RHEL 8.1 client
On 1/10/20 4:08 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> [root@client01 ~]# rpm -qa openldap
> openldap-2.4.46-10.el8.x86_64
>
> [root@server2 ~]# certutil -L -d /etc/dirsrv/slapd-IPA-DOMAIN-ORG -n
> Server-Cert
> Certificate:
> Data:
&
mes
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Re: Problem adding a RHEL 8.1 client
On 1/10/20 2:55 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello Christian,
>
> It is an standard installation.
>
> [root@server2 ~]# cat /proc/sys/crypto/fips_enabled
Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
Thanks & Regards.
-Original Message-
From: Florence Blanc-Renaud
Sent: Thursday, January 09, 2020 21:06
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Problem adding a RHEL 8.1 client
On 1/9/20 4:07 PM, SOLER SANG
ent: Thursday, January 09, 2020 21:06
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Problem adding a RHEL 8.1 client
On 1/9/20 4:07 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello,
>
> I'm trying to add a RHEL 8.1 client with the following spec
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel
Subject: Re: [Freeipa-users] Problem adding a RHEL 8.1 client
On 1/9/20 4:07 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello,
>
> I'm trying to add a RHEL 8.1 client with the following spec:
>
> OS: RHEL 8.1 (Ootpa)
&g
Hello,
I'm trying to add a RHEL 8.1 client with the following spec:
OS: RHEL 8.1 (Ootpa)
IPA: ipa-client-4.8.0-10
SSSD: sssd-2.2.0-19.el8.x86_64
My IDM server has:
OS: RHEL 7.7 (Maipo)
IPA: ipa-server-4.6.5-11.el7_7.3
SSSD: sssd-1.16.4-21.el7_7.1
When I try to add the client using
Hi,
Thanks for the tip.
I try to login executing: ssh -l USER@AD.DOMAIN HOSTNAME
Unfortunately I have tested with:
LOGIN_TIMEOUT 90
And also changing on sshd_conf:
LogLevel DEBUG3
ClientAliveInterval 600
LoginGraceTime 600
ClientAliveCountMax 3
And on sssd.conf:
Hello,
AFAIK you should create a replica on the VPS (with all the IPA services that
have the actual server) and once it will be ready, you should decommission the
actual server.
Thanks & Regards.
___
FreeIPA-users mailing list --
Hello,
I don't think it is a good idea to create a IPA posix group with the same GID.
I think the best option is adding the IPA user to the local group as you tried
to do. The only problem is that you used the short username, and you need to
use username@domain. Something like this:
#
Hello,
We execute a script after any server creation that uses the FreeIPA API for
adding the sever to the proper Hostgroup. As we already have the HBAC rules
created with the hostgroups, the teams that should access to the servers are
allowed automatically.
Regards.
Hello again,
I have resolved the problem myself.
Following https://access.redhat.com/solutions/659243 the sssd cache must be
erased using:
service sssd stop; rm -f /var/lib/sss/db/*; service sssd start
seems that the way I used "sss_cache -E" doesn't work on this.
Thanks & Regards.
From:
hello,
I have a IDM cluster (Master + Replica) verison 4.5.4 on REHL 7.4. I have
created a trust with an AD 2016 domain AD.COMPANY.ORG. Some users are working
properly, but I created a new AD user and it is not working. Checking on the
sssd logs I found:
[sdap_idmap_sid_to_unix] (0x0040):
on ipa.mydomain.com services. Is that possible?
That's the reason because I'm thinking that "Selective authentication" can be
de problem.
Regards.
On ke, 30 tammi 2019, SOLER SANGUESA Miguel via FreeIPA-users wrote:
>Hello,
>I have 2 AD domains on windows 2016 with a forest tr
Hello,
I have 2 AD domains on windows 2016 with a forest trust, two-way, and
"Selective authentication":
mydomain.com <--trust--> other.company.org
Now I have built an IDM instance on RHEL 7.5 and IPA version 4.5.4 on the
subdomain "ipa.mydomain.com". I need to use users from the 2 domains
Yes, it is clear. Thank you very much.
On 1/11/19 12:12 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> You are right, on the client /etc/ipa/ca.crt has just the IPA CA, but on the
> servers it has 3 certificates:
> - IPA CA
> - ICC-inter
> - ICC-root
>
> The w
. Can
you please let me know the correct way?
3) if it is a bug. Has been fixed on newer releases or it is planned on future
releases?
Thank you very much.
On 1/10/19 3:24 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Ipa cert-show is working now after copying the certificates, tha
reeipa-users] Re: Testing requested - certificate checking tool
On 1/9/19 4:21 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello,
>
> Now it works and it shows the real problem I have. I have 2 master, I have
> changed the HTTP certificate on both (using ipa-cacert-mana
Hello,
I have run the tool on an environment where I've installed my own certificate
for HTTPS (following this tutorial:
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP), and it
complains when find the root certificate of my certificate:
# python2 ipa-checkcerts.py
ipa:
I've been working for 1 year with a configuration that allow us to use AD users
with short names for login on RHEL 6 clients and also the information on the
client was showed with shortnames. Example:
ssh AD_user@IDM_client1.mydomain.com
PASSWORD:
[AD_user@IDM_client1 ~]$ ls -la
total 60
Seems it will work on RHEL 7.6. but you must configure it on the IPA client.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
uesday, July 10, 2018 15:31
To: FreeIPA users list
Cc: SOLER SANGUESA Miguel ; Rob Crittenden
Subject: Re: [Freeipa-users] Re: How to use HBAC rules on services where is
used Ipsion
On ti, 10 heinä 2018, Rob Crittenden via FreeIPA-users wrote:
>SOLER SANGUESA Miguel via FreeIPA-users wr
I have added the service on IPA and changed on the HBAC rule form "any service"
to "ipsilon", but now I can not login on ipsilon.
Also I've checked that there is no '/etc/pam.d/ipsilon' file
Thanks & Regards.
__
Miguel Soler Sangüesa
Consultant - Linux Systems
Hello,
RHEL 7.5 with IPA server 4.5.4
RHEL 7.5 with IPA client 4.5.4 for installing Ipsilon from RHEL repositories
(v1.0.0) and added manually patch:
https://pagure.io/ipsilon/pull-request/44#request_diff
I have configured Jira with the plugin for SAML2 (SAML Single Sign On (SSO)
Jira,
I changed using this procedure:
Change DM password
You will have to edit the main server config file (dse.ldif). Before you do
that, you must shutdown the server. If the server is running and you edit
dse.ldif, your changes will be lost:
# stop-dirsrv
Next, generate the new password using the
g>
Cc: Ludwig Krispenz <lkris...@redhat.com>; thierry bordaz <tbor...@redhat.com>;
SOLER SANGUESA Miguel <sol...@unicc.org>
Subject: Re: [Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0
(RHEL 7.4) to 4.5.4 (RHEL 7.5)
SOLER SANGUESA Miguel via FreeIPA-users wr
Hello,
Thanks for your instructions, step to step seems it is improving. Unfoutunately
it is not solve yet, now I have this when I do an upgrade following your
instructions:
# ipa-server-upgrade
Upgrading IPA:. Estimated time: 1 minute 30 seconds
[1/8]: saving configuration
[2/8]: disabling
hello,
Yesterday my ssh console closed the connection, so I had to start again the
"ipa-server-upgrade", but the result is more or less the same:
# ipa-server-upgrade
Upgrading IPA:. Estimated time: 1 minute 30 seconds
[1/10]: stopping directory server
[2/10]: saving configuration
[3/10]:
Hello,
This is the output of the command (seems that is not complete):
# ldapsearch -H ldapi://%2fvar%2frun%2fslapd-IPA-EXAMPLE-ORG.socket -b
cn=indextask_description_137444551994158920_5958,cn=index,cn=tasks,cn=config -s
base
SASL/EXTERNAL authentication started
SASL username:
icc.org>
Subject: Re: [Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0
(RHEL 7.4) to 4.5.4 (RHEL 7.5)
SOLER SANGUESA Miguel via FreeIPA-users wrote:
> Hello,
>
> Thank you for your answer, now dirsrv can start, but after running the "
> dirsrv@IPA-UNICC-ORG.service
en updating from 4.5.0 (RHEL
7.4) to 4.5.4 (RHEL 7.5)
On ti, 01 touko 2018, SOLER SANGUESA Miguel via FreeIPA-users wrote:
>hello,
>
>I have an IPA master that updated from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5).
>An hour later I tried to do the same with the unique replica I have, b
hello,
I have an IPA master that updated from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5). An
hour later I tried to do the same with the unique replica I have, but after
update dirsrv is not starting.
It says it is needed run "ipa-server-upgrade", but it also fails:
# ipactl start
Upgrade required:
hello,
I want to do a one-way AD trust on a multidatacenter environment. This is the
topology (2 AD servers and 2 IPA servers on each location replicated each
other):
DATACENTER1:
AD1dc1.ad.example.com
AD2dc1.ad.example.com
IPA1dc1.ipa.example.com
IPA2dc1.ipa.example.com
DATACENTER2:
32 matches
Mail list logo
