It works!
Thanks for your support.
Anyway, I will try to update againt mod_nss package! :D
Bye!
2016-11-18 15:21 GMT+01:00 Morgan Marodin :
> A little good news.
>
> Downgrading the *mod_nss* RPM package, and restoring the original
> */etc/httpd/alias* folder, *ipa-server-upgrad
4:43.207460 2016] [:info] [pid
18673] Connection to child 2 closed (server mlv-ipa01.ipa.mydomain.com:443
<http://mlv-ipa01.ipa.mydomain.com:443>, client 192.168.0.252)*
How do you suggest to go on with my issue?
Thanks, Morgan
2016-11-18 12:11 GMT+01:00 Morgan Marodin :
> I've tried
-Cert*
Where is stored the key certificate file?
Thanks, Morgan
2016-11-18 10:39 GMT+01:00 Florence Blanc-Renaud :
> On 11/18/2016 10:04 AM, Morgan Marodin wrote:
>
>> Hi Florence.
>>
>> I've tried to configure the wrong certificate in nss.conf (/ipaCert/),
>
ver-Cert* from */etc/httpd/alias* and reimport it
from the original certificates of *mlv-ipa01.ipa.mydomain.com
<http://mlv-ipa01.ipa.mydomain.com>*?
Where are stored the original certificates?
Please let me know, thanks.
Bye, Morgan
2016-11-17 17:09 GMT+01:00 Florence Blanc-Renaud :
> On
rt
u,u,uipaCert
u,u,uIPA.PEDONGROUP.COM <http://IPA.PEDONGROUP.COM> IPA
CA
CT,C,CServer-Cert Pu,u,u*
What's the error message in bold?
And why trust flags are set different from ones specified?
Thanks, Morgan
2016-11-17 17:36 GMT+01:00 Mo
10:15:34
2015Not After : Thu Sep 07 10:15:34 2017*
Could it be a good idea to export and re-import all certs from
*/etc/httpd/alias* folder?
Thanks
2016-11-17 17:07 GMT+01:00 Rob Crittenden :
> Morgan Marodin wrote:
> > Hi Rob.
> >
> > I've just tried t
deas?
Please let me know, thanks.
Morgan
2016-11-17 16:11 GMT+01:00 Rob Crittenden :
> Morgan Marodin wrote:
> > Hi Florence.
> >
> > Thanks for your support.
> >
> > Yes, httpd is using /etc/httpd/alias as NSS DB. And seems that all
> > permissions and certif
ced start in case that a non-critical service failedNov 17
15:05:14 mlv-ipa01 ipactl: Aborting ipactlNov 17 15:05:14 mlv-ipa01 ipactl:
Starting Directory ServiceNov 17 15:05:14 mlv-ipa01 ipactl: Starting
krb5kdc ServiceNov 17 15:05:14 mlv-ipa01 ipactl: Starting kadmin ServiceNov
17 15:05:14 mlv-ipa01 ipac
Hello.
This morning I've tried to upgrade my IPA server, but the upgrade failed,
and now the service doesn't start! :(
If I try lo launch the upgrade manually this is the output:
*[root@mlv-ipa01 download]# ipa-server-upgradeUpgrading IPA: [1/8]: saving
configu
Fri, Nov 27, 2015 at 06:16:51PM +0100, Morgan Marodin wrote:
> > Yes:
> > --
> > # ls -l /var/lib/sss/pubconf/krb5.include.d/
> > total 8
> > -rw-r--r-- 1 root root 208 Nov 27 17:37 domain_realm_ipa_mydomain_com
> > -rw-r--r-- 1 root root 118 Nov 27 17
27, 2015 at 05:35:42PM +0100, Morgan Marodin wrote:
> > Hi Sumit.
> >
> > I don't know why, but now kerberos ticket authentication is working on
> 6.7
> > clients.
> > On 7.2 clients now password authetications with Active Directory
> > credentials is workin
12:52 2015) [sssd] [sbus_remove_timeout] (0x2000):
0x7fad1ed50420
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn:
0x7fad1ed4afb0
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd] [ping_check] (0x0100): Service pac
replied to ping
-
Hi everyone.
After updating my FreeIPA server to 7.2 OS version (it's a RHEL like
distribution) I've some problems authenticating with Active Directory
credentials.
Testing it on 6.7 OS clients it works using Windows password, but using
ticket kerberos it doesn't work.
Testing it on 7.2 client i
Now is working, with the same configuration ...
Could it be possibile some delay on the trust if the AD group was a new one?
Thanks, Morgan
2015-09-14 11:35 GMT+02:00 Sumit Bose :
> On Mon, Sep 14, 2015 at 11:16:57AM +0200, Morgan Marodin wrote:
> > Ok, but now I've an
organ
2015-09-14 9:48 GMT+02:00 Alexander Bokovoy :
> On Mon, 14 Sep 2015, Morgan Marodin wrote:
>
>> The Pro edition.
>>
>> I've solved my connection problem, I have to specify manually the
>> username (
>> name.surname@ad_domain.com) with Microsoft SSP
GMT+02:00 Alexander Bokovoy :
> On Fri, 11 Sep 2015, Morgan Marodin wrote:
>
>> Hi everyone.
>>
>> I've seen these guides:
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-ssh.html
>>
&
Hi everyone.
I've seen these guides:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-ssh.html
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/trust-ssh.html
https://www.dalemacartney.com/2013/08/30/single-sign-on-sso-w
n Wed, 09 Sep 2015, Morgan Marodin wrote:
>
>> Hi Alexander
>>
>> IPv6 stack is disabled on my RHEL like distro, v 7 x64, but is enable on
>> my
>> WIndows 2012.
>> I have read in a freeipa article to disable IPv6.
>>
> Sorry, and why you did decide t
will tell you if it is ok.
Thanks, Morgan
2015-09-09 18:53 GMT+02:00 Alexander Bokovoy :
> On Wed, 09 Sep 2015, Morgan Marodin wrote:
>
>> Hi Alexander
>>
>> IPv6 stack is disabled on my RHEL like distro, v 7 x64, but is enable on
>> my
>> WIndows 2012.
>&
ks.
Morgan
2015-09-09 16:01 GMT+02:00 Alexander Bokovoy :
> On Wed, 09 Sep 2015, Morgan Marodin wrote:
>
>> Hi Alexander.
>>
>> Ok, after enabling debugging I have these logs:
>> ---
>> ==> /v
bindd/idmap.c:202(idmap_init_domain)
idmap range not specified for domain *
:( Morgan
2015-09-08 15:21 GMT+02:00 Alexander Bokovoy :
> On Tue, 08 Sep 2015, Morgan Marodin wrote:
>
>> I've solved this error, reading this forum:
>> https://www.redhat.com/archives/freeipa-u
. 2702 IN A 192.168.0.31
dc02.mydomain.com. 2702 IN A 192.168.0.15
d.root-servers.net. 78287 IN A 199.7.91.13
;; Query time: 1203 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 08 15:33:12 CEST 2015
;; MSG SIZE rcvd: 399
I've solved this error, reading this forum:
https://www.redhat.com/archives/freeipa-users/2015-July/msg00247.html
But now when I try to trust to my Active Directory I see these errors:
# ipa trust-add --type=ad mydomain.com --admin Administrator --password
Active Directory dom
23 matches
Mail list logo
