[Freeipa-users] kdc.crt absent after upgrade from 4.4 to 4.5 (Scientific linux 7)

My kdc.crt has disappeared after a large number of problems with amn upgrade from 7.3 to 7.4 on my SL7 box (roughly equivalent to Centos). It is a vanilla installation with self-signed cerificates. I am aware of the permission errors in 4.5.0, but what I really need to know is what command to e

[Freeipa-users] Re: kdc.crt absent after upgrade from 4.4 to 4.5 (Scientific linux 7)

On to, 21 syys 2017, Niels Walet via FreeIPA-users wrote: My kdc.crt has disappeared after a large number of problems with amn upgrade from 7.3 to 7.4 on my SL7 box (roughly equivalent to Centos). It is a vanilla installation with self-signed cerificates. I am aware of the permission errors in

[Freeipa-users] Re: Solaris client proxyDN logins not working

Thank you again for assisting. I did a little more digging myself and realized something wrong about my /etc/pam.d/system-auth and /etc/pam.d/password-auth files. The auth line for pam_sss.so had both use_first_pass and forward_pass. It seems to me that these counter each other in some way. Once

[Freeipa-users] server setup in existing DNS zone

I'd like to set up a new FreeIPA instance with DNS, and I'd like to use a zone that already exists. My intention is to configure the ipa server, then delete the existing DNS zone and point NS records for that zone toward the ipa server. ipa-server-install fails when the domain given by --domain a

[Freeipa-users] Re: server setup in existing DNS zone

That's embarrassing. I noticed --allow-zone-overlap right after I sent that. I swear I looked for an option beforehand. Sorry for the noise. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-

[Freeipa-users] Re: ipa-server-install failing at wait_for_open_ports

Hey Eric, To me looks like either the /etc/hosts file is wrongly configured/dns server is not set to ipa or ipa ports are not open. M. On Wed, Sep 20, 2017 at 5:30 PM, Eric Scholwin via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Foolishly, I blew up my entire 4.4 on Centos 7

[Freeipa-users] Re: [Freeipa-users]Sudo Rules out of sync?!

Hey Jake, I recall having the same issue but don't remember the solution. Check the logs maybe you'll find something. Worst case you can always rejoin the ipa replicator and it will sync. M. On Tue, Sep 19, 2017 at 2:14 PM, Jake via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:

[Freeipa-users] Disabling 2FA on a single host

Hey Ipa list! Is there a way to disable 2FA for a particular host? I'm using PAM auth there for a webservice that does not have kerberos and it's annoying users to enter the 2FA every-time(so I want to make an exception) Thanks -- Best regards Maciej Drobniuch Network Security Engineer Collec