Shree wrote:
Martin
First of all thank you so much for your detailed analysis. I got a
chance to finally take a look at it today. I tried your suggested
changes to the /etc/krb5.conf and I now get the following response.
[root@www ~]# kinit
kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM'
barry...@gmail.com wrote:
Dear all:
I have succesfful impont certs to http and ldap but some inssue arise.
1) when i click in service in the UI it still using OLD entries of seld
sign cert and given out error ...pls see attachment,.
How to reflect the godaddy cert there and it cannot be deleted
barry...@gmail.com wrote:
Http:// still able to acces
I want only https to access
That should be the default with a few exceptions. We'd need to see your
ipa-rewrite.conf.
rob
2014/3/31 下午10:11 於 Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com 寫道:
barry...@gmail.com wrote:
I follow the mAnual.using ipa cert install
It will auto remove ipa cert after u insert godaddy . Should i add them
back? No.conflict?
You only need to add in the CA. There will be no conflict.
2)do.umeant ca root cert of godaddy ? Ialread try added any ca root
Rob
This is what I get.
[root@www ~]# KRB5_TRACE=/dev/stdout kinit skarul...@mydomain.com
[14858] 1396278013.584391: Getting initial credentials for
skarul...@mydomain.com
[14858] 1396278013.584975: Sending request (188 bytes) to mydomain.com
[14858] 1396278013.585470: Retrying AS request with
Shree wrote:
Rob
This is what I get.
Realm is case-sensitive, try skarul...@mydomain.com
rob
[root@www ~]# KRB5_TRACE=/dev/stdout kinit skarul...@mydomain.com
[14858] 1396278013.584391: Getting initial credentials for
skarul...@mydomain.com
[14858] 1396278013.584975: Sending request (188
Hi all; avid user of both FreeIPA and IPA for a few years now. I have a unique
situation that I hope someone can provide some insight, or help with. I am
presented a private, and public (floating) IP after RX a VM from my IaaS
provider. The 'public' IP is NATted, and not visible from w/in the
I had this issue as well.
It would be good to add a `curl icanhazip.com` check to the script to allow for
1:1 nat in places like AWS.
I successfully worked around the issue by allocating the external IP to an
internal sub interface during the install:
so run:
ifconfig eth0:0 192.168.10.10
Hi Will,
Hilarious. It's always after you hit 'enter' when sending emails to distro
lists that you realize what you should have done. (I did what you mentioned
below moments after sending out the email to the list.)
None the less, I wanted to say THANK YOU for responding. Hopefully, it will
Sabin Ranjit sabinranjit@... writes:
hi,
i followed this page for the installation of freeipa client over the
ubuntu 12.04
server.http://www.redhat.com/archives/freeipa-users/2013-June/msg00091.html
everything seem to go as mentioned in the page. when i get at the
Gustavo Berman wrote:
Sabin Ranjit sabinranjit@... writes:
hi,
i followed this page for the installation of freeipa client over the
ubuntu 12.04
server.http://www.redhat.com/archives/freeipa-users/2013-June/msg00091.html
everything seem to go as mentioned in the page.
Hi,
I have a rhel5 client I had problems with my IPA environment and had to rebuild
I'm on the latest version of IPA with a red hat 6 server
I successfully enrolled the client to the new server (same domain, same realm)
I had removed all old certs, sysrestores, and ipa/default.conf
I can ssh
Todd Maugh wrote:
Hi,
I have a rhel5 client I had problems with my IPA environment and had to
rebuild
I’m on the latest version of IPA with a red hat 6 server
I successfully enrolled the client to the new server (same domain, same
realm) I had removed all old certs, sysrestores, and
I have found this to be my only way to get Ubuntu to work with ipa as clients
Add the IDM servers to the hosts file
echo {ip address of idmserver} {fqdn of idm server
/etc/hosts
Set the Hostname for the box
echo ubuntu-idm-02.boingo.com /etc/hostname
HBAC rules are set to allow_all enabled
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, March 31, 2014 3:44 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] uninstalled IPA client and reinstalled and
enrolled to new server cant
Todd Maugh wrote:
HBAC rules are set to allow_all enabled
Ok. I'd start with increasing the sssd log level and see what it says.
I gather that basic nss works since you can kinit as other users.
You may want to check for SELinux AVCs as well.
rob
-Original Message-
From: Rob
[root@black-62 sssd]# tail -f sssd_ops.boingo.com.log
(Mon Mar 31 22:58:01 2014) [sssd[be[ops.boingo.com]]] [be_resolve_server_done]
(4): Found address for server idm-master-els.ops.boingo.com: [172.22.170.46]
TTL 7200
(Mon Mar 31 22:58:01 2014) [sssd[be[ops.boingo.com]]] [sasl_bind_send] (4):
On 03/31/2014 07:05 PM, Todd Maugh wrote:
[root@black-62 sssd]# tail -f sssd_ops.boingo.com.log
(Mon Mar 31 22:58:01 2014) [sssd[be[ops.boingo.com]]] [be_resolve_server_done]
(4): Found address for server idm-master-els.ops.boingo.com: [172.22.170.46]
TTL 7200
(Mon Mar 31 22:58:01 2014)
18 matches
Mail list logo