Re: [Freeipa-users] Multiple issues (weblogin, DNS) with 4.3.1

Tomasz Torcz wrote: On Tue, Jun 21, 2016 at 01:38:19PM -0400, Rob Crittenden wrote: [Sat Jun 18 18:59:11.337717 2016] [wsgi:error] [pid 748083] CertificateOperationError: Certificate operation cannot be completed: Unable to communicate with CMS (Internal Server Error) [Sat Jun 18

Re: [Freeipa-users] EXAMPLE.COM IPA CA Import /etc/httpd/alias

Hi Günther, I wrote this wrapper last year, maybe this will help. https://github.com/uZer/rootools/blob/master/pki/freeipa/gencerts.sh If you use cnames: == $ ipa host-add cname.domain --force $ ipa service-add service/fqdn $ ipa

Re: [Freeipa-users] IPA 3.0.47 to 3.0.50 Upgrade problem

Hi Peter... Yes. this has me doing loops in my head to /dev/null You are correct I could not complete the BIND steps... I did them yesterday but did not post results as I wanted to stop bugging you all :) The initial credential section of that I could not complete nor can I get an keytab

Re: [Freeipa-users] Multiple issues (weblogin, DNS) with 4.3.1

Hi, Can you provide the output of : certutil -L -d /etc/dirsrv/slapd-/ on replicas that can't start the PKI? Your CA Cert attributes should be CT,C,C I experience the same issue as you every two replica I install. The fix is : certutil -d /etc/dirsrv/slapd-/ -A -t "CT,C,C" -n " IPA CA" -i

Re: [Freeipa-users] Ghost ipaSshPubKey in sss_ssh_authorizedkeys or 'Error looking up public keys'

On Tue, Jun 21, 2016 at 01:23:11PM +0200, Martin Štefany wrote: > On 6/21/2016 1:16 PM, Sumit Bose wrote: > > On Tue, Jun 21, 2016 at 12:43:23PM +0200, Martin Štefany wrote: > > > Hello Sumit, > > > > > > putting SELinux to permissive mode and/or enabling nis_enabled seboolean > > > seemed not

Re: [Freeipa-users] Multiple issues (weblogin, DNS) with 4.3.1

On Tue, Jun 21, 2016 at 01:38:19PM -0400, Rob Crittenden wrote: > > > > [Sat Jun 18 18:59:11.337717 2016] [wsgi:error] [pid 748083] > > > > CertificateOperationError: Certificate operation cannot be completed: > > > > Unable to communicate with CMS (Internal Server Error) > > > > [Sat Jun 18

[Freeipa-users] Kinit with 2-Factor not working

Hello, On our current IPA realm where we have not used 2-factor, we’ve been able to kinit to our FreeIPA realm from our laptops. All a Mac user needed to do, for example was to configure a ‘krb5.conf’ file and then ‘kinit us...@our.ipa.realm.com '. This would

Re: [Freeipa-users] FreeOTP

Hi all, Great news, can't wait for it to be available in Fedora ARM en test. Winny Op 21-06-16 om 22:23 schreef Nathaniel McCallum: I have found and fixed what I believe to be the issue. I have submitted a patch upstream for review: 

Re: [Freeipa-users] CA: IPA certificates not renewing

Thank you Rob! I now have two years till everything expires... On Tue, Jun 21, 2016 at 1:33 PM, Rob Crittenden wrote: > Marc Wiatrowski wrote: > >> Thanks for the reply Rob, >> >> So should fixing replication be more than running a re-initialize? >> I've tried this with no

Re: [Freeipa-users] Kinit with 2-Factor not working

On Wed, Jun 22, 2016 at 11:54:10AM -0400, Geordie Grindle wrote: > > Hello, > > On our current IPA realm where we have not used 2-factor, we’ve been able to > kinit to our FreeIPA realm from our laptops. All a Mac user needed to do, > for example was to configure a ‘krb5.conf’ file and then

[Freeipa-users] Where should the CA Location

Hi : I renew External CA cert below ...seem server-cert ok. But ca CERT FAIL.. I ALREADY PASTE ON /etc/httpd/alias /etc/dirsrv/slapd-PKI-IPA /etc/dirsv/slapd-ABX-com /var/lib/pki-ca/alias 's CA conf any idea? ABX-COM...[23/Jun/2016:10:42:32 +0800] - SSL alert: CERT_VerifyCertificateNow: