Re: [Freeipa-users] replica added, but clients still try renewing certificates with old master

On 09/21/2016 05:06 PM, Natxo Asenjo wrote: > hi Petr, > > On Wed, Sep 21, 2016 at 4:38 PM, Petr Vobornik > wrote: > > On 09/21/2016 10:50 AM, Natxo Asenjo wrote: > > > When I try to resubmit certificates from certmonger they still hit

Re: [Freeipa-users] FreeIPA upgrade from ipa-server-4.2.0-15.0.1.el7.centos.18 to ipa-server-4.2.0-15.0.1.el7.centos.19 (went sideways)

can you check if you have /var/lock/dirsrv/slapd-RSINC-LOCAL if the server user has permissions to write into this directory and its subdirs or if any pid file still exists in /var/lock/dirsrv/slapd-RSINC-LOCAL/server On 09/23/2016 07:29 AM, Devin Acosta wrote: Tonight, I noticed there

Re: [Freeipa-users] key + 2FA (password+OTP) is not working

Hi Alexander, I am using AWS to do a pilot on freeIPA & unfortunately AWS does not provide fedora or centos as part of its freetier setup so i have to live with ubuntu, redhat , suse etc. I have same problem with ubuntu and redhat though! Just one basic question.. what are the steps i

Re: [Freeipa-users] key + 2FA (password+OTP) is not working

Hi All, I am trying hard to get my 2FA working with FreeIPA but every effort of mine going waste! I have referred earlier forum emails but could not find any good reply on the issue i am facing. This is what i am trying I have a test user created in my IPA server enabled with Two factor

Re: [Freeipa-users] key + 2FA (password+OTP) is not working

On Fri, 23 Sep 2016, Deepak Dimri wrote: Hi Alexander, I somehow manage to try it on fedora and it did work fine for me.. Now is there any way i can restrict the login to OTP only? and not password + OTP? No, this is not supported. OTP value only is not secure enough (6 digits by default,

Re: [Freeipa-users] key + 2FA (password+OTP) is not working

Hi Alexander, I somehow manage to try it on fedora and it did work fine for me.. Now is there any way i can restrict the login to OTP only? and not password + OTP? Best Regards, Deepak From: Alexander Bokovoy Sent: Friday, September

Re: [Freeipa-users] key + 2FA (password+OTP) is not working

On Fri, 23 Sep 2016, Deepak Dimri wrote: Hi Alexander, I am using AWS to do a pilot on freeIPA & unfortunately AWS does not provide fedora or centos as part of its freetier setup so i have to live with ubuntu, redhat , suse etc. I have same problem with ubuntu and redhat though! CentOS 7 is

[Freeipa-users] Port and protocol for winsync

Hello, I am currently trying to setup the winsyncagreement between my AD and my FreeIPA servers. The network topology allows me to only connect the FreeIPA server to the 636 port of AD, using TLS. It seems that FreeIPA wants to connect to the port 389 using StartTLS when I run the

Re: [Freeipa-users] sss / nsswitch

On (13/09/16 16:18), Rob Verduijn wrote: >2016-09-13 15:07 GMT+02:00 Lukas Slebodnik : > >> On (13/09/16 10:39), Sumit Bose wrote: >> >On Tue, Sep 13, 2016 at 10:13:12AM +0200, Rob Verduijn wrote: >> >> Hi, >> >> >> >> Thanks that did it. >> >> >> >> Is there a less painfull

Re: [Freeipa-users] replica added, but clients still try renewing certificates with old master

On Fri, Sep 23, 2016 at 9:29 AM, Petr Vobornik wrote: > On 09/21/2016 05:06 PM, Natxo Asenjo wrote: > > > So, what should be the correct value for dns discovery for both > directives using > > dns discovery? > > I don't think there is a support for DNS discovery in

Re: [Freeipa-users] sss / nsswitch

2016-09-23 10:27 GMT+02:00 Lukas Slebodnik : > On (13/09/16 16:18), Rob Verduijn wrote: > >2016-09-13 15:07 GMT+02:00 Lukas Slebodnik : > > > >> On (13/09/16 10:39), Sumit Bose wrote: > >> >On Tue, Sep 13, 2016 at 10:13:12AM +0200, Rob Verduijn wrote: >

Re: [Freeipa-users] Port and protocol for winsync

On 09/23/2016 01:09 PM, malo wrote: Hello, I am currently trying to setup the winsyncagreement between my AD and my FreeIPA servers. The network topology allows me to only connect the FreeIPA server to the 636 port of AD, using TLS. It seems that FreeIPA wants to connect to the port 389

Re: [Freeipa-users] Port and protocol for winsync

Thank you for your response Martin ! This restriction is due to the architecture of the in place network. This is sadly not something that I can change. Regards, Nathan On 09/23/2016 02:26 PM, Martin Babinsky wrote: On 09/23/2016 01:09 PM, malo wrote: Hello, I am currently trying to

Re: [Freeipa-users] FreeIPA upgrade from ipa-server-4.2.0-15.0.1.el7.centos.18 to ipa-server-4.2.0-15.0.1.el7.centos.19 (went sideways)

On 09/23/2016 04:42 PM, Devin Acosta wrote: Ludwig, Thanks for that, for some reason I had to re-create the /var/lock/dirsrv/slapd-RSINC-LOCAL/server directory tree, it did not exist. Once I re-created it now the server starts. Should it have disappeared like that? no. I don't know what

Re: [Freeipa-users] FreeIPA upgrade from ipa-server-4.2.0-15.0.1.el7.centos.18 to ipa-server-4.2.0-15.0.1.el7.centos.19 (went sideways)

Ludwig, Thanks for that, for some reason I had to re-create the /var/lock/ dirsrv/slapd-RSINC-LOCAL/server directory tree, it did not exist. Once I re-created it now the server starts. Should it have disappeared like that? On Fri, Sep 23, 2016 at 12:18 AM, Ludwig Krispenz

Re: [Freeipa-users] replica added, but clients still try renewing certificates with old master

Petr Vobornik wrote: On 09/21/2016 05:06 PM, Natxo Asenjo wrote: hi Petr, On Wed, Sep 21, 2016 at 4:38 PM, Petr Vobornik > wrote: On 09/21/2016 10:50 AM, Natxo Asenjo wrote: > When I try to resubmit certificates from certmonger they

[Freeipa-users] Server replication stopped working

Hello. I have four IPA servers replicating in full mesh. All four servers are running ipa-server-4.2.0-15.0.1.el7_2.19.x86_64. This was working for some time but now I see that no replication is occurring automatically at present. When I update a user attribute on an IPA server, I see errors