[Freeipa-users] Re: CA CRL not tracking any certificates. Normal?

ert cert-pki-ca" | grep Serial The other 3 are supposed to be different. After that, we move the CRL back to the original server, and assume everything is Ok. If anybody has any comments on this process, please do let the community know as I hope im not the only one with this problem. Kin

[Freeipa-users] Re: replication sync issues

Hi, Have you look at the reinitialize option rather than force-sync? At least, it is the option we always use. Best, -Original Message- From: Grant Janssen via FreeIPA-users Sent: mardi 30 octobre 2018 17:46 To: FreeIPA users list Cc: Grant Janssen Subject: [Freeipa-users] replicati

[Freeipa-users] Upgrade path in CentOS 7

Hi, Is it required to upgrade via every minor release of CentOS, say 7.2,7.3,7.4 etc to have a successful IPA upgrade, or can one also go from 7.2 to 7.6 directly? Any advice will be appreciated, Thanks, Chris ___ FreeIPA-users mailing list -- free

[Freeipa-users] Re: Upgrade path in CentOS 7

Perfect, thank you Francois. I was actually on that page, but must have been blind :) Thank you ! > On 4 Jul 2019, at 00:06, François Cami wrote: > > Hi, > > On Wed, Jul 3, 2019 at 11:37 PM Christophe TREFOIS via FreeIPA-users > wrote: >> >> Hi, >> >

[Freeipa-users] Re: OPENSTACK INSTEANCE AUTO REGISTER ON IPA SERVER DOMAIN

In my view, you should put the ipa-client-install parts in the user-data script and perhaps use the community templates of foreman as a starting point. https://github.com/theforeman/community-templates/blob/develop/provisioning_templates/user_data/kickstart_default_user_data.erb

[Freeipa-users] Re: No Login on GUI

Have you checked certificates ? https://www.freeipa.org/page/Certmonger#Get_a_list_of_currently_tracked_certificates Have you check Kerberos logs, Dirsv logs, Tomcat logs? https://www.freeipa.org/page/Troubl

[Freeipa-users] Re: FreeIPA/IdM versions on RHEL8

There is difference between ipa-client and ipa-server. > On 6 Dec 2019, at 18:32, Vinícius Ferrão via FreeIPA-users > wrote: > > Hi Christian > >> On 6 Dec 2019, at 14:04, Christian Heimes via FreeIPA-users >> > > wrote: >> >> On 06/12/2019 17.48,

[Freeipa-users] Re: Sequence rollover

Dear all, Does anybody have any insights to give us ? Thanks a lot, Christophe From: Sarah PETER via FreeIPA-users Sent: mercredi 18 décembre 2019 10:19 To: FreeIPA users list Cc: Sarah PETER Subject: [Freeipa-users] Sequence rollover Dear all, since a few days we get the following message

[Freeipa-users] Upgrade from CentOS 7.3 to 7.4 - Safe?

. Christophe Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 6, avenue du Swing L-4367 Belvaux T: +352 46 66 44 6124 F: +352 46 66 44 6949 http://www.uni.lu/lcsb <ht

[Freeipa-users] Re: Upgrade from CentOS 7.3 to 7.4 - Safe?

Hi, How did you proceed? One by one just a yum update on all pending packages? -- Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 6, avenue du Swing L-4367 Belvaux T: +352

[Freeipa-users] Re: /etc/httpd/alias not getting renewed cert

From that I know you could trigger a refresh by restarting certmonger. > On 9 Jul 2018, at 07:38, Thomas Letherby via FreeIPA-users > wrote: > > Hello Fraser, > > As I've been playing around with this before I dig in further I pulled the > expiry for the certificates across all the places I k

[Freeipa-users] Re: sss_ssh_authorizedkeys slow on IPA-server

Have you check authentication source order in nsswitch.conf ? Maybe there it hit some timeout or so. From: Winfried de Heiden via FreeIPA-users Sent: dimanche 9 février 2020 13:55 To: freeipa-users@lists.fedorahosted.org Cc: Winfried de Heiden Subject: [Freeipa-users] sss_ssh_authorizedkeys sl

[Freeipa-users] Re: 2 factor authentication in Freeipa

Does this help ? https://blog.delouw.ch/2014/07/13/using-otp-tokens-and-2fa-with-freeipa-4-0/ The only inconvenience is that people have to paste the password + otp in the same line and enter in the password field. -Original Message- From: dmitriys via FreeIPA-users Sent: Tuesday, 31

[Freeipa-users] Is FreeIPA affected by log4shell?

Hi, We checked the RHEL advisories, and saw that RHEL 7 and 8 seem not impacted by log4shell and RedHat IDM is not explicitly mentioned neither as being safe nor as being vulnerable. Seeing as pki-tomcat is being used, we found these versions of log4j on the CA master nodes. log4j

[Freeipa-users] Is FreeIPA affected by log4shell?

Hi, We checked the RHEL advisories, and saw that RHEL 7 and 8 seem not impacted by log4shell and RedHat IDM is not explicitly mentioned neither as being safe nor as being vulnerable. Seeing as pki-tomcat is being used, we found these versions of log4j on the CA master nodes. log4j

[Freeipa-users] Re: CVE-2021-44228 log4j2 Vulnerbility | FreeIPA version 4.6.8

Shouldn’t it be up to the solution provider to answer this question rather than leave it up to the user? pki is part of freeipa, it’s not my choice to install it. We will check over at pki-ca anyway. Thanks > > On 13 Dec 2021, at 08:08, Alexander Bokovoy via FreeIPA-users > wrote: > > 

[Freeipa-users] Re: CVE-2021-44228 log4j2 Vulnerbility | FreeIPA version 4.6.8

Gotcha. The replies came in in parallel. Thanks for the details Alexander ! Sent from my iPhone Team Leader R3 > On 13 Dec 2021, at 08:32, Alexander Bokovoy wrote: > > On ma, 13 joulu 2021, Christophe Trefois wrote: >> Shouldn’t it be up to the solution provider to answe