[Freeipa-users] Help: Suddenly not possible to mount nfs4 shares with sec=krb5i

2017-08-28 Thread Detlev Habicht via FreeIPA-users
Hello, i have setup an IPA server, NFS server with Samba and of course many clients. The server are running Scientific Linix 7.3, the clients Fedora 25, CentOS 7.3 and also SL 7.3. This was running well for one year. Last week - i think when new IPA patches arrived - we where not able to mount

[Freeipa-users] problem installing 3rd party(trusted cert)

2017-08-28 Thread Rob Morin via FreeIPA-users
Hello all... So i have a wildcard cert from geotrust. I am running freeipa V4.4 fresh install no users yet I downloaded and installed their GeoTrust Primary Certification Authority root cert from here --> https://www.geotrust.com/resources/root-certificates/ I ran this command to import it...

[Freeipa-users] Re: problem installing 3rd party(trusted cert)

2017-08-28 Thread Florence Blanc-Renaud via FreeIPA-users
On 08/28/2017 04:00 PM, Rob Morin via FreeIPA-users wrote: Hello all... So i have a wildcard cert from geotrust. I am running freeipa V4.4 fresh install no users yet I downloaded and installed their GeoTrust Primary Certification Authority root cert from here -->

[Freeipa-users] Re: CA install fails

2017-08-28 Thread pgb205 via FreeIPA-users
Rob, sorry to nag but did you hear anything from dogtag developers? Or instead of bothering you can I deal with them directly, maybe? thank you From: Rob Crittenden To: FreeIPA users list Cc: pgb 205 Sent:

[Freeipa-users] Re: Dead master, replica with no CA dying, need to migration to new machine.

2017-08-28 Thread Rob Crittenden via FreeIPA-users
Rob Morin via FreeIPA-users wrote: > The master is gone, has been for a year, the server exists, but ipa was > uninstalled with ip-server-install --uninstall command... so i only have this > replica, and i assume that re-installing it on the old server would mess > stuff up? Please don't try

[Freeipa-users] Re: AWS FreeIPA install killed ?

2017-08-28 Thread Felipe Barreto Volpone via FreeIPA-users
You can check here the hardware recommendations: https://access.redhat.com/documentation/en-US/Red_Hat_ Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_ Guide/installing-ipa.html#server-hw-recomendations On Mon, Aug 28, 2017 at 1:35 AM, Fraser Tweedale via FreeIPA-users

[Freeipa-users] Re: AWS FreeIPA install killed ?

2017-08-28 Thread Outback Dingo via FreeIPA-users
Ive actually got it deployed on a 4gb instance now. though how to do this properly with an internal ip different from the external.. somehow its kinda not right On Mon, Aug 28, 2017 at 4:54 PM, Felipe Barreto Volpone wrote: > You can check here the hardware

[Freeipa-users] User ID overrides staying persistent in cache for AD users

2017-08-28 Thread Eddleman, David via FreeIPA-users
So I've created a ID override on the IPA master called "TestShellView" to test out changing per-user requirements for shells. Verify the ID override on the master: [root@ipamaster01 ~]# ipa idoverrideuser-find TestShellView -- 1 User ID override matched

[Freeipa-users] Re: Certificate renewals with external CA

2017-08-28 Thread Rob Foehl via FreeIPA-users
On Mon, 19 Jun 2017, Rob Crittenden wrote: Rob Foehl wrote: On Thu, 15 Jun 2017, Rob Crittenden wrote: Rob Foehl wrote: Can I at least get a yes or no on whether external CA certificate renewal has ever been tested when that certificate is nearing expiration? Yes. I tested this with IPA