[Freeipa-users] DNS add error during replica install

Hi All, I have a freeipa domain that I've been upgrading from running on CentOS 7.9 to Rocky Linux 8.6. The domain is only two servers: one is still CentOS 7.9 and one is now Rocky Linux 8.6. The old CentOS 7.9 server it replaced has already been dropped from the domain. I added a new Rocky

[Freeipa-users] Re: Install client fails in Ubuntu 22.04

OpenSSL 3.0.2-0ubuntu1.1 is installed in 22.04 Previous email with openssl and curl commands were runt in ubuntu 22.04 El vie, 27 may 2022 a la(s) 11:23, Rob Crittenden (rcrit...@redhat.com) escribió: > Thanks, this is very helpful. I wonder if the same s_client and curl > commands work from the

[Freeipa-users] Re: Install client fails in Ubuntu 22.04

Thanks, this is very helpful. I wonder if the same s_client and curl commands work from the Ubuntu 22.04 machine or if they'll fail in the same way. The cert lacks a DNS SAN for the hostname. I suspect this may be the issue (using the CN has been deprecated forever but was still allowed in most

[Freeipa-users] Re: Install client fails in Ubuntu 22.04

Here's info obtained from the same client using openssl, you can se that subject CN is fine. localadmin@fisica75:~$ echo | openssl s_client -showcerts -servername ipaserver.fisica.cabib -connect ipaserver.fisica.cabib:443 2>/dev/null | openssl x509 -inform pem -noout -text Certificate: Data:

[Freeipa-users] Re: hostgroup automember rules

Alexander's other suggestion was quite straight forward too, sharing the process for the archive. To allow customers to enroll hosts themselves and have automembership operate on the "locality" attribute: 1. Create A/ records in the local DNS for the host you intend to add

[Freeipa-users] Re: Install client fails in Ubuntu 22.04

Gustavo Berman via FreeIPA-users wrote: > Hello there! > > Ubuntu 18.04 (and previous ones) works just fine > In Ubuntu 22.04 I'm trying to execute ipa-client install but it fails with: > > root@fisica75:~# ipa-client-install > This program will set up IPA client. > Version 4.9.8 > > WARNING:

[Freeipa-users] Re: Extending FreeIPA (Schema, CI, UI)

Leo O via FreeIPA-users wrote: > I wouldn't say "wrong approach in development" rather "wrong approach in > FreeIPA development". There are a lot of products which you can extend pretty > easy, e.g. by just mounting volumes with your files into the container. > Especially a kind of a small

[Freeipa-users] Re: hostgroup automember rules

Angus Clarke wrote: > Super that worked a treat thanks, however I see that the host can run > the automember rebuild on any other host which might not be desirable. There is no way that I know of to only do per-host rebuild. After all it's just doing a regex so if a name matches the hostgroup is