Hi,
After upgrading to EL 7.3 which included an upgrade of IPA from 4.2.0-
15.0.1.el7.centos.19 to 4.4.0-14.el7.centos I'm getting:
22:01:00 ipa-dnskeysyncd ipa : INFO LDAP bind...
22:01:00 ipa-dnskeysyncd ipa : ERRORLogin to LDAP server failed:
{'desc': 'Invalid
Christopher Young wrote:
> Ok. I think I have a 'hint' here, but I could use some help getting this
> fixed.
>
> Comparing the two IPA servers, I found the following (modified SOME of
> the output myself):
You're right about the ipaCert. I'd export the renewed cert from your
working server
Ok. I think I have a 'hint' here, but I could use some help getting this fixed.
Comparing the two IPA servers, I found the following (modified SOME of
the output myself):
on 'ipa02' (the 'good' one):
-
ipa cert-show 1
Issuing CA: ipa
Certificate: <<>>
Subject: CN=Certificate
I have a similar issue (see my recent list post), and I was wondering
if this was ever fixed? CA appears to work one system
(master/replica) but not the other.
On Mon, Jun 13, 2016 at 4:41 AM, Petr Vobornik wrote:
> On 06/12/2016 07:05 PM, dan.finkelst...@high5games.com
I'm hoping to provide enough information to get some help to a very
important issue that I'm currently having.
I have two IPA servers at a single location that recently had a
replication issue that I eventually resolved by reinitializing one of
the masters/replicas with one that seemed to be the
I need to add a login banner to the login page for freeIPA, is there a
setting that I could easily change for this?
Thanks,
--
Mike Waite
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info
Hello,
I've was being bugged by a non functional automounter.
So I tried a fresh centos7.3 install (minimal) with only the additional
package ipa-client.
I did the installation and update to latest patch level and reboot.
Then ran ipa-client-install --enable-dns-updates
Did the yes/admin
On 12/15/2016 08:01 PM, beeth beeth wrote:
Hi Flo,
That's a good point! I checked the dirsrv certificate and confirmed
valid(good until later next year).
Since I had no problem to enroll another new IPA client(RHEL7 box
instead of RHEL6) to such replica server, I thought it might not be a
The FreeIPA team is proud to announce bind-dyndb-ldap version 11.0.
It can be downloaded fromhttps://fedorahosted.org/released/bind-dyndb-ldap/
The new version has also been built for Fedora Rawhide.
Latest news:
11.0
[1] The plugin was ported to BIND 9.11. Minimal BIND version is now
2016-12-15 13:47 GMT+01:00 Petr Vobornik :
> On 12/12/2016 08:53 PM, Rob Verduijn wrote:
> > Hello,
> >
> > I've recently upgraded to centos 7.3.
> > Didn't intend to so soon but should have checked the anounce lists before
> > launching my ansible update playbook.
> >
> >
On 16/12/2016 10:19, Alexander Bokovoy wrote:
I want to allow users in the AD.EXAMPLE.COM realm to login to
machines in the IPA.EXAMPLE.COM realm.
Will this still work when the machines are in different DNS domains?
Yes, it will. Here is the catch: you need to make sure these different
DNS
On pe, 16 joulu 2016, Brian Candler wrote:
On 16/12/2016 08:21, Alexander Bokovoy wrote:
So you can have IPA masters with FQDNs in totally different DNS domains
than dictated by their Kerberos realm and --domain options.
That I understand - not only can the IPA masters have FQDNs in
On 16/12/2016 08:21, Alexander Bokovoy wrote:
So you can have IPA masters with FQDNs in totally different DNS domains
than dictated by their Kerberos realm and --domain options.
That I understand - not only can the IPA masters have FQDNs in different
DNS domains, but indeed the member
On to, 15 joulu 2016, Brian Candler wrote:
On Sun, Dec 11, 2016 at 11:31 PM, David Kupka > wrote:
yes you can do it. DNS domain and Kerberos realm are two different
things. It's common and AFAIK recommended to capitalize DNS domain
to get
14 matches
Mail list logo