Great! That worked.
Thank you so much Rob. Your help is highly appreciated.
On Thu, Aug 25, 2016 at 3:49 PM, Rob Crittenden wrote:
> Linov Suresh wrote:
>
>> I ran ldapsearch -Y GSSAPI, what we are seeing is IPA server 2, ipa02
>> is missing on both master and replica serv
egation-targets
*memberPrincipal: ldap/ipa01.teloip@teloip.net
*
objectClass: groupOfPrincipals
objectClass: top
# search result
search: 4
result: 0 Success
# numResponses: 5
# numEntries: 4
[root@ipa02 ~]#
Appreciate your help,
Linov Suresh.
On Wed, Aug 24, 2016 at 4:32 PM, Rob Crittend
IPA Server 1 do not have HTTP as well as ldap principal. Just wondering how
do we add HTTP and ldap principal to the delegation list using ldapmodify.
I'm new to IPA, your help is appreciated.
On Wed, Aug 24, 2016 at 4:32 PM, Rob Crittenden wrote:
> Linov Suresh wrote:
>
>> Lo
16 09:25 AM, Petr Spacek wrote:
> > On 15.8.2016 20:18, Linov Suresh wrote:
> >> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
> >>
> >>
> >> We can only add the clients from IPA Server 01, not from IPA Server 02.
> >> When I tri
modifying entry "fqdn=cpe-5061747522f9.example.net
,cn=computers,cn=accounts,dc=example,dc=net"
Could you please help us to fix this?
Appreciate your help in advance,
Linov Suresh.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listin
,dc=net
ipaAllowedTarget:
cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
objectClass: ipaKrb5DelegationACL
objectClass: groupOfPrincipals
objectClass: top
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Your help is highly appreciated,
Linov
2373 ?
On Mon, Jul 25, 2016 at 6:17 PM, Linov Suresh
wrote:
> We were not sure that Signing-Cert required for LDAP/Apache certificates
> renewal. Thank you very much for your update Rob. We are going to renew the
> certificates without Signing-Cert.
>
> On Mon, Jul 25, 2016 a
I tried to create master replica using the option --setup-ca, it failed,
because of "Your system may be partly configured."
Please note we use different ipa package for master and replica.
master:
[root@caer ~]# rpm -q ipa-server
ipa-server-3.0.0-26.el6_4.2.x86_64
replica:
[root@neit-lab01 ~]#
lt;http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=63&renewal=true&xml=true>"*."
gone this time.
Thanks for your help. We have a master replica also, *how do we renew the
replica server*?
On Fri, Jul 22, 2016 at 3:36 PM, Linov Suresh
We were not sure that Signing-Cert required for LDAP/Apache certificates
renewal. Thank you very much for your update Rob. We are going to renew the
certificates without Signing-Cert.
On Mon, Jul 25, 2016 at 6:08 PM, Rob Crittenden wrote:
> Linov Suresh wrote:
>
>> We are usin
We are using CentOS 6.4/FreeIPA 3.0.0
LDAP/Apache certificates were expired and when we tried to renew, we found
Signing-Cert is missing.
# certutil -L -d /etc/httpd/alias -n Signing-Cert certutil: Could not find
cert: Signing-Cert : File not found
How do we recreate Signing-Cert certificate? We
tp://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=63&renewal=true&xml=true>"*."
goes away?
On Fri, Jul 22, 2016 at 2:45 PM, Rob Crittenden wrote:
> Linov Suresh wrote:
>
>> Could you please verify, if we have set co
I agree with you Jakub, I will start separate thread for separate
issues.
On Fri, Jul 22, 2016 at 10:31 AM, Jakub Hrozek wrote:
> On Fri, Jul 22, 2016 at 09:36:27AM -0400, Linov Suresh wrote:
> > I'm facing another issue now, my kerberos tickets are not renewing,
>
>
, Linov Suresh
wrote:
> I'm facing another issue now, my kerberos tickets are not renewing,
>
> *[root@caer ~]# ipa cert-show 1*
> ipa: ERROR: Ticket expired
>
> *[root@caer ~]# klist*
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: ad...@teloip.net
&
n Thu, Jul 21, 2016 at 12:23 PM, Rob Crittenden
wrote:
> Linov Suresh wrote:
>
>> The httpd_error log doesn't contain the part where `ipa cert-show 1` was
>> run. If it is from the same time.
>>
>> *I am not sure about that, please see httpd_error when `ipa cert-sh
tatusUpdateThread]: Last Serial Number: 112
[21/Jul/2016:11:58:29][CertStatusUpdateThread]: Serial Numbers available:
9989888
[21/Jul/2016:11:58:29][CertStatusUpdateThread]: request checkRanges done
[21/Jul/2016:12:03:28][Timer-0]: CMSEngine: getPasswordStore(): password
store initialized before.
[21/Jul
fileSubmit?profileId=caServerCert&serial_num=63&renewal=true&xml=true>".*
On Wed, Jul 20, 2016 at 2:22 PM, Rob Crittenden wrote:
> Linov Suresh wrote:
>
>> Thanks for your help Rob, I will create a separate thread for IPA
>> replication issue. But we ar
I was trying to replicate our IPA server which is running on CentOS6.4,
FreeIPA 3.0 and I got an error,
*Your system may be partly configured.*
*Run /usr/sbin/ipa-server-install --uninstall to clean up.*
*Configuration of CA failed*
I ran /usr/sbin/ipa-server-install --uninstall couple of times
pen a new e-mail thread on this new problem so we can keep the
> issues separated?
>
> IPA gets little information back when dogtag fails to install. You need to
> look in /var/log//debug for more information. The exact location
> depends on the version of IPA.
>
> rob
>
>
er-install --uninstall to
clean up. Configuration of CA failed [root@neit-lab ~]#
I did a clean up using /usr/sbin/ipa-server-install --uninstall but it
wasn't helpful. Wondering if you can help us on this,
On Tue, Jul 19, 2016 at 10:50 AM, Rob Crittenden
wrote:
> Linov Suresh
now, and is affected our production environment.
Pleas help us.
On Tue, Jul 19, 2016 at 9:27 AM, Linov Suresh
wrote:
> We have cloned and created another virtual server from the template.
> Surprisingly this server certificates were also expired at the same time as
> the previous, ju
, Jul 18, 2016 at 12:37 PM, Linov Suresh
wrote:
> *Update: my webserver and LDAP certificates were expired at 2016-07-18
> 15:54:36 UTC and the certificates are in CA_UNREACHABLE state.*
>
>
> *Could you please help us? *
>
> [root@caer tmp]# getcert list
> Number of c
http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=63&renewal=true&xml=true
".
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate
iated!
Linov Suresh
70 Forest Manor Rd.
Toronto
ON M2J 0A9
Mobile: +1 647 406 9438
Linkedin: ca.linkedin.com/in/linov/
Website: http://mylinuxthoughts.blogspot.com
On Mon, Jul 18, 2016 at 10:50 AM, Petr Vobornik wrote:
> On 07/18/2016 05:45 AM, Linov Suresh wrote:
> &
W6tqgbhZONaITPcEA8byiXTizIa+vfICkSMZW6qYLpvh6
IEXMZ+CxkhGN101HiyrHKNIBUeXoCvIf1s6fTzJHIFgCpeDS2gymj8hbmSEItRfz
OK9xD3+3bP+ttgw3rxPKiKqCKNr/AgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUx5/Z
pwOfXZQ5KNwC42cBW+Y+bGIwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNo
dHRwOi8vY2Flci50ZWxvaXAubmV0OjkxODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMC
BPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUA
A4IBAQCSH1Qf7pIWL4krYbMvvPqoQddy4A1Rgc4pglhQwVb7UhzFuPoD+IcVk8LJ
KCA8mlWKpBw9vnCsbaIB1oIs7aFEvFJVb9G2TUJ/gzcbMlPfDJ1CdoBJgN/QDfqA
Az3k3av4U5rJc59KG5taV3nKcSRtLT2qiW939fgDWbUkAoyALlDg+v5kNgPVEvb0
oGBMypFL9LW6CcQJycde8nB6XnBPMFaPrJu4l1pThS7OfBFIwewpd72+JstiaIv5
tKMdREWFwZuiQ9NVX5E9pzTwgbi/9WbKSZgNl58L16zgwnZ0pnndDcNf/FXwwRKP
wm1YBfh+UyydiHHl/swLyV84vOXr
-END CERTIFICATE-
Your help is highly appreciated.
Regards,
Linov Suresh.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
ternal error: no response to "
http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=63&renewal=true&xml=true
".
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
cert-pki
I logged into my IPA master, and found that the cert had expired again,
we renewed these certificates about 18 months ago.
Our environment is CentOS 6.4 and IPA 3.0.0-26.
I followed the Redhat documentation, How do I manually renew Identity
Management (IPA) certificates after th
I logged into my IPA master, and found that the cert had expired again, we
renewed these certificates about 18 months ago.
Our environment is CentOS 6.4 and IPA 3.0.0-26.
I followed the Redhat documentation, How do I manually renew Identity
Management (IPA) certificates after they have expired
28 matches
Mail list logo
