[Freeipa-users] Re: Issue with Using 3rd part certificates for HTTP/LDAP

Hi ! After you advice i did this : # kinit admin # ipa ping IPA server version 4.6.90.pre1+git20180411. API version 2.229 # ipa-cacert-manage -p 'Q*password' -n COMODO -t C,, install /home/addtrustexternalcaroot2.crt Installing CA certificate, please wait CA certificate successfully

[Freeipa-users] Issue with Using 3rd part certificates for HTTP/LDAP

Hi! I use freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 on Ubuntu 18.04.4 LTS I installed freeipa-serve in default mode ( ipa-server-install ) Now i try change certificate on Comodo as write in this article https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP my steps: 1

[Freeipa-users] Re: Issue with Using 3rd part certificates for HTTP/LDAP

When execute ipa-certupdate get this : ipapython.admintool: DEBUG: The ipa-certupdate command failed, exception: KerberosError: No valid Negotiate header in server response ipapython.admintool: ERROR: No valid Negotiate header in server response ipapython.admintool: ERROR: The ipa-certupdate

[Freeipa-users] Re: Issue with Using 3rd part certificates for HTTP/LDAP

Thank you your advice helped me) ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct:

[Freeipa-users] Re: Issue with Using 3rd part certificates for HTTP/LDAP

Hi! I rebuild my server now I use Centos 8 I installed freeipa : # ipa-server-install and try to change self sign certificate on Comodo. My steps: - get root CA from gogetssl.com - ipa-cacert-manage -p password -n ARAX -t C,, install /root/ca.crt - ipa-certupdate - ipa-server-certinstall -w -d

[Freeipa-users] Encryption LVM for Freeipa

Hi! I want create Encryption LVM and install Freeipa. In what directory freeipa save all sensetive data ? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] How Set authentication for ldapsearch

Hi! When i use command ldapsearch -h ldap.exemple.com -p 389 -x -b dc=exemple,dc=com -L I get all information about my instance without any authentication How i can set authentication to this action ? When i change port ldapsearch -h ldap.exemple.com -p 636 -x -b dc=exemple,dc=com -L I didnt

[Freeipa-users] Create accounts for integration

Hi! I need create accounts for integrations with different system. I don`t wont use standart accounts. So i tried create system user as discribe here Use a system account, created like this:. # ldapmodify -x -D 'cn=Directory Manager' -W after this command i get Enter LDAP Password: (witch

[Freeipa-users] Integration Freeipa with Keycloak

Hi! I tried connect freeipa to Keycloak. And hove some questions about attribute and filters I filled in this way: * Username LDAP attribute uid * RDN LDAP attribute uid * UUID LDAP attribute uid * User Object Classes memberOf * Connection URL ldap://ldap.example.com * Users DN

[Freeipa-users] 2 factor authentication in Freeipa

Hi! I use Freeipa VERSION: 4.8.0, API_VERSION: 2.233 I want use Freeipa as user store for other web services (like jira, jenkins,gitlab etc). For security reasons we need 2 factor authentication. I read about OTP in Freeipa but allmost post about host authentication ? How i can setup OTP for

[Freeipa-users] Re: 2 factor authentication in Freeipa

Yes it help, thank you! Did you know can i restrict login without OTP ? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct:

[Freeipa-users] Re: Issue with Using 3rd part certificates for HTTP/LDAP

Hi! Have the same issue with another Centos 8 server I use CA witch i used successful on privius server But here i get error after ipa-cacert-manage -p 'password' -n ARAX -t C,, install /home/xattab/ca.crt Installing CA certificate, please wait Not a valid CA certificate: certutil:

[Freeipa-users] Issue with replication freeipa

Hi! I try to setup replication. Freeipa version - 4.8.0, API_VERSION: 2.233 I have installed free ipa server and tried connect replica as describe in https://www.freeipa.org/page/V4/Replica_Setup Aftet this command ipa-client-install --domain=example.test --realm=EXAMPLE.TEST

[Freeipa-users] Add new Identity Settings for users Freeipa

Good day! I setup integration Freeipa with Jamf. I mapped default user attributes from Identity Settings like: Job Title First name Last name Email In Jamf i have more user attributes (Department, Building). My question is How i can mapping user attributes form Employee Information to

[Freeipa-users] Add Windows host in Freeipa

Good day! I tried add windows host in Freeipa and get 04:05:59.302019 IP (tos 0x0, ttl 123, id 27536, offset 0, flags [none], proto UDP (17), length 205) cyberark-psm.exemple.com.54676 > ldap.exemple.com.kerberos: [udp sum ok] v5 04:05:59.303073 IP (tos 0x0, ttl 64, id 24242, offset 0,