Not sure if this meets you definition of cluster or not but all of our IdM
servers are VMs. We have a multi-master set with standard replication. I
have IdM servers 2 in one location with 1 serving as DNS CA, LDAP, etc and
a second serving SMB shares and backing up the LDAP services. Across
My servers are centos but here is the script we run.
CENTOS
authconfig --enableldap \
--enableldapauth \
--ldapserver=servername.internal.com \
--ldapbasedn="cn=users,cn=accounts,dc=internal,dc=com" \
--enablemkhomedir \
--update
On Mon, Jan 29, 2018 at 4:51 PM, Kristian Petersen
Sounds like oddjobd isn't installed/configured.
On Mon, Jan 29, 2018 at 3:23 PM, Kristian Petersen via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> I am trying to set up a workstation running RHEL 7 with Gnome graphical
> environment. I have enrolled this machine as a client
First off thanks to everyone who makes FreeIPA. Its an awesome product that
we love.
We're working at breaking our application up into micro services and using
docker containers and deployment automation. As part of this I have a
deploy user in IPA and a rundeck server that performs tasks as this
I'm trying to deploy 2 new VMs which will be docker hosts. Our base
template is ubuntu 16.04 last patched on 1.2.18. The process is to spin up
a new VM from the template and then patch it, assign IP, and add to free
ipa domain - all steps which occurred without error. However, I'm not able
to ssh
has a bad date for
this certificate and if its related to the above error, how to rectify the
situation?
Thanks,
Jeff
On Tue, Mar 26, 2019 at 6:17 AM Fraser Tweedale wrote:
> On Mon, Mar 25, 2019 at 01:37:00PM -0400, Rob Crittenden via FreeIPA-users
> wrote:
> > Jeff Goddard v
RSA Public Key:
Modulus:
Jeff
On Tue, Mar 26, 2019 at 10:56 AM Florence Blanc-Renaud
wrote:
> On 3/26/19 2:12 PM, Jeff Goddard via FreeIPA-users wrote:
> > Fraser,
> >
> > My thanks to both Rob and you for responding. When I check the status of
> > th
Flo,
That seems to have resolved everything. I'll note that in the future CA
renewals are best done on the renewal master and hopefully avoid this
situation.
Thanks,
Jeff
On Tue, Mar 26, 2019 at 11:29 AM Florence Blanc-Renaud
wrote:
> On 3/26/19 4:04 PM, Jeff Goddard via FreeIPA-users wr
Hello everyone and thanks for providing the FreeIPA platform.
I've got a situation where I have 4 FreeIPA peer servers, with 2 of them
being CAs with replication configured. These are split into 2 physical
locations with 1 CA per site. I was testing renewal of the
"nickname='subsystemCert
Hi,
I find myself in situation described in this thread:
https://serverfault.com/questions/716556/freeipa-ldap-refuse-auth-for-users-with-expired-password
Basically we have enabled the FreeIPA LDAP back end to authenticate our
uses to various web applications (Confluence, jira, rundeck, etc.) as
Hi everyone,
Yesterday I updated our (Centos 7) Freeipa servers and it seems that now
the samba shares hosted on one of them is no longer accessible. I've done
some reading and see that authentication now requires the winbind package
to be running, and in our case it is, but I'm still not able to
I was able to just bring up a snapshot of the original server and then
update but exclude the samba packages.
On Thu, Jan 24, 2019 at 11:09 AM Jeff Goddard wrote:
> Hi everyone,
>
> Yesterday I updated our (Centos 7) Freeipa servers and it seems that now
> the samba shares hosted on one of them
Hello again,
We're using salt for automation and have created a salt service account for
the express permissions of joining machines to our domain. This user has
been assigned the "Enrollment Administrator" roll but when attempting to
join clients the log output is as follows:
Client hostname:
On Wed, Feb 12, 2020 at 1:10 PM Rob Crittenden wrote:
> Jeff Goddard via FreeIPA-users wrote:
> > Hello again,
> >
> > We're using salt for automation and have created a salt service account
> > for the express permissions of joining machines to our domain. This
Class: ipausergroup
>>>>> objectClass: ipaobject
>>>>> objectClass: groupofnames
>>>>> objectClass: posixgroup
>>>>> objectClass: ipantgroupattrs
>>>>> ipaUniqueID: ff523b2a-ee38-11ed-8374-fa163eaf69aa
>>>>> gidN
*cn=compat*,dc=ipa,dc=test
>>> dn: cn=mygroup,cn=groups,cn=compat,dc=ipa,dc=test
>>> objectClass: posixGroup
>>> objectClass: ipaOverrideTarget
>>> objectClass: ipaexternalgroup
>>> objectClass: top
>>> gidNumber: 205400095
>>> *mem
16 matches
Mail list logo