On 01/16/2013 06:50 PM, Rob Crittenden wrote:
We really need to put a big fat warning on this too: there be dragons.
It is really meant for v1 servers where we didn't have a full CA. The CA is
really integrated into IPA v2+ such that replacing certs is going to cause
some amount of grief (as yo
Orion Poplawski wrote:
On 01/16/2013 06:50 PM, Rob Crittenden wrote:
We really need to put a big fat warning on this too: there be dragons.
It is really meant for v1 servers where we didn't have a full CA. The
CA is
really integrated into IPA v2+ such that replacing certs is going to
cause
som
On 01/17/2013 09:27 AM, Rob Crittenden wrote:
Orion Poplawski wrote:
But then on ipa-replica-install, problems as predicted:
ipa-replica-install --setup-ca
/var/lib/ipa/replica-info-ipapub.cora.nwra.com.gpg
...
[16/30]: configuring ssl for ds instance
creation of replica failed: Could not fi
On 01/17/2013 09:49 AM, Orion Poplawski wrote:
On 01/17/2013 09:27 AM, Rob Crittenden wrote:
Orion Poplawski wrote:
But then on ipa-replica-install, problems as predicted:
ipa-replica-install --setup-ca
/var/lib/ipa/replica-info-ipapub.cora.nwra.com.gpg
...
[16/30]: configuring ssl for ds i
On 01/17/2013 09:49 AM, Orion Poplawski wrote:
Anyway, tried again and now:
Configuring Kerberos KDC: Estimated time 30 seconds
[1/9]: adding sasl mappings to the directory
[2/9]: writing stash file from DS
[3/9]: configuring KDC
[4/9]: creating a keytab for the directory
[5/9]:
I assigned an IPA user account the "HostEnrol" role and run
"ipa-client-install",
when it got to this "User authorized to enroll computers:", I used that account,
then got following:
Joining realm failed: No permission to join this host to the IPA domain.
Installation failed. Rolling back changes
Qing Chang wrote:
I assigned an IPA user account the "HostEnrol" role and run
"ipa-client-install",
when it got to this "User authorized to enroll computers:", I used that
account,
then got following:
Joining realm failed: No permission to join this host to the IPA domain.
Installation failed. Ro
On 17/01/2013 1:42 PM, Rob Crittenden wrote:
Qing Chang wrote:
I assigned an IPA user account the "HostEnrol" role and run
"ipa-client-install",
when it got to this "User authorized to enroll computers:", I used that
account,
then got following:
Joining realm failed: No permission to join this
Qing Chang wrote:
On 17/01/2013 1:42 PM, Rob Crittenden wrote:
Qing Chang wrote:
I assigned an IPA user account the "HostEnrol" role and run
"ipa-client-install",
when it got to this "User authorized to enroll computers:", I used that
account,
then got following:
Joining realm failed: No permi
Orion Poplawski wrote:
On 01/17/2013 09:27 AM, Rob Crittenden wrote:
Orion Poplawski wrote:
But then on ipa-replica-install, problems as predicted:
ipa-replica-install --setup-ca
/var/lib/ipa/replica-info-ipapub.cora.nwra.com.gpg
...
[16/30]: configuring ssl for ds instance
creation of repl
On 01/17/2013 12:54 PM, Rob Crittenden wrote:
Orion Poplawski wrote:
It seems like a most of the problems would be alleviated if instead of
wiping out the old NSS dbs, it simply added the new certs. I don't know
if there are any other security implications of this or not.
Yes, that is probab
On 17/01/2013 2:40 PM, Rob Crittenden wrote:
Qing Chang wrote:
On 17/01/2013 1:42 PM, Rob Crittenden wrote:
Qing Chang wrote:
I assigned an IPA user account the "HostEnrol" role and run
"ipa-client-install",
when it got to this "User authorized to enroll computers:", I used that
account,
the
Apologies if this has been covered elsewhere, I looked through a few months of
archives and the documentation and didn't find anything.
What's the best OS to build a production FreeIPA instance on? It seems like
Fedora has more recent versions in their repositories (CentOS is still at
2.2.0),
On 01/17/2013 05:45 PM, Brian Topping wrote:
> Apologies if this has been covered elsewhere, I looked through a few months
> of archives and the documentation and didn't find anything.
>
> What's the best OS to build a production FreeIPA instance on? It seems like
> Fedora has more recent versio
14 matches
Mail list logo