[Freeipa-users] Re: ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)

On pe, 15 loka 2021, Rob Crittenden via FreeIPA-users wrote: Natxo Asenjo wrote: hi, On Fri, Oct 15, 2021 at 7:52 PM Rob Crittenden mailto:rcrit...@redhat.com>> wrote: What are your package versions of ipa-server and pki-ca? The CA is trying to reduce its dependencies and one of

[Freeipa-users] Re: ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)

Natxo Asenjo wrote: > hi, > > On Fri, Oct 15, 2021 at 7:52 PM Rob Crittenden > wrote: > > > What are your package versions of ipa-server and pki-ca? > > The CA is trying to reduce its dependencies and one of them provides > responses over XML. So IPA

[Freeipa-users] Re: RA Agent certificate authorisation fails – how to debug?

Tomasz Torcz via FreeIPA-users wrote: > On Tue, Oct 12, 2021 at 02:33:01PM -0400, Rob Crittenden via FreeIPA-users > wrote: >> Tomasz Torcz via FreeIPA-users wrote: >>> On Sat, Oct 02, 2021 at 04:38:34PM +0200, Tomasz Torcz via FreeIPA-users >>> wrote: $ ipa-acme-manage enable Failed

[Freeipa-users] Re: ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)

hi, On Fri, Oct 15, 2021 at 7:52 PM Rob Crittenden wrote: > > What are your package versions of ipa-server and pki-ca? > > The CA is trying to reduce its dependencies and one of them provides > responses over XML. So IPA needed to adjust and expect this. It looks > like the two sides are

[Freeipa-users] Re: ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)

Natxo Asenjo via FreeIPA-users wrote: > hi, > > I have a lab test with fedora 34 (latest patches) and everything works > ok except the CA, > > > > # ipa -d cert-find > ipa: DEBUG: Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > ipa: DEBUG: Loading StateFile from >

[Freeipa-users] ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)

hi, I have a lab test with fedora 34 (latest patches) and everything works ok except the CA, # ipa -d cert-find ipa: DEBUG: Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' ipa: DEBUG: Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' ipa: DEBUG:

[Freeipa-users] firewall rules for AD trust

Hello everybody, I have an Idm setup configured with AD trust. I would like to know if the systems in DMZ need to have firewall ports opened only for IPA servers or they need to access AD domain controllers as well ? Apparently, only with the rules for the IPA servers the authentication

[Freeipa-users] Re: nsswitch sudoers sssd vs files priority

Hi, forwarding the e-mail to Pavel who is authselect maintainer. On Thu, Oct 14, 2021 at 12:04 AM Nathanaël Blanchet via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello, > > I noticed that "sudoers files" was default prior over "sudoers sssd" > into