Hi Guys,
Is there a proven way to set the WebGui cert back to a self signed one
? I have installed an expired 3rd party certificate and want to move
back to a selfsigned cert and later on to an letsEncrypt one.
Setting back the time before the expiration of the certificate on the
server would be
I'm trying to install an Let's Encrypt certificate using the setup-le.sh script
provides by the freeipa github repo.
It all goes fine but it finishes/stops with:
ipa: INFO: Systemwide CA database updated.
ipa.ipaclient.install.ipa_certupdate.CertUpdate: INFO: The ipa-certupdate
command was succ
Does this still exists ? I have the same on a 4.6.1 install, ipa-certupdate
seems to fail.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
I can update this with the fact that an install with 4.5.4-0.fc26 goes well on
F26!
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi guys,
I thought by default (because of security reasons) it was not possible
to get back from a login if the useraccount exists when you login but
it was possible to make some setting to have this available.
Is someone able to tell me how to do this so my ldap clients het back
the right status
Hi Florence,
Sorry for my late response but that was indeed an option and I tried already to
set back the time which worked but failed after a couple of times. I got the
info out which I needed as it was a testbox so I installed a new one after all!
Thanks for the headsup!
Cheers,
Matt
__
I have solved this by some statuscodes.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
I try to add a user using a principal where has been received a keytab for, the
user and it's group are owner, chmod is 600 as it should be. The user can
create a valid credential using this keytab.
When I call the user_add command I get the following error.
Array
(
[error] => Array
Hi,
Happy and Healty 2018 first of all!
I have something strange on:
# ipa --version
VERSION: 4.5.4, API_VERSION: 2.228
Forwarders are not working when they are enabled but when I disable them they
work perfectly fine. What kind of strange thing is this ?
__
Hi Guys,
Comparing to the great demo of Ab:
https://github.com/abbra/freeipa-userstatus-plugin I was wondering if someone
created something like it but for a simple textfield as well.
Reinventing the wheel is not good so maybe someone has a working example/plugin.
Thanks!
Matt
___
HI Martin,
I disabled them from the GUI.
What do you want to know about the config ?
Cheers,
Matt
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
I need to retest it but what I did was:
- Create forward only zone for a subdomain
- Add the delegation for the subdomain to the parent
Nslookups did not work.
I disabled the forward zone and it started to work.
___
FreeIPA-users mailing list -- freeip
I checked that all but it was no solution.
As the forwarded subdomain had a parent I think I needed the delegation anyways.
I need to setup another test for it but I'm pretty sure the same happens. Can
you check if it's a bug or so ?
___
FreeIPA-users
HI guys.
I'm having an issue with my private PEN when I want to add an objectclass and
an attribute with the following ldif (9 is a replacement for my private PEN
registered at Iana)
The following output is what I get:
modifying entry "cn=schema"
ldap_modify: Invalid syntax (21)
ad
Hello,
I'm facing an issue on my IPA server (currently 4.6.1, same happened on 4.5.4)
with kerberos tickets. As was investigating this and tried to add a server
with a admin ticket I get the following on and the IPA server itself and on a
client with freeipa-admintools as well:
$kinit admin
$
Hi,
It seems my test-server was borked but I have no clue why as nothing fancy was
done on it.
WIll update this when something like the same happens again.
Cheers,
Matt
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubsc
Hi Guys,
I have some strange issue where FreeIPA 4.6.1 accepts telnet connections on
port 636 but no bind. Both are successful on 389.
This didn't happen on 4.5.4.
Any idea ?
Thanks,
Matt
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorah
Hi,
I needed to respond on this one, sorry for my delay.
I were Forward Zones with Zone Forwarders. I finally fixed it all with
delegation, or am I wrong here ?
Thanks,
Matt
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To un
Which details do you need ?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
On a fresh installed IPA server where I do a backup and restore right after
installation I get:
a bytes-like object is required, not 'str'
The ipa-restore command failed. See /var/log/iparestore.log for more information
2018-01-23T04:05:29Z DEBUG stderr=
2018-01-23T04:05:29Z DEBUG Creating log d
Hi,
Thanks, you got me in the right direction as well!
Cheers,
Matt
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
HI Guys,
I have added my own userattribute which works perfectly fine from the webgui
and the cli but not using the API where I get this error from as response:
3005 Unknown option:
I thought this would lineup easily, what goes wrong ?
Thanks,
Matt
___
Hi,
Yes Fedora 27, not sure if I had the same on the latest 4.5.4 on F26 as that
installed was broked in some strange way without any changes and has kinda the
same issue I thought.
What I run now on F27 is:
# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base
freeipa-serve
Hi Christian,
Thanks for the heads up!
I will remove that part of code, that will fix it for the time being!
Cheers,
Matt
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.
OK, I'm not really getting further with this, this is how far I got:
from ipaserver.plugins.user import user
from ipaserver.plugins.user import user_add
from ipalib import api, cli, Str, _
def your_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
No-one a clue about this ?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi,
I can do!
Can it be that the certificate, self signed, is more of a security issue now
and that causes the problem ? In the past I was able to use a selfsigned one
for internal tests.
Cheers,
Matt
___
FreeIPA-users mailing list -- freeipa-users@
Hi Guys,
When you have a subdomain with hosts in it is it possible to change
that subdomain in a simple way ?
Normal DNS server can do but as LDAP is involved I hope this is
possible as well!
Thanks,
Matt
___
FreeIPA-users mailing list -- freeipa-user
28 matches
Mail list logo