The only way to get around it, because you are using the same domain name, is
to use different browsers to visit each site. Firefox for sitea, chrome for
siteb.
It's got to do with the fact that the Parent certificate name (generated
automatically during install) is the same on both and
> -Original Message-
> From: Fraser Tweedale [mailto:ftwee...@redhat.com]
> Sent: Wednesday, 23 September 2015 10:59 AM
> To: Les Stott
> Cc: Winfried de Heiden; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] sec_error_reused_issuer_and_serial
>
> On Tu
-users] freeipa and User Private Groups
On Mon, Jul 13, 2015 at 09:11:09AM +, Les Stott wrote:
Hi All,
Running ipa-3.0.0-42.el6 and sssd-1.11.6-30.el6_6.3.x86_64
So, by default, when you create a user in freeipa, That user will be set to
have a primary group that is hidden
Hi All,
Running ipa-3.0.0-42.el6 and sssd-1.11.6-30.el6_6.3.x86_64
So, by default, when you create a user in freeipa, That user will be set to
have a primary group that is hidden and not a POSIX group.
This means that when the user logs in to a host, they will see something like...
id: cannot
Randall,
Check your apache error logs for any errors and the modules loaded via
httpd.conf. The ipa server log does show that it can reach apache for most
things.
I had a similar issue not too long ago when trying to install a CA replica on
an existing ipa server, which is pretty much the
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Thursday, 26 March 2015 12:52 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] clarification on expired password behaviour
On 03/25/2015 09:14 PM, Les Stott wrote:
Hi All
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Wednesday, 25 February 2015 10:35 PM
To: Les Stott; Rob Crittenden; freeipa-users@redhat.com; Endi Dewata; Jan
Cholasta
Subject: Re: [Freeipa-users] ipa-getcert list fails to report correctly -
RESOLVED
-Original Message-
From: Endi Sukma Dewata [mailto:edew...@redhat.com]
Sent: Thursday, 26 February 2015 1:50 AM
To: Martin Kosek
Cc: Les Stott; Rob Crittenden; freeipa-users@redhat.com; Jan Cholasta
Subject: Re: [Freeipa-users] ipa-getcert list fails to report correctly -
RESOLVED
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 23 February 2015 8:01 PM
To: Rob Crittenden; Martin Kosek; freeipa-users@redhat.com; Endi Dewata;
Jan Cholasta
Subject: Re: [Freeipa-users] ipa
works as normal for IPA Server, Replica and CA Replica
installations.
Hope this saves someone else time in the future.
Regards,
Les
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Les Stott
Sent: Wednesday, 18 February
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 23 February 2015 12:18 PM
To: Rob Crittenden; Martin Kosek; freeipa-users@redhat.com; Endi Dewata;
Jan Cholasta
Subject: Re: [Freeipa-users
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Saturday, 21 February 2015 1:39 AM
To: Martin Kosek; Les Stott; freeipa-users@redhat.com; Endi Dewata; Jan
Cholasta
Subject: Re: [Freeipa-users] ipa-getcert list fails to report correctly
Martin Kosek
Hi all,
The following is blocking the ability for me to install a CA replica.
Environment:
RHEL 6.6
IPA 3.0.0-42
PKI 9.0.3-38
On the master the following is happening:
ipa-getcert list
Number of certificates and requests being tracked: 5.
(but it shows no certificate details in the output)
Has anyone got any ideas on the below errors I am now receiving?
Thanks in advance,
Les
I will test this out (update to 3.7.19-260) next week as I've got a
few more CA replicas to setup.
I'm still having issues. Different one this time.
As I have previously worked around the
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Les Stott
Sent: Saturday, 7 February 2015 9:39 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] bug in pki during install of CA replica and
workaround
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Saturday, 7 February 2015 1:40 AM
To: Les Stott; freeipa-users@redhat.com; Matthew Harmsen; Endi Dewata
Subject: Re: [Freeipa-users] bug in pki during install of CA replica and
workaround/solution
On 02/06
-Original Message-
From: Endi Sukma Dewata [mailto:edew...@redhat.com]
Sent: Saturday, 7 February 2015 1:53 AM
To: Martin Kosek; Les Stott; freeipa-users@redhat.com; Matthew Harmsen
Subject: Re: [Freeipa-users] bug in pki during install of CA replica and
workaround/solution
On 2
Hi,
I found a bug in the pki packages and CA replica installation.
Environment:
Rhel 6.6
IPA Server 3.0.0-42
Pki components:
pki-symkey-9.0.3-38.el6_6.x86_64
pki-common-9.0.3-38.el6_6.noarch
pki-setup-9.0.3-38.el6_6.noarch
pki-selinux-9.0.3-38.el6_6.noarch
pki-java-tools-9.0.3-38.el6_6.noarch
: Thursday, 5 February 2015 2:24 AM
To: Les Stott; freeipa-users@redhat.com
Cc: Ade Lee
Subject: Re: [Freeipa-users] CA Replication Installation Failing
Les Stott wrote:
Has anyone got any ideas on this?
I am stuck with not being able to deploy a CA Replica and this is halting
rollout
Stott
Sent: Friday, 30 January 2015 4:48 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] CA Replication Installation Failing
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Les Stott
Sent: Wednesday
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Les Stott
Sent: Wednesday, 10 December 2014 6:22 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] CA Replication Installation Failing
-Original
Does anyone have any ideas on the below errors when trying to add CA
replication to an existing replica?
Thanks in advance,
Les
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
Sent: Tuesday, 2 December 2014 6:17 PM
To: freeipa-users
/2014 11:04 PM, Les Stott wrote:
Does anyone have any ideas on the below errors when trying to add CA
replication to an existing replica?
People who might be able to help are or PTO right now.
Is your installation older than 2 years?
No, December 2013 was when it was originally built.
Did you
Hi All,
I have RHEL6 with ipa servers running standard ipa server 3.0.0-42. Pki
components are also standard version 9.0.3-38.
Servera is the master
Serverb is the replica
Both have been running for many, many months. Serverb was initially setup as a
replica, but not a CA replica.
I am now
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, 12 November 2014 6:33 AM
To: Fraser Tweedale; Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same serial number in cert
issue on different master servers
Hi,
I have a standard rhel6 deployment for FreeIPA in two environments.
One environment is in our Production Data Center, The Other in our DR Data
Center.
Both environments are setup with the same domain (mydomain.com) for FreeIPA.
This is to support dr/failover etc.
In each environment,
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 12:51 PM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same serial number in cert
issue on different master servers?
On Tue, Nov 11
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 1:59 PM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same serial number in cert
issue on different master servers?
On Tue, Nov 11, 2014
FYI...
I used OTP for this. Works a treat!
Thanks again Dmitri.
Regards,
Les
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
Sent: Thursday, 2 October 2014 8:21 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] can ipa-client
Hi,
I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.
I am working on doing an unattended ipa client installation. I have it working
with the following
/usr/sbin/ipa-client-install -p admin -w admin_password -U --no-ntp
While this works, while it runs, the
: [Freeipa-users] can ipa-client-install be updated to call
username/password from a file?
On 10/01/2014 05:44 AM, Yiorgos Stamoulis wrote:
On 01/10/14 08:19, Les Stott wrote:
Hi,
I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.
I am working on doing an unattended ipa
06:17, Les Stott wrote:
Hi All,
Am about to start rolling out clinet installs on rhel6 hosts with dns
autodiscovery.
Enviroment: rhel6, ipa-3.0.0-37.el6.
I already have setup SRV records for Kerberos and ldap etc.
Are the following ntp records as SRV records necessary also?
Technically
Hi All,
Am about to start rolling out clinet installs on rhel6 hosts with dns
autodiscovery.
Enviroment: rhel6, ipa-3.0.0-37.el6.
I already have setup SRV records for Kerberos and ldap etc.
Are the following ntp records as SRV records necessary also?
;ntp server
_ntp._udp IN
That helps, and I read http://www.freeipa.org/page/Howto/HBAC_and_allow_all
Now I understand how it works and the expected behaviour.
Thanks.
Les
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Tuesday, 4 February 2014 6:30 PM
To: Les Stott; freeipa-users
Hi,
Running freeipa 3.0.0-37.el6 on rhel 6.4 and just had a query about HBAC rules
and how the global allow_all rule applies.
I configured a rule for a single host (host1) allowing access via ssh to only a
single user (john) via ssh. i.e.
# ipa hbacrule-show host1_access
Rule name:
[mailto:mko...@redhat.com]
Sent: Friday, 17 January 2014 6:46 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] export users/groups from one ipa server to another
On 01/17/2014 07:24 AM, Les Stott wrote:
Hi All,
Looking for the quickest and easiest way to export users from
Hi All,
Looking for the quickest and easiest way to export users from one freeipa
server and install on another.
I have an existing freeipa server, 3.0.0 standard rhel6 in a DR environment.
I am setting up an identical freeipa server in a Production Environment.
The two environments will not
(or even kerberos)
On 01/13/2014 10:44 PM, Les Stott wrote:
Been banging my head against the wall on this one for a few days, trying to get
a workable configuration for HP ILO to authenticate via FreeIPA.
I have a standard rhel6 environment (64 bit 6.4) with freeipa server
(ipa-3.0.0-37.el6
-entry-attribute: cn=%{cn}
schema-compat-entry-rdn: cn=%{cn}
Left the rest as default.
When I ldapsearch against the compat tree, I see it working the way I want
(i.e. dn starts with cn instead of uid).
ldapsearch -x -b cn=compat,dc=mydomain,dc=com cn=Les Stott
# Les Stott, users, compat, mydomain.com
...@redhat.com]
Sent: Wednesday, 15 January 2014 2:13 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] HP ILO Authentication via LDAP (or even kerberos)
On 01/14/2014 07:57 PM, Les Stott wrote:
Still no joy. Although I don't profess to be a schema changing expert.
Compat plugin
: uid=less,cn=users,cn=accounts,dc=mydomain,dc=com
The test settings button in the ILO works only with the full dn.
It doesn't work if I use the uid (less), or the cn (Les Stott).
I can then login to ILO with
Username: uid=less,cn=users,cn=accounts,dc=mydomain,dc=com
If I try to login
Thanks Rob.
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, 19 December 2013 12:08 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Question: re replica install
Les Stott wrote:
Hi All,
(RHEL 6.4, FreeIPA 3.0.0-37)
Say I
Hi All,
(RHEL 6.4, FreeIPA 3.0.0-37)
Say I want to install a replica server in a restricted network, but I don't
want to enable http management on the replica.
I am pretty sure the following is true, but ask the question just to be sure
Can a replica work (for authentication and
Hi,
Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica (which I've done
before and its worked fine).
The replica install gets all the way to the end but errors out. For the most
part, it looks like it is complete, but I want to be sure
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 16 December 2013 8:47 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Trouble with replica install
Hi,
Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica
From: Petr Spacek [pspa...@redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install
On 16.12.2013 10:55, Les Stott wrote:
Sorry, when I said selinux is in permissive mode, but it's
From: Les Stott
Sent: Monday, December 16, 2013 11:44 PM
To: freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Trouble with replica install
Petr,
The below was the error from apache error logs
Apache logs the following error at the same time...
[Mon Dec 16 04:26:50
this before installing the replica on existing
machines.
Regards,
Les
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Tuesday, 17 December 2013 12:52 AM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Saturday, 30 November 2013 12:32 AM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] gssapi sasl error - only picking up short hostname
when running ipa-client-install (and failing)
On Fri, 29 Nov
Hi,
Recently installed freeipa on two servers in multi-master mode. We want to have
a central authentication system for many hosts. Environment is RHEL 6.4 for
servers, RHEL 6.1 for the first client host, standard rpm packages used -
ipa-server-3.0.0-26.el6_4.4.x86_64 and
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] gssapi sasl error - only picking up short hostname
when running ipa-client-install (and failing)
On 11/29/2013 09:16 AM, Les Stott wrote:
Hi,
Recently installed freeipa on two servers in multi-master mode. We want to
have
51 matches
Mail list logo