On ke, 29 maalis 2017, Chris Herdt wrote:
I'm curious as to why HTTP (port 80) is needed for IPA server
replication, particularly since HTTPS (port 443) is also used. What
unencrypted data is exchanged?
Because you need to access OCSP endpoint without going into chicken and
egg problem of trusti
I'm curious as to why HTTP (port 80) is needed for IPA server
replication, particularly since HTTPS (port 443) is also used. What
unencrypted data is exchanged?
Chris
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http
On 03/29/2017 02:05 PM, Josh wrote:
> Hi Mark,
>
> Thanks for responding.
>
> Essentially I would like to change access log file size from 100Meg to
> 10Meg and change number of log files down to 5 for example.
All you need to do is something like:
ldapmodify -p PORT -h HOST - D "cn=directory m
Hi Mark,
Thanks for responding.
Essentially I would like to change access log file size from 100Meg to
10Meg and change number of log files down to 5 for example.
Regards,
Josh.
On 03/29/2017 10:30 AM, Mark Reynolds wrote:
On 03/28/2017 07:48 PM, Josh wrote:
Greetings,
I wonder if possi
barry...@gmail.com wrote:
> Hi all:
>
> 9444 port can be telnet ...Any idea ? the log show below as I don't have
> more idea... If I plan to
> migrate to same version of server what I have to copy ? as I saw
> step of migration also similar to replica so now stuck on the steps.
> Any Manual copy s
On 03/28/2017 07:48 PM, Josh wrote:
> Greetings,
>
> I wonder if possible to use 389-console with default IPA installation
> on REHL 7.
This should be technically possible, but it has its risks... You would
need to install the 389-admin/console packages, then you would have to
register your DS i
Thanks jochen for your response!
So far, we could quite well identify whos the master and the replica and
identify how and where we should re-initialize.
Still there is good news at our side, we could further identify an issue and by
fixing that (see below) also remove the replica and reinstall
I saw as I was working through it, and it's in fact what I did.
Migrating the last server to CentOS right now.
Thanks for the help!
On 03/29/2017 09:53 AM, Rob Crittenden wrote:
Bret Wortman wrote:
Never mind. Lost my mind.
ipa-replica-install followed by ipa-ca-install appears to be the ti
Bret Wortman wrote:
> Never mind. Lost my mind.
>
> ipa-replica-install followed by ipa-ca-install appears to be the ticket.
Or you can do it in one step by passing --setup-ca to ipa-replica-install
rob
>
>
> Bret
>
>
> On 03/29/2017 06:22 AM, Bret Wortman wrote:
>>
>> I've tried googling b
Hi, can anybody help me with extending the FreeIPA Server? I have few custom
attributes in DS schema. I would like to be able to change the new attributes
added via the JSON API and thus via the CLI tool.
Today I updated from version ipa-server-4.2.0 to ipa-server-4.4.0 from standart
RHEL repo
Never mind. Lost my mind.
ipa-replica-install followed by ipa-ca-install appears to be the ticket.
Bret
On 03/29/2017 06:22 AM, Bret Wortman wrote:
I've tried googling but keep coming up with beer recipes.
How do you suggest adding the replica CA? I'm piecing together the
options I want o
I've tried googling but keep coming up with beer recipes.
How do you suggest adding the replica CA? I'm piecing together the
options I want on my ipa-server-install command and am trying to
understand the CA-related options.
Thanks!
Bret
On 03/28/2017 08:45 AM, Bret Wortman wrote:
I'm st
On 2017-03-29 11:06, Alexander Bokovoy wrote:
On ke, 29 maalis 2017, Ronald Wimmer wrote:
[...]
Read
http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain
There are also higher level description at
http://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/
Thanks a
On ke, 29 maalis 2017, Ronald Wimmer wrote:
Hi,
the documentation states "[...] Client machines do not need to be in
the same domain as FreeIPA servers. For example, FreeIPA may be a
domain ipa.example.com and clients in domain clients.example.com,
there just need to be a clear mapping betwee
Hi,
yesterday I suddenly was unable to use the webinterface of my ipa
master. SSH login (with root user) did not work also.
When I uncommented the setting "memcache_timeout = 600" in the sssd
config file of the master everything seemed to work fine again. (my ipa
setup has a trust to AD)
C
Hi,
the documentation states "[...] Client machines do not need to be in the
same domain as FreeIPA servers. For example, FreeIPA may be a domain
ipa.example.com and clients in domain clients.example.com, there just
need to be a clear mapping between DNS domain and Kerberos realm. [...]"
Can
On Tue, Mar 28, 2017 at 11:59:27AM -0500, Jason B. Nance wrote:
> Hello,
>
> I'm using AD trusts with FreeIPA 4.4.0 and am having a heck of a time with
> strange behavior. Some examples include:
>
> - Trust user's home directory sporadically getting set to '/' instead of
> /home/domain/user
>
On Tue, Mar 28, 2017 at 11:59:27AM -0500, Jason B. Nance wrote:
> My other question is if there is a way to pin down a client to
> [temporarily] use a specific IPA server
using the ipa_server directive in sssd.conf
> and specific AD server (even if
> it means a firewall rule that only allows the
18 matches
Mail list logo
