Hi,
I am attempting to run replication between Windows AD (2008R2) and a
FreeIPA (2.2.0) server (fc-17) in a test setup.
I have bound FreeIPA to the AD server 'sucessfully'
[root@ipa2 cacerts]# ipa-replica-manage connect --winsync --binddn
"CN=Administrator,CN=Users,DC=IPA,DC=100it,DC=net" -
Hello,
As SSSD (the System Security Services Daemon) is gaining ground as a
bridge between applications running on a machine and central
authentication sources such as Active Directory and FreeIPA, questions
about support for other authentication protocols start to come up. One
such protocol is RA
On 05/21/2012 05:16 PM, Erinn Looney-Triggs wrote:
> On 05/21/2012 01:00 PM, Jan-Frode Myklebust wrote:
>> If joining a machine to IPA automatically gives it a SSL keyset, it
>> seems silly to also join the puppetca for config management.
>>
>> Has anybody looked into using IPA-dogtag as CA for p
On 05/21/2012 04:30 PM, David Copperfield wrote:
> Hi all,
>
> Any one has successfully do a IPA replica promotion when IPA
> master(Hub) failed, by following the IPA replica document for 2.1.3
> and 2.2.0?
>
> I've tried at my side and see that all the steps involved are very
> confusing and may
Hello,
during troubleshooting why the creation of a replica crashes I realized that
there are database inconsistencies in my master server.
During ipa-replica-install the process terminated in step 21/29.
The master log showed the following error messages:
[18/May/2012:22:38:50 +0200] NSMMReplicat
tc...@eexchange.com wrote:
Hi,
I am trying to install freeipa 2.1.3-9 with external CA and it failed.
Any help is appreciated and thanks in advance!
[r...@ipa.dev.example.com ~]# ipa-server-install
--external_cert_file=/root/ipa.crt --external_ca_file=/root/ca.crt
The log file for this insta
David Copperfield wrote:
Hi all,
Any one has successfully do a IPA replica promotion when IPA master(Hub)
failed, by following the IPA replica document for 2.1.3 and 2.2.0?
I've tried at my side and see that all the steps involved are very
confusing and may be out-of-dated. my IPA master is ins
On 05/22/2012 06:08 AM, Marc Grimme wrote:
Hello,
during troubleshooting why the creation of a replica crashes I realized that
there are database inconsistencies in my master server.
During ipa-replica-install the process terminated in step 21/29.
The master log showed the following error messag
I'm on RHEL6.1 plain my relevant package versions are as follows:
# rpm -qa ipa* 389*
ipa-server-2.1.3-9.el6.x86_64
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-python-2.1.3-9.el6.x86_64
ipa-admintools-2.1.3-9.el6.x86_64
ipa-server-selinux-2.1.3-9.el6.x86_6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cc'ing group list back in for other opinions.
On 05/22/2012 03:38 PM, Rich Megginson wrote:
> On 05/22/2012 08:36 AM, Dmitri Pal wrote:
>> On 05/22/2012 10:10 AM, Rich Megginson wrote:
>>> On 05/22/2012 04:38 AM, Dmitri Pal wrote:
On 05/22/2012
Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cc'ing group list back in for other opinions.
On 05/22/2012 03:38 PM, Rich Megginson wrote:
On 05/22/2012 08:36 AM, Dmitri Pal wrote:
On 05/22/2012 10:10 AM, Rich Megginson wrote:
On 05/22/2012 04:38 AM, Dmitri Pal wrote:
For quite some time, we have used the sssd-devel mailing list for
development and user configuration issue discussions. As the project has
grown, it becomes more and more clear that we need to separate these
topics into their own lists.
So as of today, we now have a new mailing list for user quest
Hi,
My master is it seems dead and has been for a week, RH supprt cannot recover
it.so I need to move on and rebuild it.first it looks like I need to
promote my replica to be the master.
Do we have any good docs/procedures for the above?
regards
Steven Jones
Technical Specialist - Li
>From the 18.8.2 section point 2,
"[root@ipaserver ~]# pk12util -o /path/to/cacert.p12 -n "EXAMPLE.COM IPA CA" -d
/etc/
dirsrv/slapd-EXAMPLE-COM"
the -o option is the one below?
[root@vuwunicoipam001 ~]# find /etc/ -name cacert*
/etc/httpd/alias/cacert.p12
?
I think an explanation of what I
[root@vuwunicoipam001 ~]# pk12util -o /etc/httpd/alias/cacert.p12 -n
"ODS.VUW.AC.NZ IPA CA" -d /etc/dirsrv/slapd-ODS-VUW-AC-NZ/
Enter Password or Pin for "NSS Certificate DB":
I tried the directory manager password and the admin password and a blank.
keeps asking...no idea what it is...
:/
First of all, thanks for the help!
The /tmp/tmp-aZzm2V did not get remove. I am able to run the command per your
suggestion. I do see the our CA cert and IPA CA cert. The /root/ca.crt is our
root (private) ca cert (is not a chain). I have tested with a browser too and
it could not verify the ce
Steven Jones wrote:
From the 18.8.2 section point 2,
"[root@ipaserver ~]# pk12util -o /path/to/cacert.p12 -n "EXAMPLE.COM IPA CA" -d
/etc/
dirsrv/slapd-EXAMPLE-COM"
the -o option is the one below?
[root@vuwunicoipam001 ~]# find /etc/ -name cacert*
/etc/httpd/alias/cacert.p12
?
I think an e
Hi,
Yes I think they are what I put in subversion, basically between satellite and
the files below in subversion I should be able to build a complete basic IPA
server RHEL6.2 machinethe "interesting" bit is getting my master IPA
instance back.
=
[root@vuwunicoipam001 scripts]# pwd
tc...@eexchange.com wrote:
First of all, thanks for the help!
The /tmp/tmp-aZzm2V did not get remove. I am able to run the command per your
suggestion. I do see the our CA cert and IPA CA cert. The /root/ca.crt is our
root (private) ca cert (is not a chain). I have tested with a browser too an
Steven Jones wrote:
Hi,
Yes I think they are what I put in subversion, basically between satellite and the files
below in subversion I should be able to build a complete basic IPA server RHEL6.2
machinethe "interesting" bit is getting my master IPA instance back.
=
[root@vuwunico
20 matches
Mail list logo
