[Freeipa-users] Server removal aborted: Deleting this server is not allowed as it would leave your installation without a CA

Are there instructions to manually uninstall? I’m getting the below errors. ipa-server-install -U --uninstall ipa.ipapython.install.cli.uninstall_tool(Server): ERRORServer removal aborted: Deleting this server is not allowed as it would leave your installation without a CA..

[Freeipa-users] IPA DNS Server and DNSMasq

This might be a bit offtopic. I am using dnsmasq with NetworkManger. So, my /etc/resolv.conf has nameserver 127.0.0.1. For some reason I can't get response from dnsmasq queries to the ipa server, it times out. OTOH, I can watch the DNS traffic between dnsmasq and the ipa server. The queries

Re: [Freeipa-users] Let's Encrypt along with FreeIPA

>> you seem to have an issue when the LetsEncryptAuthorityX3 is being >> installed. The certificate from the CA that issued this certificate >> (DSTRootCAX3) seems to be installed correctly. Could you verify that >> DSTRootCAX3 is marked as trusted CA by issuing: >> >> certutil -d

Re: [Freeipa-users] Directory Manager Password Change | off topic

Ah yes, I hadn't even noticed as Google cleans that up automatically but I can confirm (explicit) contact from Kimmi and co. On Mon, Dec 5, 2016 at 5:24 PM Joseph Flynn wrote: Ah, now SophiaB wants in on the action too. Looks like my lucky day. Seriously though, I

Re: [Freeipa-users] Directory Manager Password Change

Thanks Stefan, what I didn't mention is that half way through our network engineer decided to implement a change that silently broke Kerberos authentication leaving me chasing my tail on the wrong problem. Anyway, time to move on - have a great day. On Mon, Dec 5, 2016 at 4:39 PM Stefan Uygur

[Freeipa-users] can manage user access from Serial Console & only use local users in case cannot reach IPA server ?

Hi , I'm just testing IPA on CentOS 6, login via ssh is woking fine. I would like to try two steps but didnot find any documents- 1). can we manage user that access from serial interface. 2). in case IPA was failed, can we configure it to use local user Best Regards, sjw --

Re: [Freeipa-users] Let's Encrypt along with FreeIPA

On Mon, Dec 05, 2016 at 01:05:46PM -0500, Robert Kudyba wrote: > > >> you seem to have an issue when the LetsEncryptAuthorityX3 is being > >> installed. The certificate from the CA that issued this certificate > >> (DSTRootCAX3) seems to be installed correctly. Could you verify that > >>

Re: [Freeipa-users] Server removal aborted: Deleting this server is not allowed as it would leave your installation without a CA

On 12/05/2016 08:15 PM, Robert Kudyba wrote: Are there instructions to manually uninstall? I’m getting the below errors. ipa-server-install -U --uninstall ipa.ipapython.install.cli.uninstall_tool(Server): ERRORServer removal aborted: Deleting this server is not allowed as it would leave

Re: [Freeipa-users] Mapping users from AD to IPA KDC

On 12/5/2016 2:02 AM, Alexander Bokovoy wrote: On su, 04 joulu 2016, TomK wrote: Could not get much from logs and decided to start fresh. When I run this: ipa trust-add --type=ad mds.xyz --admin Administrator --password Trust works fine and id t...@mds.xyz returns a valid result. However

Re: [Freeipa-users] Directory Manager Password Change

On 12/05/2016 01:05 PM, Callum Guy wrote: Hi All, I have been testing FreeIPA and now plan to migrate to production use - thanks for creating such a great application! During the test phase we have been using simple passwords for the admin and directory manager users however we need these

[Freeipa-users] Directory Manager Password Change

Hi All, I have been testing FreeIPA and now plan to migrate to production use - thanks for creating such a great application! During the test phase we have been using simple passwords for the admin and directory manager users however we need these changed before moving into production. I believe

Re: [Freeipa-users] Directory Manager Password Change

Hi, I think you are copying and pasting the exact same commands from the article, which is of course a wrong approach. Never copy/paste from web to execute on your server. That $ signs indicates you can give any name you’d like. Follow this article here:

[Freeipa-users] Importing Host Entries from /etc/hosts using sample nis-hosts.sh: Zone name error

Using the sample script I’m trying to use hosts that are in various states meaning they could be powered off or disconnected, in our 2 campuses. We

Re: [Freeipa-users] Directory Manager Password Change

Hi Stefan, Thanks for your input, I am able to clarify that I wasn't simply copying and pasting in - the dollar sign was included in my password rather than the example. But yes, no denying that my command line skills are to blame. Further to this problem I am happy to report that the issue is

Re: [Freeipa-users] Importing Host Entries from /etc/hosts using sample nis-hosts.sh: Zone name error

Robert Kudyba wrote: > Using the sample script > > I’m > trying to use hosts that are in various states meaning they could be > powered off or

Re: [Freeipa-users] Importing Host Entries from /etc/hosts using sample nis-hosts.sh: Zone name error

>> ./nis-hosts.sh nisname subdomain.ourdomain.edu >> >>

Re: [Freeipa-users] Directory Manager Password Change | off topic

Guys, Since I replied to the list I keep receiving spam emails, what is happening? From: Stefan Uygur Sent: 05 December 2016 16:40 To: 'Callum Guy'; Florence Blanc-Renaud; freeipa-users@redhat.com Subject: RE: [Freeipa-users] Directory Manager Password Change Glad you solved your issue. I’ve

Re: [Freeipa-users] Directory Manager Password Change | off topic

Me too. Within minutes of my first posting, I have good old Kimmi offering me all kinds of favors. All of our emails are exposed to the group which I'd like to trust but we obviously can't. All it takes is for a spammer to join the group and they will eventually collect a group of active emails

Re: [Freeipa-users] Directory Manager Password Change | off topic

Ah, now SophiaB wants in on the action too. Looks like my lucky day. Seriously though, I think the community needs to anonymize participants out of necessity. On Mon, Dec 5, 2016 at 12:02 PM, Joseph Flynn wrote: > Me too. Within minutes of my first posting, I have good