On Tue, Jul 26, 2016 at 01:45:19PM +1000, Fraser Tweedale wrote:
> On Mon, Jul 25, 2016 at 05:23:31PM -0500, Anthony Joseph Messina wrote:
> > After upgrading to FreeIPA 4.3.1, I am getting "Error querying OCSP
> > responder"
> > with the following command. I can confirm certificate with serial
On Mon, Jul 25, 2016 at 05:23:31PM -0500, Anthony Joseph Messina wrote:
> After upgrading to FreeIPA 4.3.1, I am getting "Error querying OCSP
> responder"
> with the following command. I can confirm certificate with serial 0x14 is
> present in the system and is not expired/revoked, etc. I'm a
In our FreeIPA deployment the clients use pam_nss_ldapd with the "compat"
schema. No ipa-client.
I'm planning to apply the patched ipa_pwd_extop plugin to only 2 of the
replicas (out of 8) where the external app authenticates against IPA's
LDAP. These 2 replicas are more used like readonly. The
After upgrading to FreeIPA 4.3.1, I am getting "Error querying OCSP responder"
with the following command. I can confirm certificate with serial 0x14 is
present in the system and is not expired/revoked, etc. I'm a bit nervous
about the "OCSPServlet: Could not locate issuing CA" in the Dogtag
We were not sure that Signing-Cert required for LDAP/Apache certificates
renewal. Thank you very much for your update Rob. We are going to renew the
certificates without Signing-Cert.
On Mon, Jul 25, 2016 at 6:08 PM, Rob Crittenden wrote:
> Linov Suresh wrote:
>
>> We are
Linov Suresh wrote:
We are using CentOS 6.4/FreeIPA 3.0.0
LDAP/Apache certificates were expired and when we tried to renew, we
found Signing-Cert is missing.
# certutil -L -d /etc/httpd/alias -n Signing-Cert certutil: Could not
find cert: Signing-Cert : File not found
How do we recreate
We are using CentOS 6.4/FreeIPA 3.0.0
LDAP/Apache certificates were expired and when we tried to renew, we found
Signing-Cert is missing.
# certutil -L -d /etc/httpd/alias -n Signing-Cert certutil: Could not find
cert: Signing-Cert : File not found
How do we recreate Signing-Cert certificate?
lm gnid wrote:
Hello, as in the link bellow, your help will be appreciated!
https://bugzilla.redhat.com/show_bug.cgi?id=1343796
The bug lacks almost all context so I have no idea what you have already
done.
In any case, the -vvv may be part of the problem, it does not mean verbose.
rob
pgb205 wrote:
Current topology:
ipa-srv1<->ipa-srv2
ipa-srv1 already has CA installed but *NOT *ipa-srv2.
The reason I would like to add CA on ipa-srv2 is because I want the
setup to ultimately become
ipa-srv2<->ipa-srv2<->ipa-srv3
however I am unable to create gpg replication file on
On Mon, 25 Jul 2016 21:23:19 +0530 Rakesh wrote:
RR> Hi,
RR>
RR> I am facing slow login issue with IPA 4.2.0 version. The login takes around
RR> 18-19s
Any change that it's running on a VM? If so, check your entropy:
cat /proc/sys/kernel/random/entropy_avail
If it's low (like < 1k), install
On Mon, Jul 25, 2016 at 09:23:19PM +0530, Rakesh Rajasekharan wrote:
> Hi,
>
> I am facing slow login issue with IPA 4.2.0 version. The login takes around
> 18-19s
>
> date;ssh testuser@10.16.32.4
> Mon Jul 25 11:14:54 UTC 2016
> testuser@10.65.32.4's password:
> Last login: Mon Jul 25 11:10:35
On Mon, Jul 25, 2016 at 02:13:49PM +, Stefan Uygur wrote:
> Hi everyone,
> I am using ipa-server-3.0.0-47.el6_7.2.x86_64 on my redhat 6 and I was
> wondering if there is a way in IPA to list the users, with their group and
> the hosts they can access along with sudo permissions.
>
> This is
Sébastien Julliot wrote:
Looks like I spoke too fast. Using ldappasswd, no problems with ldap
queries.
But kinit rejects my password ..
That is expected. You changed to a pre-hashed password (potentially) so
how can IPA generate Kerberos credentials? I think ldappasswd working is
a bug.
mohammad sereshki wrote:
hi
I get below error from "getcert list",would you please help me to solve it?
ca-error: Server denied our request, giving up: 2100 (RPC failed at
server. Insufficient access:
Insufficient 'write' privilege to the 'userCertificate' attribute of entry
On 25.07.2016 16:22, Anthony Clark wrote:
I wondered about that, but the docs specifically say public key, and
the command line option to "ipa vault-add" is "--public-key"
From "ipa vault-add --help"
--public-key=BYTESVault public key
--public-key-file=STR File containing the
I wondered about that, but the docs specifically say public key, and the
command line option to "ipa vault-add" is "--public-key"
>From "ipa vault-add --help"
--public-key=BYTESVault public key
--public-key-file=STR File containing the vault public key
So I hope you can understand my
Hi everyone,
I am using ipa-server-3.0.0-47.el6_7.2.x86_64 on my redhat 6 and I was
wondering if there is a way in IPA to list the users, with their group and the
hosts they can access along with sudo permissions.
This is for auditing purposes and IPA doesn't seem to have a functionality that
On 25.7.2016 15:30, Simo Sorce wrote:
> On Mon, 2016-07-25 at 08:24 -0500, Alston, David wrote:
>> Greetings!
>>
>> Yes, I had been hoping there would be a way to incorporate domain
>> trusts between Active Directory and FreeIPA while the clients relying
>> on these for identity management
On Mon, 2016-07-25 at 08:24 -0500, Alston, David wrote:
> Greetings!
>
> Yes, I had been hoping there would be a way to incorporate domain
> trusts between Active Directory and FreeIPA while the clients relying
> on these for identity management shared the same DNS domain (eg.
>
On Mon, 25 Jul 2016, Ilan Green wrote:
Thanks,
The issue per customer is having loads of legacy applications
programmed to use short host names - it will be cumbersome to fix it
What Petr asked about is to not host IPA server on the same machine as
those legacy apps. Have IPA servers separate
Greetings!
Yes, I had been hoping there would be a way to incorporate domain trusts
between Active Directory and FreeIPA while the clients relying on these for
identity management shared the same DNS domain (eg. linux.company.com and
windows.company.com). It sounds like that isn't going
Thanks,
The issue per customer is having loads of legacy applications programmed to use
short host names - it will be cumbersome to fix it
Ilan Green
Senior Technical Account Manager - EMEA
Red Hat
Mobile (+972) 52 3403218
email: igr...@redhat.com
- Original Message -
> From:
Hello Rob,
The indicated method was unsuccessful, but I found another way to do it :)
Here is a summary of my unsuccessful tests :
➜ ~ ipa user-add testuser --first=test --last=user --setattr
userpassword='{MD5}8UBIfmQu5CpHAAniVJWPrQ=='
---
Utilisateur « testuser »
On 24.07.2016 16:33, Anthony Clark wrote:
Hello All,
I have a crazy notion of storing a host's SSH private keys in a ipa
vault, so that a rebuilt host can use the same keys.
I'm on CentOS 7.2 and I'm using the RPMs available in the standard
centos base repository, so I'm constrained to
On 22.07.2016 20:17, pgb205 wrote:
Current topology:
ipa-srv1<->ipa-srv2
ipa-srv1 already has CA installed but *NOT *ipa-srv2.
The reason I would like to add CA on ipa-srv2 is because I want the
setup to ultimately become
ipa-srv2<->ipa-srv2<->ipa-srv3
however I am unable to create gpg
hido you know how can i solve it?
getcert list|grep -i err
ca-error: Server denied our request, giving up: 2100 (RPC failed at
server. Insufficient access: Insufficient 'write' privilege to the
'userCertificate' attribute of entry
Thank you very much @ all.
I see I must change the GID for docker.
_
Best regards
Junhe Jian
-Ursprüngliche Nachricht-
Von: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Gesendet: Freitag, 22. Juli 2016 21:25
An: Rob Crittenden
Cc: Junhe Jian;
On 22.7.2016 18:50, Günther J. Niederwimmer wrote:
> Hello List,
>
> what is the best way to include a local DNS Server?
Could you be more specific? What exactly are you trying to achieve?
> Can I configure on a IPA DNS Server (extern) views for a internal DNS
> without
> problems ?
>
> Is
28 matches
Mail list logo