Thanks for the update Rob. I went back to Jan 20, 2016, restarted CA and
certmonger. Look like certificates were renewed. But I'm getting a
different error now,
*ca-error: Internal error: no response to
"http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=62&renewa
Would a DNS view (bind) work?
http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_06.htm
Also, depending on what you are using for NAT, some devices will mangle the
reply payload of A record lookups as they traverse NAT to avoid haripinning (a
packet going out and then back in the same inte
Ok, I've just spoken with my colleague that has been involved in the IPA
roll out, and he said he thought that override_space wasn't compatible with
ID overrides?
Either way, since we have a working system we are reticent to make too many
changes - soon we will have a test system in place and I wi
Previously we did have the default_domain_suffix set, but we had to unset
it. I can't remember why we had to - something to do with
ownership/permissions and our filesystem (IBM v7000) not playing nice iirc.
We really wanted to use the dds => the researchers are complaining of
broken brains due to
On So, 2016-07-16 at 15:37 +0200, Lukas Slebodnik wrote:
> On (16/07/16 10:19), Martin Štefany wrote:
> >
> > Hello Sumit,
> >
> > seems that upgrade to F24 broke things again. This time no AVCs, empty SSSD
> > logs, but same problem: 'Error looking up public keys'.
> >
> > selinux-policy-3.13.1
On 17 July 2016 at 09:03, Alexander Bokovoy wrote:
> Your sssd configuration does not mention what DN is used to bind to the
> LDAP server to retrieve the data. This means you are using anonymous
> bind. Since FreeIPA 4.0 there is a number of attributes that are not
> available to anonymous binds
i am looking to setup a VPN in order to access some resources, and want
to point my clients at this resource via DNS. the resource i am
accessing is internet resolvable, but i am accessing it via the VPN, and
using a NAT for the VPN (full 1-to-1 or static NAT). i want to have a
record in my D
On Sun, 17 Jul 2016, Sullivan, Daniel [AAA] wrote:
Have you tried different settings for ldap_schema (should be easy to test)?
http://linux.die.net/man/5/sssd-ldap
Dan
On Jul 16, 2016, at 4:19 PM, Peter Pakos
mailto:pe...@pakos.uk>> wrote:
Hi,
I'm about to move our FreeIPA platform into pro
On 17 July 2016 at 09:03, Alexander Bokovoy wrote:
>
> Your sssd configuration does not mention what DN is used to bind to the
> LDAP server to retrieve the data. This means you are using anonymous
> bind. Since FreeIPA 4.0 there is a number of attributes that are not
> available to anonymous bind
On 17 July 2016 at 03:48, Sullivan, Daniel [AAA] <
dsulliv...@bsd.uchicago.edu> wrote:
>
> Out of curousity is there any reason you are not using the IPA provider
> instead of LDAP (in SSSD)?
>
We initially want to switch hundreds of servers via Puppet change. At a
later stage we'll look at joinin
I did try setting ldap_schema to rfc2307 (I think this is the default
setting) rfc2307bis and ipa, but it didn't make any difference.
I also tried setting
ldap_group_member = member
ldap_user_member_of = memberOf
but again, it made no difference.
On 17 July 2016 at 03:38, Sullivan, Daniel [AAA
11 matches
Mail list logo