hi,
This might save some time to someone, so let me post it to the list.
TLDR, when using php to connect to an AD ldaps host using ADCS from IPA
joined hosts modify /etc/openldap/ldap.conf or $HOME/.ldaprc and change the
TLS_CACERT environment variable to
TLS_CACERT /etc/pki/ca-trust/extracted/pe
On 12.9.2014 10:57, Renier Gertzen wrote:
Hi
Before starting IPA install i did "yum -y intstall bind*". I think that did it.
Regards,
On Fri, 2014-09-12 at 10:43 +0200, Petr Spacek wrote:
Hello!
On 12.9.2014 09:39, Renier Gertzen wrote:
Issue resolved in the following manner
I saved copi
Hello,
On Thu, 11 Sep 2014 16:12:40 +0200
Jakub Hrozek wrote:
> On Wed, Sep 10, 2014 at 09:58:27PM +, Trevor T Kates (Services -
> 6) wrote:
> > Hi all:
> >
> > I'm using FreeIPA 3.0 under CentOS 6.5 and I'm trying to solve a
> > bit of a quirky problem. From what I've read thus far, sudo u
hi,
Centos 6.5.
I want to create a certificate request for our mysql servers. I came up
with this command line:
$ sudo /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname
--fqdn`-mysql.crt -k /etc/pki/tls/private/`hostname --fqdn`-mysql.key -D
`dnsdomainname` -U id-kp-serverAuth -K m
Hi all,
I wonder if anyone has any advice. We changed password policy to 2 days a
few weeks ago.
Over the weekend, passwords expired and now we cannot login. All admin accounts
are essentially unusable.
Seems to be this issue: https://fedorahosted.org/freeipa/ticket/3312
Any ideas how to g
On 15 Sep 2014, at 14.48, Jason Woods wrote:
> I wonder if anyone has any advice. We changed password policy to 2 days a
> few weeks ago.
>
> Over the weekend, passwords expired and now we cannot login. All admin
> accounts are essentially unusable.
> Seems to be this issue: https://fedora
FYI, for any Fedora testers out there, we have updated to 4.0.3 in
Fedora 21 in part because it substantially reduces the size of the
install media for the upcoming Alpha release. If you'd like to test and
provide feedback on the packages, the link is here:
https://admin.fedoraproject.org/updates/
On 09/12/2014 09:19 PM, Dmitri Pal wrote:
> On 09/12/2014 02:43 PM, Michael Lasevich wrote:
>> That is awesome, but I am clearly missing some insight as to how this is
>> supposed to work. Can you point me to some more specific info on how to
>> accomplish this.
>>
>> I tried using the ipa-getcert
On 09/15/2014 03:31 PM, Natxo Asenjo wrote:
> hi,
>
> Centos 6.5.
>
> I want to create a certificate request for our mysql servers. I came up
> with this command line:
>
> $ sudo /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname
> --fqdn`-mysql.crt -k /etc/pki/tls/private/`hostname
> Message: 1
> Date: Mon, 15 Sep 2014 13:06:33 +0200
> From: Daniel Kopecek
> To: Jakub Hrozek
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] FreeIPA, SSSD, sudo and Local Users
> Message-ID: <20140915130633.77047...@dhcp-2-122.brq.redhat.com>
> Content-Type: text/plain; charset=US
Natxo Asenjo wrote:
hi,
Centos 6.5.
I want to create a certificate request for our mysql servers. I came up
with this command line:
$ sudo /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname
--fqdn`-mysql.crt -k /etc/pki/tls/private/`hostname --fqdn`-mysql.key -D
`dnsdomainname` -
Hello,
I've got a webserver whose default export is on a kerberized nfs4 export.
The export works fine for regular ipa users
However the apache user is not allowed to read anything from the export.
What would be the best practice to allow the apache user access to the nfs4
export without switc
On 09/15/2014 04:45 PM, Nathaniel McCallum wrote:
FYI, for any Fedora testers out there, we have updated to 4.0.3 in
Fedora 21 in part because it substantially reduces the size of the
install media for the upcoming Alpha release. If you'd like to test and
provide feedback on the packages, the lin
Just for the record, this should be fixed since FreeIPA 3.2:
https://fedorahosted.org/freeipa/ticket/3114
https://fedorahosted.org/freeipa/ticket/3114
On 09/15/2014 04:06 PM, Jason Woods wrote:
> On 15 Sep 2014, at 14.48, Jason Woods wrote:
>
>> I wonder if anyone has any advice. We changed pass
Sorry, second ticket should have been
https://fedorahosted.org/freeipa/ticket/3312
On 09/15/2014 05:36 PM, Tomas Babej wrote:
> Just for the record, this should be fixed since FreeIPA 3.2:
>
> https://fedorahosted.org/freeipa/ticket/3114
> https://fedorahosted.org/freeipa/ticket/3114
>
> On 09/15
On Mon, 2014-09-15 at 17:26 +0200, Petr Viktorin wrote:
> On 09/15/2014 04:45 PM, Nathaniel McCallum wrote:
> > FYI, for any Fedora testers out there, we have updated to 4.0.3 in
> > Fedora 21 in part because it substantially reduces the size of the
> > install media for the upcoming Alpha release.
Nordgren, Bryce L -FS wrote:
You can bring over password hashes for LDAP, but not Kerberos...provided your 389-ds is
new enough to have a recently added configuration switch. If your system is in
"migration mode", then authenticating via LDAP creates Kerberos hashes
transparently.
If you're r
On Mon, Sep 15, 2014 at 5:03 PM, Rob Crittenden wrote:
> Natxo Asenjo wrote:
>
>>
>> hi,
>>
>> Centos 6.5.
>>
>> I want to create a certificate request for our mysql servers. I came up
>> with this command line:
>>
>> $ sudo /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname
>> --fqd
Martin, this was extremely helpful. I got it to work manually, now all I
need to do is automate the process :-)
The only thing "missing" from this is that I needed to do "ipa host-add
san.host.example.test" before your other "ipa service-add" commands . You
mentioned it, but not shown the command,
Hi Rob,
How does the NFS server map the apache user to “something” it recognizes? I
would suggest that the easiest solution may be to use an IPA account called
“apache”, so that the mappings would just work, but currently I’m having
trouble running a service as a domain user via systemd.
(http
Hello all !
I have deployed test environment for AD trust feature, the environment
contains :
Windows Server 2008 - AD Server.
RHEL 7 - IPA 3.3 Server.
RHEL 6.2 - IPA Client.
I have established the trust as IPA in the sub domain of AD.
AD DNS domain - blue.com
IPA DNS domain - linux.blue.com
Al
On Monday, September 15, 2014 06:10:13 PM Nordgren, Bryce L -FS wrote:
> How does the NFS server map the apache user to “something” it recognizes? I
> would suggest that the easiest solution may be to use an IPA account called
> “apache”, so that the mappings would just work, but currently I’m havi
On 09/15/2014 05:01 PM, Martin Kosek wrote:
> On 09/15/2014 03:31 PM, Natxo Asenjo wrote:
>> hi,
>>
>> Centos 6.5.
>>
>> I want to create a certificate request for our mysql servers. I came up
>> with this command line:
>>
>> $ sudo /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname
>>
23 matches
Mail list logo