dan.finkelst...@high5games.com wrote:
Hi Sebastian,
Unfortunately, that doesn't seem to be it and reinstalling the replica
with setup-ca failed again with the same errors. I've included relevant
sections of the logs.
/var/log/ipareplica-install.log:
016-06-02T10:43:16Z DEBUG Starting
Cal Sawyer wrote:
Apologies for the lengthy pause in getting back onto this. I ended up
destroying the replica and reprovisioning frmm scratch, but the replica
still lists as being CA-less.
Is what i'm seeing normal? Would this 2-node setup in this state
survive failure of the master?
It
He folks,
I was looking for information on accessing the web API from python.
Between other info in this list the
https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/
blog post and a little trial and error I got it working. The following
python script logs in with a username
Bret Wortman wrote:
Is it possible to use our freeipa CA as a trusted CA to sign our
internal SSL certificates? Our system runs on a private network and so
using the usual trusted sources isn't an option. We've been using
self-signed, but that adds some additional complications and we thought
Hi Rob,
There's a few logs in there, I'm not sure which is most informative. Here are
some sections from what I think are relevant logs:
/var/log/pki/pki-tomcat/localhost.log:
Jun 01, 2016 12:16:34 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet
On Thu, Jun 02, 2016 at 05:35:01PM -0400, bret.wort...@damascusgrp.com wrote:
> Sorry, let me back up a step. We need to implement hype
> everywhere. All our web services. And clients need to get
> keys automatically whether through IPA or Puppet. These
> systems use IPA for everything but
Cool. I'll give this a go in the morning.
Bret Wortman
http://wrapbuddies.co/
On Jun 2, 2016, 6:24 PM -0400, Fraser Tweedale, wrote:
> On Thu, Jun 02, 2016 at 05:35:01PM -0400, bret.wort...@damascusgrp.com wrote:
> > Sorry, let me back up a step. We need to implement hype
>
Hello, comments inline
On 01.06.2016 20:34, Michael Rainey (Contractor) wrote:
My apologies for the duplicate thread, but from my vantage point I did
not see any signs of my message making it to the mailing list. My
original message was not posted back to me, nor was your reply posted
to
On Thu, Jun 02, 2016 at 08:29:15AM +0300, Alexander Bokovoy wrote:
> On Wed, 01 Jun 2016, Geordie Grindle wrote:
> > Does IPA only use ‘sssd.conf’ for kerberos authentication? Is there another
> > file used to configure kerberos?
> >
> > I’ve built a host using Foreman and our puppet
Hi Sebastian,
Unfortunately, that doesn't seem to be it and reinstalling the replica with
—setup-ca failed again with the same errors. I've included relevant sections of
the logs.
/var/log/ipareplica-install.log:
016-06-02T10:43:16Z DEBUG Starting external process
2016-06-02T10:43:16Z DEBUG
Hi guys,
Do any of you have this setup working? And if so, how did you do it?
Thanks,
Tony
--
Best regards,
Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316
--
Manage your subscription for the
Hi,
I configured a samba with freeipa in kerberized mode. It work
fine for normaly mounting but with autofs it work only if root has a
kerberos ticket (example : kinit admin).
When root haven't ticket,
other users can't go in automount folder, but when root has ticket, it
works fine for
Hi Rob,
We are using fedora 17.
And as you said, when I roll back time to when the CA subsystem and ipaCert are
valid. Then restart ipatcl, "pki-cad@pki-ca.service" is active as normal.
But these five certs could not renewed as before. (actually I always restart
ipa world after I roll back
Hi,
My problem is:
I have an ipa.example.com server on the internal network, with
self-signed certificates.
I'd like to be able to connect to the UI from the internet, using
https with other certificates (e.g. let's encrypt certificates).
So I tried to setup an SNI apache reverse proxy, but I
Apologies for the lengthy pause in getting back onto this. I ended up
destroying the replica and reprovisioning frmm scratch, but the replica
still lists as being CA-less.
Is what i'm seeing normal? Would this 2-node setup in this state
survive failure of the master?
-
Hi Dan,
I had a similar problem when updating my FreeIPA. In my case it turned
out that the certificates that get bundled with the replica preparation
file were expired. This is due to the /root/cacert.p12 file not being
updated during the preparation process until FreeIPA 3.2.2
The file can be
Hello All,
Recently went from RHEL 6.7 IPA 3.0.47 to 6.8 IPA 3.0.50. I also think
(not sure on this yet) that they changed ntp.. ntp used to point at my
ipas.. but they look like they are now pointing elsewhere. Everything was
stable at 6.7 3.0.47 pointing to IPA for NTP. However.. they all
hi users,
I do (all on IPA server)
$ host 10.5.6.100
Host 100.6.5.10.in-addr.arpa. not found: 3(NXDOMAIN)
I do:
$ host 10.5.6.17
17.6.5.10.in-addr.arpa domain name pointer ..
I do:
$ ipa dnsrecord-find 5.10.in-addr.arpa
Record name: @
NS record: rider.private.dom.,
18 matches
Mail list logo