[Freeipa-users] Re: Update signing certificate

How are you issuing the certs for the clients? Are they signed by the same certificate chain that signed the IPA certificate? Did you install the CA certificate chain as trusted CA on the clients? On Thu, Jul 13, 2017 at 2:27 AM, Jeff Fouchard via FreeIPA-users <

[Freeipa-users] Re: still unable to renew certificates - deep trouble

On Wed, Jul 12, 2017 at 05:37:54PM +0200, Karl Forner via FreeIPA-users wrote: > Hello, > > I'm getting desperate, I'm still unable to fix my expired certificates on > my freeIPA master. > > Summary: > >- I discovered that my web ui SSL certificate had expired. >- the certificate

[Freeipa-users] can not restart httpd service after certificate renewal

Hello, Today I realized that the https certificate for my freeipa web ui has expired. I tried to renew it using: #ipa-cacert-manage renew Renewing CA certificate, please wait CA certificate successfully renewed The ipa-cacert-manage command was successful So it seemed to went well. I tried to

[Freeipa-users] Re: HBAC rules / ssh keys for AD users not working right away

What was the IPA version you used? It might be not related, but when i upgraded sssd to 1.15.2-5 ssh doesn't work for me neither on the FreeIPA server, nor on the clients. What's more strange, getent passwd for AD users doesn't work for the clients, although it works for the server.

[Freeipa-users] Re: can not restart httpd service after certificate renewal

I think the problem is that the web UI certificate is not tracked by Certmonger. I compared with my replica server which seems alright: master server (with expired certificate): # ipa-getcert list Number of certificates and requests being tracked: 7. Request ID '20150826135329': status:

[Freeipa-users] Re: HBAC rules / ssh keys for AD users not working right away

> On Thu, Jul 06, 2017 at 02:29:34PM -, bogusmaster--- via FreeIPA-users > wrote: > > > The ipa-client gets all its data from the IPA server and for efficiency > the lookup on the server goes via the SSSD cache on the server. > > While on the client during authentication the user data is

[Freeipa-users] Re: [Freeipa-users]FreeIPA-users mailing list archive broken?

The list was migrated to Fedora Hosted. (note the footer on messages and how the posting address is @fedorahosted.org) https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ - Original Message - From: "John Morris via FreeIPA-users"

[Freeipa-users] Re: HBAC rules / ssh keys for AD users not working right away

On 13 July 2017 at 00:48, bogusmaster--- via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > On Thu, Jul 06, 2017 at 02:29:34PM -, bogusmaster--- via > FreeIPA-users wrote: > > I have verified that hint. I've stopped sssd daemon, cleared the cache and > started it back again.

[Freeipa-users] FreeIPA-users mailing list archive broken?

Seems the mailing list archives stopped working in mid-May: https://www.redhat.com/archives/freeipa-users/ John ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to