On Wed, 2022-06-15 at 07:19 +0200, Sumit Bose via FreeIPA-users wrote:
> it you have an AD user with samAccountName=abc in a domain called
> ad.dom
> which has set userPrincipalName=x...@example.com calling
>
> getent passwd x...@example.com
>
> should return the user entry for a...@ad.dom.
Charles Hedrick via FreeIPA-users wrote:
> the error is
>
> The KDC certificate in cert.pem, privkey.pem is not valid: invalid for a KDC
A PKINIT certificate needs an EKU extension,
https://datatracker.ietf.org/doc/html/rfc4556
When generating the key with OpenSSL you need to include
the error is
The KDC certificate in cert.pem, privkey.pem is not valid: invalid for a KDC
From: Charles Hedrick via FreeIPA-users
Sent: Wednesday, June 15, 2022 3:39 PM
To: freeipa-users@lists.fedorahosted.org
Cc: Charles Hedrick
Subject: [Freeipa-users]
ipa-server-certinstall works fine for http and ldap. But I can't get the -k
option to work.
I've tried cert.pem and privkey.pem with and without chain.pem, as well as
fullchain.pem and privkey.pem (fullchain has both the cert and the chain).
The certs were issued by Internet2, which chains up
[solved]
As stated, SAN was missing in my certificates
I resubmitted my certificate at the ipa server adding SAN with:
# getcert resubmit -i -D $(hostname)
Now I can execute ipa-client-install without a problem!
Thanks!
El vie, 27 may 2022 a la(s) 11:38, Gustavo Berman
The FreeIPA team would like to announce FreeIPA 4.9.10 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.
== Highlights in 4.9.10
* 1539: [RFE] Add code to check password expiration on
Thanks Rob
Angus
From: Rob Crittenden
Sent: 15 June 2022 14:15
To: FreeIPA users list
Cc: Angus Clarke
Subject: Re: [Freeipa-users] Upgrading from EL7.9 to EL8
Angus Clarke via FreeIPA-users wrote:
> Hello
>
> I am planning the upgrade of one of our FreeIPA
On ke, 15 kesä 2022, Harald Dunkel via FreeIPA-users wrote:
On 2022-06-15 14:15:12, Rob Crittenden via FreeIPA-users wrote:
Major version upgrades via adding a new machine is the recommended and
documented route. It includes retiring existing, older servers, so have
a plan for that.
How
On 2022-06-15 14:15:12, Rob Crittenden via FreeIPA-users wrote:
Major version upgrades via adding a new machine is the recommended and
documented route. It includes retiring existing, older servers, so have
a plan for that.
How comes? Maybe I am wrong, but I saw FreeIPA as a set of (complex)
This exception is caused by the configuration problem of /etc/krb.conf. It has
been fixed. There is no problem with KDC service startup.
ipactl restart -d --force
root@fs-hiido-kerberos-21-117-149:/var/log/dirsrv/slapd-YYDEVOPS-COM# ipactl
status
Directory Service: RUNNING
krb5kdc Service:
Angus Clarke via FreeIPA-users wrote:
> Hello
>
> I am planning the upgrade of one of our FreeIPA deployments from EL7.9
>
> Previously, we have been quite good at upgrading through OS point
> upgrades (7.3, 7.4, 7.5 etc) as this was the advice through that series
> of FreeIPA software.
>
>
n keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
requested realm)
I think it's stuck here. What do I need to do with this
less /var/log/dirsrv/slapd-YYDEVOPS-COM/error
[15/Jun/2022:19:39:48 +0800] - SSL alert: Security Initialization: Enabling
default cipher set.
Hello
I am planning the upgrade of one of our FreeIPA deployments from EL7.9
Previously, we have been quite good at upgrading through OS point upgrades
(7.3, 7.4, 7.5 etc) as this was the advice through that series of FreeIPA
software.
Upgrading our FreeIPAs from EL7.9 today will see me
ipactl restart -d --force
ipa: INFO: The ipactl command was successful
root@fs-hiido-kerberos-21-117-149:/home/liangrui# ipactl status
Directory Service: RUNNING
krb5kdc Service: STOPPED
kadmin Service: STOPPED
ipa_memcached Service: RUNNING
httpd Service: STOPPED
ipa-custodia Service: RUNNING
14 matches
Mail list logo