Hi,
I am getting the following error while removing a host.
---
Certificate operation cannot be completed: Unable to communicate with CMS
(Not Found)
---
Apache log
---
[Wed May 20 12:10:26 2015]
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable, it is so much potential and yet.
Servers
Hi Alex,
thanks for your prompt response. This more/less sums up our arguments, but
definitely the AD protocol documentation might be helpful.
Best regards,
Jan
2015-05-20 11:39 GMT+02:00 Alexander Bokovoy aboko...@redhat.com:
On Wed, 20 May 2015, opsource trail wrote:
Hello,
we plan to
Hello,
please let me correct this:
IPA cares only about correct DNS records. It does not matter if IPA manages
the DNS server or if the server is external entity - everything will work as
long as all records are in place.
IPA installers should give you standard zone file which can be added to
On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
Hello!
I've tried to setup my IPA server to work on multiple domain env, for
the example, I have 20 instance/servers using mydomain.co.id then I have
another 10 instance/servers using mydomain.com, I want to manage both of
them on same
Hello!
On 05/20/2015 05:30 PM, Martin Kosek wrote:
On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
Hello!
I've tried to setup my IPA server to work on multiple domain env, for
the example, I have 20 instance/servers using mydomain.co.id then I have
another 10 instance/servers using
Yes, of course.
I will add NS record to parent zone if my IPA server are ready for
production. :D
Thanks for any comments and help.
Cheers! :)
On 05/20/2015 06:02 PM, Petr Spacek wrote:
On 20.5.2015 12:56, Dewangga Bachrul Alam wrote:
Thanks Martin,
Better I leave the configuration as is :D
Thanks Martin,
Better I leave the configuration as is :D
So, If I want to add another domain, I just add and point them to master
IPA Server, right? And add DNS Zone, A Rec, etc on IPA server by using
`ipa dnsrecord-add`.
Isn't it?
On 05/20/2015 05:42 PM, Martin Kosek wrote:
On 05/20/2015
On 05/20/2015 12:38 PM, Dewangga Bachrul Alam wrote:
Hello!
On 05/20/2015 05:30 PM, Martin Kosek wrote:
On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
Hello!
I've tried to setup my IPA server to work on multiple domain env, for
the example, I have 20 instance/servers using
On 05/20/2015 12:56 PM, Dewangga Bachrul Alam wrote:
Thanks Martin,
Better I leave the configuration as is :D
So, If I want to add another domain, I just add and point them to master
IPA Server, right?
Right, after FreeIPA 3.2 (https://fedorahosted.org/freeipa/ticket/3544),
dnszone-add
hi rob,
On Mon, May 18, 2015 at 3:46 PM, Rob Crittenden rcrit...@redhat.com wrote:
Natxo Asenjo wrote:
On Sat, May 16, 2015 at 10:24 PM, Natxo Asenjo natxo.ase...@gmail.com
mailto:natxo.ase...@gmail.com wrote:
hi,
If I retrieve the usercertificate attribute for host objects I get
Natxo Asenjo wrote:
hi rob,
On Mon, May 18, 2015 at 3:46 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Natxo Asenjo wrote:
On Sat, May 16, 2015 at 10:24 PM, Natxo Asenjo
natxo.ase...@gmail.com mailto:natxo.ase...@gmail.com
Hello!
I've tried to setup my IPA server to work on multiple domain env, for
the example, I have 20 instance/servers using mydomain.co.id then I have
another 10 instance/servers using mydomain.com, I want to manage both of
them on same IPA server.
On instance with mydomain.com, I've setup and
On Wed, 20 May 2015, opsource trail wrote:
Hello,
we plan to deploy IPA (Red Hat IdM) trust with AD domain but at the moment
we are kind of confused about what type of trust we will need to deal with.
In Red Hat documentation we get an information that:
... Trusts, then, are essentially
hi Rob,
On Wed, May 20, 2015 at 2:08 PM, Rob Crittenden rcrit...@redhat.com wrote:
Nat
You could try adding -inform DER
cool, that works ;-)
Thanks.
--
Groeten,
natxo
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable, it is so much potential and yet.
Servers running
On 5/20/15 12:54 AM, Ludwig Krispenz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable, it
Sanju A wrote:
Hi,
I am getting the following error while removing a host.
---
Certificate operation cannot be completed: Unable to communicate with
CMS (Not Found)
---
This usually means that the CA is not serving
Sina Owolabi wrote:
Another key difference I noticed is that the problematic certs have
CA:IPA in them, while the working certs have CA:
dogtag-ipa-retrieve-agent-submit.
Ok, the full output is really helpful.
First an explanation of CA subsystem renewal.
CA clones are just that, exact
Hi Rob
This is the only CA master. The one I cloned it from was decommissioned,
reinstalled and then made to be a replica of this server.
Looks like I'm really stuck. How do I export the data out so I can
reinstall from scratch, if possible? There are a lot of rules and
configuration data I'd
On 05/20/2015 03:25 PM, Janelle wrote:
On 5/20/15 12:54 AM, Ludwig Krispenz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable, it is
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really
Running FreeIPA 4.1.4, Fedora 21. Trying to get dynamic DNS updates on
clients to work following these instructions:
http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
(Using GSS-TSIG isn't an option because I have no way of authenticating
every time a client IP
I forgot to describe the system account that I created. I followed the
procedure at https://www.freeipa.org/page/HowTo/LDAP#System_Accounts
# LDAPsearch, sysaccounts, etc, ...
dn: uid=LDAPsearch,cn=sysaccounts,cn=etc,dc=...
objectClass: account
objectClass: simplesecurityobject
objectClass: top
If you want to add special ACIs using the new/updated permission API (ipa
permission-add), I would suggest following procedure:
1) Add the new system account in cn=sysaccounts,cn=etc,dc=rhel71
2) Add the new permissions you want to add, make them a member of a (new)
privilege.
3) Create a new
Boyce, George Robert. (GSFC-762.0)[NICS] wrote:
If you want to add special ACIs using the new/updated permission API (ipa
permission-add), I would suggest following procedure:
1) Add the new system account in cn=sysaccounts,cn=etc,dc=rhel71
2) Add the new permissions you want to add, make
Sina Owolabi wrote:
Hi Rob
This is the only CA master. The one I cloned it from was
decommissioned, reinstalled and then made to be a replica of this server.
Looks like I'm really stuck. How do I export the data out so I can
reinstall from scratch, if possible? There are a lot of rules and
Dear Rob,
Please find the result of getcert list.
Request ID '20140430124456':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
Hello again.
Is it now clear how to deal with problem ipa-replica-manage list-ruv showing
unable to decode: {replica 16} 548a81260010 548a81260010
?
I have this on all of my 17 servers, including a new replica created recently,
and
ipa-replica-manage clean-ruv 16 says
unable to
On 05/20/2015 04:01 PM, Boyce, George Robert. (GSFC-762.0)[NICS] wrote:
This worked for me:
$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=cm
(|(uid=admin)(name=admin)) dn
SASL/GSSAPI authentication started
SASL username: ad...@example.com
SASL SSF: 56
SASL data
On 05/20/2015 10:17 AM, thierry bordaz wrote:
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once
Hello,
TL;DR: how should I authenticate for pki command line commands on
stock IPA installation?
Longer context: I try to setup new IPA server (1) with --external-ca
and I'd like to sign the CSR which gets generated on IPA 1 using
CA at my other IPA server (2).
The CSR as produced by IPA 1 is
33 matches
Mail list logo