William Muriithi writes:
> I just noticed that I used inappropriate way of setting up my hosts
> files and I am planning to make a fix. I am however worried this may
> break Kerberos. Should this change be of concern and have anyone made
> the changes before?
It will depend on what you named t
Afternoon.
I just noticed that I used inappropriate way of setting up my hosts
files and I am planning to make a fix. I am however worried this may
break Kerberos. Should this change be of concern and have anyone made
the changes before?
My current /etc/hosts are as follows:
192.168.20.2 ip
Hi Guys..
Sorry to bug ya again.. so looks like the selinux packages are not back
ported to 7.1 as I only have selinux-policy-3.13.1-23.el7_1.21.noarch as an
option
Setting the contexts manually to /etc/ipa/nssdb
Original
[root@server2 ipa]# ls -dZ nssdb
drwxr-xr-x. root root system_u:obje
Hi.
I've tried to delete and reimport only the *Server-Cert* certificate (I've
a copy of the original folder).
But it happened a strange behaviour:
*# certutil -L -d /etc/httpd/alias -n Server-Cert -a >
/tmp/Server-Cert.crt# certutil -D -d /etc/httpd/alias -n Server-Cert#
cer
Hi.
I've upgraded all packages of my distribution, not only ipa packages.
There were a lot of packages.
*[root@mlv-ipa01 ~]# rpm -q mod_nssmod_nss-1.0.14-7.el7.x86_64*
All other checks seem ok:
*[root@mlv-ipa01 ~]# certutil -V -u V -d /etc/httpd/alias -n
Server-Certcertutil: certifica
Sean Hogan wrote:
> Hi Robert,
>
> No I did not cut it off there was no reason listed.. that was the
> last line about the issue.
>
> I did find this to be my issue however
> https://bugzilla.redhat.com/show_bug.cgi?id=1262718 ... having our sat
> guys see if they can pull the new selinux pol
On 11/17/2016 04:51 PM, Morgan Marodin wrote:
Hi Rob.
I've just tried to remove the group write to the *.db files, but it's
not the problem.
/[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
NSSNickname Server-Cert/
I've tried to run manually /dirsrv.target/ and /krb5kdc.service/
Morgan Marodin wrote:
> Hi Rob.
>
> I've just tried to remove the group write to the *.db files, but it's
> not the problem.
I didn't expect it to be but you don't want Apache having write access
to your certs and keys.
> /[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
> NSSNick
Hi Robert,
No I did not cut it off there was no reason listed.. that was the last
line about the issue.
I did find this to be my issue however
https://bugzilla.redhat.com/show_bug.cgi?id=1262718 ... having our sat guys
see if they can pull the new selinux policy packages as I do not see them
Hi Rob.
I've just tried to remove the group write to the *.db files, but it's not
the problem.
*[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.confNSSNickname
Server-Cert*
I've tried to run manually *dirsrv.target* and *krb5kdc.service*, and it
works, services went up.
The same for *
Brian Candler wrote:
> On 16/11/2016 16:46, dan.finkelst...@high5games.com wrote:
>> I've seen some discussion in the (distant) past about disabling
>> anonymous binds to the LDAP component of IPA, and I'm wondering if
>> there's a preferred method to do it. Further, are there any known
>> problems
Morgan Marodin wrote:
> Hi Florence.
>
> Thanks for your support.
>
> Yes, httpd is using /etc/httpd/alias as NSS DB. And seems that all
> permissions and certificates are good:
> /[root@mlv-ipa01 ~]# ls -l /etc/httpd/alias/
> total 184
> -r--r--r-- 1 root root1345 Sep 7 2015 cacert.asc
>
Sean Hogan wrote:
> Hi Jakub,
>
> I ended up re-enrolling the box and it is behaving as expected except I
> am not getting a host cert. Robert indicated auto host cert no longer
> avail with rhel 7 but using the --request -cert option on enroll to get
> a host cert if I wanted one. I did so and ge
Hi all,
In my IPA 4.4 lab (RHEL 7.3), I'm trying to install/configure a new replica,
and I seem to be hitting something similar to #5412 [1].
The 'ipa-replica-install' is getting stuck on:
[4/26]: creating installation admin user
Dirsrv error logs on the new replica:
[17/Nov/2016:08:45:09.3
Hi Florence.
Thanks for your support.
Yes, httpd is using /etc/httpd/alias as NSS DB. And seems that all
permissions and certificates are good:
*[root@mlv-ipa01 ~]# ls -l /etc/httpd/alias/total 184-r--r--r-- 1 root
root1345 Sep 7 2015 cacert.asc-rw-rw 1 root apache 65536 No
On Thu, Nov 10, 2016 at 07:19:09PM +0800, Matrix wrote:
> Hi, Sumit
>
> I have checked, and did not find anything more:
>
> error logs from /var/log/dirsrv/slapd-EXAMPLE-NET/access:
> ...
> [10/Nov/2016:10:46:58 +] conn=816560 fd=189 slot=189 connection from
> 10.2.3.32 to 10.2.1.250
>
Excellent - thanks.
I was missing some forward statements for a few private segments.
Venlig hilsen
Bjarne Blichfeldt
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek
Sent: 16. november 2016 14:36
To: freeip
On 11/17/2016 12:09 PM, Morgan Marodin wrote:
Hello.
This morning I've tried to upgrade my IPA server, but the upgrade
failed, and now the service doesn't start! :(
If I try lo launch the upgrade manually this is the output:
/[root@mlv-ipa01 download]# ipa-server-upgrade
Upgrading IPA:
[1/8]:
On 16/11/2016 16:46, dan.finkelst...@high5games.com wrote:
I've seen some discussion in the (distant) past about disabling
anonymous binds to the LDAP component of IPA, and I'm wondering if
there's a preferred method to do it. Further, are there any known
problems with disabling anonymous binds
Hello.
This morning I've tried to upgrade my IPA server, but the upgrade failed,
and now the service doesn't start! :(
If I try lo launch the upgrade manually this is the output:
*[root@mlv-ipa01 download]# ipa-server-upgradeUpgrading IPA: [1/8]: saving
configu
20 matches
Mail list logo