Hi All,
I have a freeipa domain that I've been upgrading from running on CentOS
7.9 to Rocky Linux 8.6. The domain is only two servers: one is still
CentOS 7.9 and one is now Rocky Linux 8.6. The old CentOS 7.9 server it
replaced has already been dropped from the domain.
I added a new Rocky
OpenSSL 3.0.2-0ubuntu1.1 is installed in 22.04
Previous email with openssl and curl commands were runt in ubuntu 22.04
El vie, 27 may 2022 a la(s) 11:23, Rob Crittenden (rcrit...@redhat.com)
escribió:
> Thanks, this is very helpful. I wonder if the same s_client and curl
> commands work from the
Thanks, this is very helpful. I wonder if the same s_client and curl
commands work from the Ubuntu 22.04 machine or if they'll fail in the
same way.
The cert lacks a DNS SAN for the hostname. I suspect this may be the
issue (using the CN has been deprecated forever but was still allowed in
most
Here's info obtained from the same client using openssl, you can se that
subject CN is fine.
localadmin@fisica75:~$ echo | openssl s_client -showcerts -servername
ipaserver.fisica.cabib -connect ipaserver.fisica.cabib:443 2>/dev/null |
openssl x509 -inform pem -noout -text
Certificate:
Data:
Alexander's other suggestion was quite straight forward too, sharing the
process for the archive.
To allow customers to enroll hosts themselves and have automembership operate
on the "locality" attribute:
1. Create A/ records in the local DNS for the host you intend to add
Gustavo Berman via FreeIPA-users wrote:
> Hello there!
>
> Ubuntu 18.04 (and previous ones) works just fine
> In Ubuntu 22.04 I'm trying to execute ipa-client install but it fails with:
>
> root@fisica75:~# ipa-client-install
> This program will set up IPA client.
> Version 4.9.8
>
> WARNING:
Leo O via FreeIPA-users wrote:
> I wouldn't say "wrong approach in development" rather "wrong approach in
> FreeIPA development". There are a lot of products which you can extend pretty
> easy, e.g. by just mounting volumes with your files into the container.
> Especially a kind of a small
Angus Clarke wrote:
> Super that worked a treat thanks, however I see that the host can run
> the automember rebuild on any other host which might not be desirable.
There is no way that I know of to only do per-host rebuild. After all
it's just doing a regex so if a name matches the hostgroup is