture logs (apache ErrorLog directive) to a log server in each of those
locations. When auditors ask us questions we have to trawl log servers from all
locations as our IdM administrators might have used any of
On 10/8/20 12:53 PM, Arjen Heidinga via FreeIPA-users wrote:
Hello all!
Since sime time my pki-tomcat deamon can't connect to the LDAP., ging me
an error (below). The root-CA was expired in the meantime, I fixed it
with some hack-n-slashwork. I am not sure what credentials (none, client
cert?
Hello all!
Since sime time my pki-tomcat deamon can't connect to the LDAP., ging me
an error (below). The root-CA was expired in the meantime, I fixed it
with some hack-n-slashwork. I am not sure what credentials (none, client
cert?) are used to connect.
Does anyone have pointers? Hope I hav
21 matches
Mail list logo