I personally haven't done this, but from https://www.freeipa.org/page/PKI
"when --external-ca option is used, ipa-server-install produces a
certificate certificate request for it's CA certificate so that it can be
properly chained in existing PKI infrastructure."
and from
Hello
I want to use an external certificate when setting up a new FreeIPA
next week and plan to send the CSR tomorrow.
I would like to source a certificate for example.com and use it on
FreeIPA on eng.example.com. I can't specifically set the FreeIPA on
example.com because we have active
Hi,
I am running ipa server 4.2 and set it up without using "--setup-dns=no".
On few clients the installation fails with the below error message.
I verified that the ipa master dns is resolvable. Not sure what could be
wrong here..
Joining realm failed: libcurl failed to execute the HTTP
Hello,
We are running IPA version: 4.2.0, API_version: 2.156 on CentOS 7.2.1511 (Core)
Trust is configured with Windows 2008 R2 Enterprise Domain roottest1.com
Below is output from ipa trustdomain-find
Realm name: ROOTTEST1.COM
Domain name: deluxetest1.com
Domain NetBIOS name:
On 07/27/2016 11:35 AM, Abu Haris wrote:
sir/madame,
I am in great trouble in choosing FreeIPA for identity management. I
want to know more about AD cross-realm trust and how it works.
--
A.H
Hi Abu,
there is quite an extensive upstream documentation of IPA-AD trust
workings and setup.
sir/madame,
I am in great trouble in choosing FreeIPA for identity management. I want
to know more about AD cross-realm trust and how it works.
--
A.H
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org
On Wed, 27 Jul 2016, Baird, Josh wrote:
Hi,
We are running the most recent IPA packages in RHEL7 and are facing a
few issues when accessing the web console:
First, since we utilize a Kerberos trust with AD, we had to create
'internal' IPA users that we use to login to the web console. I
On Wed, 27 Jul 2016, malo wrote:
Hi,
Thank your for your reply, it really is much clearer to me now.
I think I get why SSSD offline authentication would help to solve "AD
unreachable" issue.
If I understood well, the SSSD on the IPA master would cache
credentials, allowing the user to log
Hi,
Thank your for your reply, it really is much clearer to me now.
I think I get why SSSD offline authentication would help to solve "AD
unreachable" issue.
If I understood well, the SSSD on the IPA master would cache
credentials, allowing the user to log in (as in the kinit meaning) even
Hi,
We are running the most recent IPA packages in RHEL7 and are facing a few
issues when accessing the web console:
First, since we utilize a Kerberos trust with AD, we had to create 'internal'
IPA users that we use to login to the web console. I believe it is expected
that AD users cannot
10 matches
Mail list logo