I'm not sure I'd call what we have "success" just yet. ;-)
You're right -- F21, IPA 4.1.4-1. I'll try the steps you outlined and
see how we go.
Rob, would you have just used the existing "localhost.key" instead of
generating a new one?
On 06/03/2016 09:48 AM, Rob Crittenden wrote:
Bret
On 03/06/16 15:22, Alexander Bokovoy wrote:
On Fri, 03 Jun 2016, lejeczek wrote:
hi users,
I have a samba and sssd trying AD, it's 7.2 Linux.
That linux box is via sssd and samba talking to AD DC and
win10 clients get to samba shares, getent pass sees AD
users, samba can get to DC's
seli irithyl wrote:
Yes, you're right, I was also surprised by the subject of the error.
I made changes in the /etc/httpd/conf.d/nss.conf file.
I changed
Listen 443 to Listen 8443
and
to
as it was in the /etc/httpd/conf.d/nss.conf file before the update.
You have to change it back. mod_nss
Bret Wortman wrote:
I'm not sure I'd call what we have "success" just yet. ;-)
You're right -- F21, IPA 4.1.4-1. I'll try the steps you outlined and
see how we go.
Rob, would you have just used the existing "localhost.key" instead of
generating a new one?
No, I think you did the right thing,
On 03/06/16 15:11, Sumit Bose wrote:
On Fri, Jun 03, 2016 at 02:39:00PM +0100, lejeczek wrote:
hi users,
I have a samba and sssd trying AD, it's 7.2 Linux.
That linux box is via sssd and samba talking to AD DC and win10 clients get
to samba shares, getent pass sees AD users, samba can get
On 06/03/2016 11:02 AM, Rob Crittenden wrote:
Bret Wortman wrote:
I'm not sure I'd call what we have "success" just yet. ;-)
You're right -- F21, IPA 4.1.4-1. I'll try the steps you outlined and
see how we go.
Rob, would you have just used the existing "localhost.key" instead of
generating
On Fri, 03 Jun 2016, lejeczek wrote:
On 03/06/16 15:22, Alexander Bokovoy wrote:
On Fri, 03 Jun 2016, lejeczek wrote:
hi users,
I have a samba and sssd trying AD, it's 7.2 Linux.
That linux box is via sssd and samba talking to AD DC and win10
clients get to samba shares, getent pass sees
Bret Wortman wrote:
On 06/03/2016 11:02 AM, Rob Crittenden wrote:
Bret Wortman wrote:
I'm not sure I'd call what we have "success" just yet. ;-)
You're right -- F21, IPA 4.1.4-1. I'll try the steps you outlined and
see how we go.
Rob, would you have just used the existing "localhost.key"
I'll check and report back Tuesday.
Bret Wortman
http://wrapbuddies.co/
On Jun 3, 2016, 1:04 PM -0400, Rob Crittenden, wrote:
> Bret Wortman wrote:
> >
> >
> > On 06/03/2016 11:02 AM, Rob Crittenden wrote:
> > > Bret Wortman wrote:
> > > > I'm not sure I'd call what we
On Thu, Jun 02, 2016 at 03:00:36PM +0200, Karl Forner wrote:
>
> My problem is:
> I have an ipa.example.com server on the internal network, with
> self-signed certificates.
> I'd like to be able to connect to the UI from the internet, using
> https with other certificates (e.g. let's encrypt
dan.finkelst...@high5games.com wrote:
A further update: when I try to install the CA component, it erroneously
says that the CA is installed:
root@ipa ~]# ipa-ca-install --skip-conncheck --debug
[ snip ]
ipa : DEBUGThe ipa-ca-install command failed, exception:
SystemExit: CA is
On 03/06/16 08:06, Petr Spacek wrote:
On 2.6.2016 18:30, lejeczek wrote:
hi users,
I do (all on IPA server)
$ host 10.5.6.100
Host 100.6.5.10.in-addr.arpa. not found: 3(NXDOMAIN)
I do:
$ host 10.5.6.17
17.6.5.10.in-addr.arpa domain name pointer ..
I do:
$ ipa dnsrecord-find
So for our internal yum server, I created a new key and cert request (it
had a localhost key and cert but I wanted to start clean):
# openssl genrsa 2048 > /etc/pki/tls/private/server.key
# openssl req -new -x509 -nodes -sha1 -days 365 -key
/etc/pki/tls/private/server.key >
On 06/03/2016 11:11 AM, seli irithyl wrote:
> Sorry Martin,
> I rebooted the IdM server:
> [root@lead sssd]# ipactl status
> Directory Service: RUNNING
> krb5kdc Service: RUNNING
> kadmin Service: RUNNING
> ipa_memcached Service: RUNNING
> httpd Service: RUNNING
> pki-tomcatd Service: RUNNING
>
# getcert list
returns 9 request ID. All 9 are in status "MONITORING" and expire after
2017.
So no expired certificate.
Number of certificates and requests being tracked: 9.
Request ID '20150313092422':
status: MONITORING
stuck: no
key pair storage:
On 3.6.2016 10:33, lejeczek wrote:
>
>
> On 03/06/16 08:06, Petr Spacek wrote:
>> On 2.6.2016 18:30, lejeczek wrote:
>>> hi users,
>>>
>>> I do (all on IPA server)
>>>
>>> $ host 10.5.6.100
>>> Host 100.6.5.10.in-addr.arpa. not found: 3(NXDOMAIN)
>>>
>>> I do:
>>>
>>> $ host 10.5.6.17
>>>
Hi Rob,
Actually certmonger service is failed after restart it, but without its active
the two 389-ds and apache certs could be renewed as well.. it's weird..
root@ecnshlx3039-test2(SH):~ #systemctl status certmonger
certmonger.service - Certificate monitoring and PKI enrollment
Sorry Martin,
I rebooted the IdM server:
[root@lead sssd]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was
On Fri, Jun 03, 2016 at 02:39:00PM +0100, lejeczek wrote:
> hi users,
>
> I have a samba and sssd trying AD, it's 7.2 Linux.
>
> That linux box is via sssd and samba talking to AD DC and win10 clients get
> to samba shares, getent pass sees AD users, samba can get to DC's shares and
> win10's
On Fri, 03 Jun 2016, lejeczek wrote:
hi users,
I have a samba and sssd trying AD, it's 7.2 Linux.
That linux box is via sssd and samba talking to AD DC and win10
clients get to samba shares, getent pass sees AD users, samba can get
to DC's shares and win10's clients shares, all good
Hi Robert..
Thanks for the reply. Think I might have found the issue. The KVM host
my master was running on was showing redhat release 6.5 but the libvrt
packages were showing 6.6. I think the managers of the kvm host did not
reboot it after an update with new kernel. Asked them to reboot
seli irithyl wrote:
# getcert list
returns 9 request ID. All 9 are in status "MONITORING" and expire after
2017.
So no expired certificate.
Number of certificates and requests being tracked: 9.
[snip]
Request ID '20150313092456':
status: MONITORING
stuck: no
key pair storage:
hi users,
I have a samba and sssd trying AD, it's 7.2 Linux.
That linux box is via sssd and samba talking to AD DC and
win10 clients get to samba shares, getent pass sees AD
users, samba can get to DC's shares and win10's clients
shares, all good except...
smbclient @samba, in other words
Bret Wortman wrote:
So for our internal yum server, I created a new key and cert request (it
had a localhost key and cert but I wanted to start clean):
# openssl genrsa 2048 > /etc/pki/tls/private/server.key
# openssl req -new -x509 -nodes -sha1 -days 365 -key
24 matches
Mail list logo