Hi,
this is mostly a message to all kind people who help us to localize
FreeIPA interfaces. Fedora Project decided to switch from Zanata to
Weblate for their translation project. This means we are asked to
migrate from Zanata server too.
As of yesterday, we made the last cut of content from the
On ti, 24 maalis 2020, Daniel PC via FreeIPA-users wrote:
I would like to configure DNS to respond with a different IP depending
on the requester source IP. Bind allow it using ACL. Do you know if
it is possible to implement this feature on IPA integrated DNS?
Can you show bind's equivalent
On ti, 24 maalis 2020, White, David via FreeIPA-users wrote:
When I ssh, it takes about that long before it even prompts me for my username.
Then it takes a few more seconds to authenticate me after I type in my password.
I need to correct myself here.
When I SSH, it prompts for a username
On ti, 24 maalis 2020, Scott Reed via FreeIPA-users wrote:
Sumit,
Why would I not want to login to the server with IPA accounts? I can
control their access privileges with the IPA policies.
This is fully under your control. See man page for
ipa-server-install(1), it describes all options.
Do not drop the mailing list, please.
On la, 07 maalis 2020, Nick DeMarco wrote:
root@drupal:~# getent passwd ndemarco
So, SSSD does not see the user.
root@drupal:~# sssctl domain-status pchem.pro
Unable to get online status [3]: Communication error
org.freedesktop.systemd1.NoSuchUnit:
Hello!
The FreeIPA team would like to announce FreeIPA 4.8.5 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 30-32 versions will be available soon.
== Highlights in 4.8.5 ==
- [8214] openDNSSEC 2.1 support
- [8221] AJP connector protection
for
On ti, 05 touko 2020, Rami Elias (TECH V) via FreeIPA-users wrote:
Hello,
actually i can't provision new repliacs due to this on Centos 8.1:
https://bugs.centos.org/view.php?id=16929
it seems that the ipa package was compiled against an old samba version
but this samba in version 4.9.1 seems
On to, 07 touko 2020, Mary Georgiou via FreeIPA-users wrote:
Hi Mark,
Thank you very much for your quick and detailed answer.
I'm a bit confused with some details I do not understand. I ran this
query and I got back only the user entires. Arent's also the groups
part of this (since they can be
On ti, 19 touko 2020, Mark Potter via FreeIPA-users wrote:
While I have seen similar posts to the list while digging through the
archive, I cannot find this question specifically answered. We are coming
from OpenLDAP and migrating to FreeIPA on CentOS 7.5. We are using indirect
memberships to
On su, 24 touko 2020, Klaus Vink Slott via FreeIPA-users wrote:
Hi
I am trying to mix files based automount entries with some entries from
IPA. I found that in order to make this work on Centos clients I must
place files before sss in nsswitch. After this discovery I just made my
ansible setup
On pe, 04 syys 2020, Johnny Utahh via FreeIPA-users wrote:
On 2020-09-04 12:43 AM, Alexander Bokovoy via FreeIPA-users wrote:
> Please use FreeIPA backup/restore tools that already handle what you
> need to achieve.
Thanks for the timely feedback.
`ipa-backup` unfortunately does not
On to, 03 syys 2020, John Burns via FreeIPA-users wrote:
What exactly should be granted to enable a user to view /edit freeIPA roles?
Specifically, what enables a user to view anything under "IPA Server" > "Role-Based
Access Control?"
Context: roles, privileges, permissions are all populated
On to, 03 syys 2020, Johnny Utahh via FreeIPA-users wrote:
We are seeking ALL the FreeIPA file/database file paths created in the
|ipa-server-install| command in the |freeipa-server| package on Ubuntu
18.04. We're looking for a /comprehensive/ list.
Is this feasible?
Details:
On to, 10 syys 2020, Dominik Vogt via FreeIPA-users wrote:
On Thu, Sep 10, 2020 at 11:17:42AM -0400, Rob Crittenden via FreeIPA-users
wrote:
> a customer wants to use the Redhat certificate system instead of
> the one built into freeipa. AFAIK both use dogtag under the hood.
Can you expand
On ke, 09 syys 2020, Scott Serr via FreeIPA-users wrote:
My environment is: CentOS 8.2, FreeIPA 4.8.4, single instance, no clients
My minimal test case plugin looks like this:
user.takes_params += (
Str('useraffiliation?',
cli_name = 'useraffiliation',
label = _('User Affiliation'),
),
)
On su, 06 syys 2020, Jochen Kellner via FreeIPA-users wrote:
Hello,
I'm running IPA on current Fedora 32, freeipa-server-4.8.9-2 and
pki-server-10.9.0-0.4
Today the certificate of my IMAP server (running on Debian Buster) was
automatically refreshed:
,
| Request ID '20181003215953':
|
On ti, 15 syys 2020, Ronald Wimmer via FreeIPA-users wrote:
On 15.09.20 15:48, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.09.20 16:06, Ronald Wimmer via FreeIPA-users wrote:
I am confronted with a relatively strange behaviour regarding ipa and
On ti, 15 syys 2020, Ronald Wimmer via FreeIPA-users wrote:
On 15.09.20 16:39, Alexander Bokovoy via FreeIPA-users wrote:
On ti, 15 syys 2020, Ronald Wimmer via FreeIPA-users wrote:
On 15.09.20 15:48, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.09.20
On ti, 06 loka 2020, Randall Hodges via FreeIPA-users wrote:
I just started working for a new company and they handed me this IPA
replication server with an issue logging on to the web UI. I get errors
when we try to login. I have been all over the web looking for answers.
I have check the
On ke, 07 loka 2020, Christopher Lamb via FreeIPA-users wrote:
Hi all
Security scans of our ipa server report a vulnerability “JQuery 1.2 <
On ke, 07 loka 2020, Randall Hodges via FreeIPA-users wrote:
[root@par01vmidm01 ~]# ipa-pkinit-manage status
PKINIT is disabled
The ipa-pkinit-manage command was successful
The domain I changed from my company domain to example they are all correct.
Since i was not in on the setup not sure if
On ke, 07 loka 2020, Randall Hodges via FreeIPA-users wrote:
I enabled it and where what it shows, it stills does not let me log in. It also
does not write to the ccache as well. I even redid the kinit admin command got
a new ticket and still does not let me in to the web ui.
On ma, 12 loka 2020, Chris Dagdigian via FreeIPA-users wrote:
Spoke too soon -- looks like FreeIPA 4.8.7 does not support the
'--idoverrideusers' stuff shown on that URL:
Usage: ipa [global-options] group-add-member GROUP-NAME [options]
$ ipa group-add-member admins --idoverrideusers
Usage:
On ma, 12 loka 2020, Chris Dagdigian wrote:
Thanks Alexander (you've been helpful for *years* on this list, much
appreciated ...)
Looks like my issue was being unfamiliar with the CentOS/RHEL 8Â "dnf" repo
commands ...
For CentOS 8 the specific command was:
# dnf module install
On la, 17 loka 2020, Albert Szostkiewicz via FreeIPA-users wrote:
ws.home.mydomain.com gssproxy[1151]: gssproxy[1226]: (OID: { 1 2 840 113554 1 2
2 }) Unspecified GSS failure. Minor code may provide more information, No
credentials cache found
ws.home.mydomain.com gssproxy[1226]: (OID: { 1 2
On ma, 19 loka 2020, Christian Heimes via FreeIPA-users wrote:
On 19/10/2020 15.17, Krzysztof O via FreeIPA-users wrote:
Krzysztof O via FreeIPA-users wrote:
RFC 3280 defines the upper-bound of common name at 64 and is mandatory.
What problem is this causing?
rob
When issuing CSR from the
On ke, 14 loka 2020, Michael Romero via FreeIPA-users wrote:
Also having this issue when running this container on MacOS 10.15.17.
ninjitsu@derpenstein freeipa-container % docker run -e IPA_SERVER_IP=10.12.0.98
-p 53:53/udp -p 53:53 -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p
On ti, 18 elo 2020, John Spooner via FreeIPA-users wrote:
Hello,
I have been tasked with installing FreeIPA in our environment to help
manage certificates for Postgres, NGINX and RabbitMQ. I am completely
new to the administrative side of certificates, so I may have made some
incorrect
On pe, 28 elo 2020, Ruslan Skira via FreeIPA-users wrote:
Hello, guys could please clarify and help me I need to add pre_callback
fo user_disable function. But this object does not have such methods.
But user_delete has. How I should add my extra logic to this method?
Since user_disable class
when sssd profile is chosen.
On 26/08/2020 19:07, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 26 elo 2020, Giulio Casella via FreeIPA-users wrote:
Hi,
I have a FreeIPA setup, in trust with an AD domain.
Is there a way to list trusted users (e.g. belonging to AD domain)
using FreeIPA
On pe, 28 elo 2020, Giulio Casella wrote:
On 28/08/2020 11:29, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 28 elo 2020, Giulio Casella wrote:
The goal is to create users' home directory.
My setup is a (existing) AD architecture, with FreeIPA trusted with it.
Linux workstations (Fedora
On ke, 26 elo 2020, Giulio Casella via FreeIPA-users wrote:
Hi,
I have a FreeIPA setup, in trust with an AD domain.
Is there a way to list trusted users (e.g. belonging to AD domain) using
FreeIPA (for instance with api)?
I only managed to list local users only (currently only "admin" user in
On pe, 28 elo 2020, Jonathan Aquilina via FreeIPA-users wrote:
Afternoon all,
I am just wondering does free ipa have the ability to integrate with azure
AD based infrastructure or is a proper active directory domain required?
On la, 29 elo 2020, Jonathan Aquilina via FreeIPA-users wrote:
What additional protections can I get from integrating free ipa into my
infrastructure
Additional to what? Perhaps you need to explain in more details what are
you considering?
Otherwise,
On la, 29 elo 2020, Jonathan Aquilina wrote:
Hi Alexander,
That is correct it is a hosted solution from microsoft.
What I do find interesting is you can have a VM in azure running AD
that connects to Azure AD. Is it possible from freeipa to connect to a
cloud based VM that is running AD?
If
The FreeIPA team would like to announce FreeIPA 4.8.9 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.
== Highlights in 4.8.9
* 5011: [RFE] Forward CA requests to dogtag or helper by
Hello!
The FreeIPA team would like to announce FreeIPA 4.8.10 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.
Fedora 33: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e9e815177e
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
On 01.10.20 17:46, Alexander Bokovoy wrote:
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
Is it possible to set this flag by default for all new IPA hosts?
I checked the code and there is no way to set it by default.
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
Is it possible to set this flag by default for all new IPA hosts?
I checked the code and there is no way to set it by default. You have to
explicitly specify --ok-as-delegate=true when adding hosts and services.
--
/ Alexander
On la, 03 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
On 02.10.20 16:03, Simo Sorce via FreeIPA-users wrote:
On Fri, 2020-10-02 at 12:27 +0200, Ronald Wimmer via FreeIPA-users
wrote:
How could I possibly find the POSIX ids of all mapped Active Directory
users?
I do neither see them in
On la, 03 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
On 03.10.20 09:53, Alexander Bokovoy via FreeIPA-users wrote:
On la, 03 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
On 02.10.20 16:03, Simo Sorce via FreeIPA-users wrote:
On Fri, 2020-10-02 at 12:27 +0200, Ronald Wimmer via
On to, 17 syys 2020, Ronald Wimmer wrote:
On 15.09.20 17:19, Alexander Bokovoy via FreeIPA-users wrote:
On ti, 15 syys 2020, Ronald Wimmer via FreeIPA-users wrote:
On 15.09.20 16:39, Alexander Bokovoy via FreeIPA-users wrote:
On ti, 15 syys 2020, Ronald Wimmer via FreeIPA-users wrote
On ma, 25 touko 2020, Peter Tselios via FreeIPA-users wrote:
Hello,
How do I perform a "session logout" in the API?
I am using the ansible's URI module and so far I tried a few different options,
like for example this:
- name: Logout from IdM API
uri:
url: "https://{{ ipa_master
On su, 24 touko 2020, Klaus Vink Slott via FreeIPA-users wrote:
Thanks Alexander - I stand corrected. Sorry my limited english made draw
faulty assumptions.
On 24.05.2020 15.46, Alexander Bokovoy wrote:
On su, 24 touko 2020, Klaus Vink Slott via FreeIPA-users wrote:
Now moving to Centos 8 I
On ke, 27 touko 2020, Monkey Bizness via FreeIPA-users wrote:
Thanks for the quick response Alexander.
AD1 and AD2 will be seperate forests. So an external trust...But be
reading the docs, it seems to be possible to create a trnasitive
external one-way trust between the 2 ADs.
But that allow
On ti, 26 touko 2020, Monkey Bizness via FreeIPA-users wrote:
Hi,
I have an infrastructure with 2 ad clusters.
AD 1 trusts AD 2
How does it trust each other? Forest trust between AD 1 and AD 2, they
are part of the same (bigger) forest, they have external trust to each
other or something
On ti, 02 kesä 2020, Natxo Asenjo via FreeIPA-users wrote:
hi,
We have a new realm with rhel 7.8 and a default CA key of 2048 bits.
Recently a question arose to upgrade this to 4096 bits.
According to this blog post
On to, 22 loka 2020, Giulio Casella via FreeIPA-users wrote:
Hi,
I have a IPA setup, in trust with active directory.
I noticed a strange behaviour in HBAC.
In details:
I have a group ("extgroup"), defined as external, containing an active
directory user ("u...@ad.dom.ain").
I defined a HBAC
On su, 25 loka 2020, Vinícius Ferrão via FreeIPA-users wrote:
Hi Alexander,
On 24 Oct 2020, at 14:41, Alexander Bokovoy <[1]aboko...@redhat.com>
On Sat, 24 Oct 2020, Vin??cius Ferr??o via FreeIPA-users wrote:
Hello,
I???m aware that we can make overrides on AD users with the Default
Trust View object on IPA. I???ve created another one for specific users
named ???Clients Trust??? and added three user accounts there. Made the
overrides
On pe, 31 heinä 2020, Damjan Kumin via FreeIPA-users wrote:
rob,
thanks. You solved it for me - enabling idm:DL1 did the trick. Now I am
upgrading to 4.8.4 as I type this. Though as far as I can remember I
did not manually install IPA and it seems that it is provided trough
Identity Management
On ma, 03 elo 2020, Николай Савельев via FreeIPA-users wrote:
Hi. I'm twsting ubuntu 20.04 in freeipa domain with smbclient.
In some cases it works (fresh installation of xubuntu, for example), in
other - dont (upgrade kubuntu from 18.04).
On to, 13 elo 2020, Hannes Eberhardt via FreeIPA-users wrote:
Hi,
I am currently evaluating FreeIPA for a deployment in our department
and I am running into problems with GSSAPI authentication from AD
managed Windows clients to IPA managed servers.
The situation:
We do want to build an IPA
On to, 13 elo 2020, Hannes Eberhardt via FreeIPA-users wrote:
Thanks for your fast reply.
I did'nt know that I must not use the root domain under the domain
realms. Thanks for the hint and the reference. We configured the trust
again, now with all relevant subdomains and SSO is now working.
I
On to, 06 elo 2020, Victor via FreeIPA-users wrote:
Hello Alexander,
[06/Aug/2020:08:58:31.135610842 +0200] conn=719 fd=104 slot=104 connection from
X.X.X.X to Y.Y.Y.Y
[06/Aug/2020:08:58:31.135957181 +0200] conn=719 op=0 BIND dn="" method=128
version=3
[06/Aug/2020:08:58:31.136093561 +0200]
On ti, 04 elo 2020, White, David via FreeIPA-users wrote:
We have a IPA environment that has an existing trust with Active Directory.
I'm trying to troubleshoot some things, and am trying to run a `ldapsearch`
against our IPA environment.
It keeps asking for an LDAP Bind password.
1. I know
On to, 06 elo 2020, Victor via FreeIPA-users wrote:
Hello Rob,
The problem is the logs indicate the exact same search request (only timeLimit
differs: 10 vs 0) and bind credentials which in the case of rlm_ldap request
fail and succeed for ldapsearch:
[06/Aug/2020:08:58:31.136692919 +0200]
On ti, 04 elo 2020, Fujisan via FreeIPA-users wrote:
I noticed that there is only one file in /etc/httpd/alias, therefore giving the error
message "certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad
database"
# ll /etc/httpd/alias
total 4
-rw--- 1 root root 32 Apr 16
On ti, 07 heinä 2020, Gerald Vogt via FreeIPA-users wrote:
Hi!
I am trying to get a kerberos realm to trust the ipa realm. I'm running
ipa-server-4.6.6-11.el7 on a CentOS 7. It uses realm IPA.EXAMPLE.COM.
I have another KDC on another CentOS 7 which has another realm
KRB.EXAMPLE.COM with a
On ti, 07 heinä 2020, Gerald Vogt via FreeIPA-users wrote:
On 07.07.20 10:13, Alexander Bokovoy wrote:
On ti, 07 heinä 2020, Gerald Vogt via FreeIPA-users wrote:
Hi!
I am trying to get a kerberos realm to trust the ipa realm. I'm running
ipa-server-4.6.6-11.el7 on a CentOS 7. It uses
On ti, 07 heinä 2020, Saurabh Garg via FreeIPA-users wrote:
Hi All,
We have a requirement where we need to give a user access to stop and
start a service like tomcat8 without giving sudo access on that
machine.
I tried adding tomcat8 service (running on an ubuntu host) on the Idm
server using
On ti, 07 heinä 2020, lovepreetdeol via FreeIPA-users wrote:
Hi,
Running freeIPA server on centos 8.2. Trying to setup mixed OS
environment with linux and windows clients. Another centos8.2 machine
connects to freeIPA without any problem.
I am trying to connect a windows 10 client to the
On pe, 03 heinä 2020, Vinícius Ferrão via FreeIPA-users wrote:
Hello,
I have two FreeIPA servers with AD trust enabled. Usually I do everything
on the IPA #1 server, but I just observed that SIDs aren’t resolved on
On pe, 03 heinä 2020, Vinícius Ferrão wrote:
Hi Alexander,
But is it ok to not being controller trust or trust agent? It’s a good
idea to be a trust agent at least? How can I check both?
'trust agent' is IPA server which resolves AD users and groups. So if
you want your IPA clients to resolve
On pe, 03 heinä 2020, Vinícius Ferrão wrote:
I guess as long as you are using fully qualified AD users/groups names
on IPA masters, you don't need to remove the setting.
Ok! Thank you.
I’ll do some testing to see if the strange behaviour of getent will be
solved removing the AD domain from
Hello!
The FreeIPA team would like to announce FreeIPA 4.6.9 release!
It can be downloaded from http://www.freeipa.org/page/Downloads.
== Highlights in 4.6.9 ==
* CVE-2020-10747
It was found that if an account with a name corresponding to an account
local to a system, such as 'root', was
Hello!
The FreeIPA team would like to announce FreeIPA 4.8.8 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora distributions will be available from the official repository soon.
== Highlights in 4.8.8 ==
* CVE-2020-10747
It was found that if an
On ma, 22 kesä 2020, Kristian Petersen via FreeIPA-users wrote:
Running rhel 8.2 as a VM in oVirt for the one running samba, rhel 8.1 for
the one running IPA/IdM. It is also a VM in ovirt. All on the same subnet.
If this is RHEL with subscription, please open a customer case, attach
SOS
On ke, 24 kesä 2020, Dominik Vogt via FreeIPA-users wrote:
For a test setup, we need to create a custom service running on a
server and a custom application running on the client. The
sample gss client/server from the Kerberos sources is used for
demonstration.
Setting this up with plain
On ke, 24 kesä 2020, White, David via FreeIPA-users wrote:
We have IdM / FreeIPA running on RHEL 7 boxes.
This is a 6-node cluster that has an existing 1-way trust back to
Active Directory.
IdM is still acting as the CA for its own clients, and when we setup the trust,
we used the following
On pe, 26 kesä 2020, Ronald Wimmer via FreeIPA-users wrote:
On 26.06.20 11:07, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 26 kesä 2020, Ronald Wimmer via FreeIPA-users wrote:
Is there any way to make a NetApp SVM an IPA client in order to
provide a kerberized NFSv4-share?
Two
On pe, 26 kesä 2020, Ronald Wimmer via FreeIPA-users wrote:
Is there any way to make a NetApp SVM an IPA client in order to
provide a kerberized NFSv4-share?
Two resources I am aware about for NetApp and FreeIPA integration are
done by Justin Parisi from NetApp:
NFS Kerberos support:
On ma, 29 kesä 2020, Dominik Vogt via FreeIPA-users wrote:
In our setup, a service is running on some server machine, say,
"sample/servername.domain" and a client for that service is
running on a workstation (using the sample gssapi client and
server code from the kerberos sources). Now, what
On pe, 19 kesä 2020, Kristian Petersen via FreeIPA-users wrote:
Hey all,
I have been using my FreeIPA users to authenticate to Samba shares on my
file server for some time now. All of a sudden the other day it stopped
working and smb won't even start. It gives errors about ipasam: "No
On su, 07 kesä 2020, David Sastre via FreeIPA-users wrote:
Hello,
Although I'm aware that there's no official support for RPi4B on Fedora as
of today,
I've been playing with the mostly functional Fedora Server Minimal and
ansible-freeipa.
The installation process is failing for me at the PKI
On ke, 03 kesä 2020, Willie Cadete de Lima via FreeIPA-users wrote:
Hi guys,
It's my first time attending the Fedora mailing list if someone can help me I
appreciate
I've decided to ask here because I couldn't find any answer in the docs or
googling.
I'd like to deploy the Feeipa with the
The FreeIPA team would like to announce FreeIPA 4.8.7 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora distributions will be available from the official repository
soon.
== Highlights in 4.8.7
* 3687: [RFE] IPA user account expiry warning.
EPN
On to, 04 kesä 2020, dmitriys via FreeIPA-users wrote:
Good day!
I tried add windows host in Freeipa and get
04:05:59.302019 IP (tos 0x0, ttl 123, id 27536, offset 0, flags [none], proto
UDP (17), length 205)
cyberark-psm.exemple.com.54676 > ldap.exemple.com.kerberos: [udp sum ok] v5
On ma, 11 tammi 2021, Kay Jeschonneck via FreeIPA-users wrote:
Issue
I can't use the web-interface from the master-server. I can open the
website but i see only a white page. One the replica-server i can use
the web-interface without a problem. Also i get an error from
ipa-ods-exporter about
On ma, 11 tammi 2021, Kay Jeschonneck via FreeIPA-users wrote:
Yes, this is it. Thanks, the UI work now.
But i have an other problem with the dnssec-service.
I get this message:
Jan 10 10:56:27 hn-dlp /usr/libexec/ipa/ipa-ods-exporter[10276]: new replica
keys in LDAP: {'0xbb…',
On ma, 11 tammi 2021, Braden McGrath via FreeIPA-users wrote:
Hello FreeIPA-users. The Subject line is the core of my question here; I'll
provide a bit more detail below.
I work for what is (effectively) a startup, non-profit internet
provider. I have an extensive Windows background, and "know
On su, 27 joulu 2020, D R via FreeIPA-users wrote:
Greetings,
After automatic KDC certificate renewal, I'm no longer able to access the
UI.
[Sun Dec 27 23:33:20.563064 2020] [:error] [pid 6150] [remote
10.xx.xx.22:72] Traceback (most recent call last):
[Sun Dec 27 23:33:20.563085 2020]
On to, 07 tammi 2021, Uzor Ide via FreeIPA-users wrote:
Can you check the ipaupgrade.log.
I found out when I upgraded ipa-server on Centos 8 last-week that
ipaupgrade script has has wrong path information for the file
"/usr/share/pki/acme/database/ldap/database.conf".
The upgrade script has path
On ma, 30 marras 2020, mir mal via FreeIPA-users wrote:
Hi,
I've enabled lvl 9 debug, I've started from 6 to see if there is
anything obvious, but I can't see anything. It looks like on lvl 6 the
difference between successful and not successful login is that the not
successful one is not even
On ma, 30 marras 2020, mir mal via FreeIPA-users wrote:
I've created 6 files, for sssd_, sssd_pam and auth.log file for both a
successful and failed login and pasted in pastebin.
successful login
https://pastebin.com/G75fv7tk - c11_successful_login_sssd.log
https://pastebin.com/dEqCzyPk -
On ma, 30 marras 2020, Paul-Henri Hons via FreeIPA-users wrote:
Hello,
I'm on Centos8 with freeipa installed from several month in lxc
container (2 containers with replication). I've intalled custom
certificates from letsencrypt for httpd and slapd and they're valid
till january 2021.
On ke, 25 marras 2020, Ben Lewis via FreeIPA-users wrote:
Hi All,
I have installed a freeipa server an configured a Windows 10 client to
authenticate against it. I am able to login to the Windows machine
against the IPA realm, the issue I am seeing relates to the Windows
client updating its DNS
is there in full capacity and running upstream
CI tests on it would become a reality, we'll see even more shortening of
that feedback loop length.
On Dec 9, 2020, at 7:45 AM, Alexander Bokovoy via FreeIPA-users
wrote:
On ke, 09 joulu 2020, Nico Maas via FreeIPA-users wrote:
Yes, however, rolling
On ke, 09 joulu 2020, Rob Crittenden via FreeIPA-users wrote:
Alexander Bokovoy via FreeIPA-users wrote:
On ke, 09 joulu 2020, Charles Hedrick wrote:
thanks. There’s enough jargon in this that I’m not sure I understand.
What’s the difference in level of QA between freeipa in Stream and
RHEL
On to, 10 joulu 2020, Lachlan Musicman via FreeIPA-users wrote:
Hola,
When I browse to the webUI for IDM, I'm getting nothing.
The http error log is showing:
[Thu Dec 10 15:30:44.429646 2020] [wsgi:error] [pid 1773:tid 139794280646400]
[remote 172.26.33.93:42908] ipa: INFO:
On to, 10 joulu 2020, Kevin Cassar via FreeIPA-users wrote:
Hey there!
I've been running FreeIPA server (VERSION: 4.8.4, API_VERSION: 2.235) on
CentOS-8 for a month now with TOTP based login configured. I recently had to
restart the server due to maintenance.
Now the OTP based login doesn't
On ke, 09 joulu 2020, Marc Pearson | i-Neda Ltd via FreeIPA-users wrote:
I think they're referring to this:
https://www.cyberciti.biz/linux-news/centos-linux-8-will-end-in-2021-and-shifts-focus-to-centos-stream/
Where it looks like CentOS is to become a rolling distro after 8, it's
not going
On ke, 09 joulu 2020, Nico Maas via FreeIPA-users wrote:
Yes, however, rolling-release is not for everyone and every usecase,
hence I am asking of the status of the Debian and Ubuntu
implementations :).
It is the same as in past: FreeIPA upstream development team has no
influence or control
On to, 03 joulu 2020, Ronald Wimmer via FreeIPA-users wrote:
I am trying to get a deeper understanding how services are organized.
When browsing the LDAP directory in FreeIPA I can see that services
are organized in a separate (DN:
cn=services,cn=accounts,dc=linux,dc=mydomain,dc=at) and that
The FreeIPA team would like to announce FreeIPA 4.9.0 release candidate 2!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora Rawhide will be available from the official repository soon.
We are not planning producing builds of release candidates for the Fedora
On pe, 04 joulu 2020, Alexander Bokovoy via FreeIPA-devel wrote:
The FreeIPA team would like to announce FreeIPA 4.9.0 release candidate 2!
The subject of this email has a typo, 'leased' instead of 'released'.
The rest of the content is not affected. Sorry for that!
It can be downloaded
On ma, 14 joulu 2020, lejeczek via FreeIPA-users wrote:
Hi guys,
I must be missing something I hope. This should just work, right?
$ ipa migrate-ds --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
On ma, 14 joulu 2020, lejeczek via FreeIPA-users wrote:
On 14/12/2020 10:22, Alexander Bokovoy wrote:
On ma, 14 joulu 2020, lejeczek via FreeIPA-users wrote:
Hi guys,
I must be missing something I hope. This should just work, right?
$ ipa migrate-ds --bind-dn="cn=Directory Manager"
On pe, 18 joulu 2020, Kiselev Mikhail via FreeIPA-users wrote:
Hello.
My specs:
cat /etc/system-release
CentOS Linux release 7.8.2003 (Core)
rpm -qa ipa-server
ipa-server-4.6.6-11.el7.centos.x86_64
We migrated users from openLDAP. These users do not have a attribute
ipaNThash:
ldapsearch -h
On pe, 18 joulu 2020, Kiselev Mikhail via FreeIPA-users wrote:
Thanks, this is my case:
"Running 'ipa-adtrust-install --add-sids' might still not produce SIDs
for some users and groups because their UIDs/GIDs might be out of the ID
range associated with IPA deployment. This is a common issue
801 - 900 of 1532 matches
Mail list logo
