I'm trying to install freeipa-server on an ubuntu 16.04 box, fresh
install, but it keeps failing:
{0}:/etc/apt>lsb_release -r
Release:16.04
{0}:/etc/apt>dpkg -l | egrep -i 'slapd|ipa'
ii python-ipaddress 1.0.16-1
all Backport of Python 3 i
On Tue, Apr 25, 2017 at 02:43:11PM -0400, g...@greg-gilbert.com wrote:
> I saw this question come up way back in the archives, so I thought I'd
> ask to see if there's a better way to do it.
>
> Basically I want users who log into my servers that run the FreeIPA
> client to be given the local use
I recently had to upgrade all my Fedora IPA servers to C7. It went well,
and we've been up and running nicely on 4.4.0 on C7 for the past month
or so.
Today, someone came and asked me to generate a new certificate for their
web server. All was good until I went to the IPA UI and tried to perfo
I saw this question come up way back in the archives, so I thought I'd
ask to see if there's a better way to do it.
Basically I want users who log into my servers that run the FreeIPA
client to be given the local usergroup DOCKER. Is there a way to do
that? Is it controlled from the FreeIPA serve
Hello,
While using Fedora 25 we noticed smart card login is broken with the
latest update to SSSD. A month or so ago a patch was created to fix the
same issue. Here are some of the details:
Before Update:
sssd.x86_641.15.2-1.fc25sb1(was 1.15.2-1.fc25 before patch)
After Update:
s
On Tue, Apr 25, 2017 at 11:34 AM, Rob Crittenden wrote:
> I guess the only way to know for sure would be to try to duplicate it.
I'll basically be doing that anyway, since I just found that there's
some issue with password migrations too (there wasn't before, it was
working, so now I'm trying to
Steve Huston wrote:
> In the last of my testing before deployment, I had a replica server
> setup but things got out of sync somehow. Yesterday I severed the
> link with the two servers, reimaged the "bad" one, and did some poking
> around on the "good" one while I was at it (clearing out all of t
In the last of my testing before deployment, I had a replica server
setup but things got out of sync somehow. Yesterday I severed the
link with the two servers, reimaged the "bad" one, and did some poking
around on the "good" one while I was at it (clearing out all of the
real user data in anticip
DOH!!
I'm an idiot -- yep - I see what I was misreading. It can't find
python-zope-interface (which is required by python-zopy-component) and
*THAT* is the real error. The conflicts are just yum/rpm saying - "Hey,
there are other problems, but not related".
My bad - sorry to have troubled yo
FreeIPA conflicts shouldn't prevent installing of other packages. For me
it looks like "python-zope-interface" is missing.
On 25.04.2017 16:27, Kat wrote:
Yes- this comes after IPA is installed and running (this is actually a
client upgraded to a master-replica). Then trying to install
Let'sE
Yes- this comes after IPA is installed and running (this is actually a
client upgraded to a master-replica). Then trying to install
Let'sEncrypt gives the error:
yum install -y letsencrypt
That is when the conflict errors occur. The problem with "ignoring", is
that you can't force yum to just
Hello,
comments inline
On 25.04.2017 16:06, Kat wrote:
Hi all,
Trying to get letsencrypt working for an AWS instance of FreeIPA - and
run into an odd conflict I have not dealt with before. When trying to
install Let's Encrypt after a clean install of IPA, I am seeing:
--> Finished Depende
Hi all,
Trying to get letsencrypt working for an AWS instance of FreeIPA - and
run into an odd conflict I have not dealt with before. When trying to
install Let's Encrypt after a clean install of IPA, I am seeing:
--> Finished Dependency Resolution
Error: Package: python2-certbot-0.12.0-4.el7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Master IPA Server:
- - I install 1 (one) server as master (self-signed) and add/modify
using external CA.
- - I am using ipa-cacert-manage install then ipa-certupdate on master
Replica IPA Server:
- - I install 1 (one) server as client and p
On 04/24/2017 09:37 AM, Bjarne Blichfeldt wrote:
We had problems with one idm replica complaining about different ldap
database versions and at the same time errors on starting pki-tomcat. I
decided to delete the ipa server and reinstall.
The ipa server delete went without problems, but the rein
Hi,
As your email refers to self-signed and signed CA certificate, can you
please clarify the exact steps that you followed? It looks like
- you first installed FreeIPA with a self-signed CA
- you added an external CA (did you use ipa-cacert-manage install on 1
server then ipa-certupdate on al
On 24.04.2017 20:22, Dan Dietterich wrote:
I still think there is something wrong here.
You say that the DNSSEC reply is "just warning", but when I get that
warning, a subsequent trust-add fails every time. When I don't get the
warning, the trust-add works.
Therefore, the warning cannot j
17 matches
Mail list logo
