On Wed, 09 Dec 2015, Randy Morgan wrote:
Hello,
We are setting up our wireless to authenticate against FreeRadius and
FreeIPA. I am looking for any instructions on how to integrate radius
with IPA. We can get them talking via kerberos, but when we have a
wireless client attempt to
Hi,
On 14.12.2015 12:09, Martin Kosek wrote:
ipa-cacert-manage only renews CA certificate. It does not fix expired CA
subsystem certificates (#getcert list), IIRC.
Correct.
I think the process was:
- move system time to about 1-2 weeks before the oldest expired certificate
expiry time
-
On 12/12/2015 12:26 AM, Martin Å tefany wrote:
> Hello Ranbir,
>
> I'm working on this, even today I was putting more things together.
> (That DRAFT is really uncommented version of what I currently have). And
> I've opened also https://fedorahosted.org/freeipa/ticket/5521 to get a
> bit more out
ipa-cacert-manage only renews CA certificate. It does not fix expired CA
subsystem certificates (#getcert list), IIRC.
I think the process was:
- move system time to about 1-2 weeks before the oldest expired certificate
expiry time
- restart certmonnger
- now certmonger itself should start
On 12/11/2015 11:55 PM, Andrey Ptashnik wrote:
> Hello Team,
>
> We have many servers in our environment that are on a different stage of
> their lifecycle. All of them are added to IPA domain. There are cases when
> servers gets moved, sometimes crash, sometimes are being rebuild or
>
On Fri, 11 Dec 2015, Andrey Ptashnik wrote:
Hello Team,
We have many servers in our environment that are on a different stage
of their lifecycle. All of them are added to IPA domain. There are
cases when servers gets moved, sometimes crash, sometimes are being
rebuild or decommissioned. In
Thanks Alexander, that was an excellent explanation with some very
helpful information. We will look over our configs and see if we can
work this out.
Randy
Randy Morgan
CSR
Department of Chemistry and Biochemistry
Brigham Young University
801-422-4100
On 12/14/2015 3:12 AM, Alexander
On Thu, 10 Dec 2015, Janelle wrote:
libverto-tevent-0.2.5-4.el7.x86_64
libverto-0.2.5-4.el7.x86_64
Patching problem perhaps?
Can you install debuginfo for krb5 and ipa? And then install ltrace?
I would go with these tools:
- once ipa-otpd recreates its high resource usage, run 'pstack '
On Sun, 2015-12-13 at 21:56 +0100, Natxo Asenjo wrote:
> so what have you tried?
A number of things. However, I've been able to get past the SASL GSSAPI
error I was seeing in Postfix. Now I've run into another issue though I
don't think it's related to freeipa.
I'm going to post what I did once
I'll gather up the info first chance I get.
Thank you
~J
On 12/14/15 7:35 AM, Alexander Bokovoy wrote:
On Thu, 10 Dec 2015, Janelle wrote:
libverto-tevent-0.2.5-4.el7.x86_64
libverto-0.2.5-4.el7.x86_64
Patching problem perhaps?
Can you install debuginfo for krb5 and ipa? And then install
Using an EL7 client, lot's of times the IPA
(posix) groups are missing, or partly missing. Doing some
debugging, sssd_pac.log shows:
(Mon Dec 14 17:19:08 2015)
[sssd[pac]] [pac_user_get_grp_info] (0x2000): Group with SID
On Mon, 2015-12-14 at 11:30 -0500, Ranbir wrote:
> How would one handle an email only user in freeipa? I have mail
> accounts that aren't attached to a real person and yet I need the
> "user" to exist in freeipa.
Should I just create a normal user account, set the password and mail
and disable
On Mon, 2015-12-14 at 13:38 -0500, Ranbir wrote:
> On Mon, 2015-12-14 at 11:30 -0500, Ranbir wrote:
> > How would one handle an email only user in freeipa? I have mail
> > accounts that aren't attached to a real person and yet I need the
> > "user" to exist in freeipa.
>
> Should I just create a
Alexander,
Thank you for your feedback, this is what I expected to do -
'ipa-client-install —uninstall' and expected and easy quick fix for my request.
It seem to work in environment where server portion is on CentOS/RHEL 7.1 and
clients as well on 7.1 with IPA 4.1
However when clients are
Hello,
>From what I understood, a freeipa replica server is a kind of backup of
another freeipa server.
Both are usable by clients, and they will dynamically update their
information.
But I do not understand how a client will make use of the replica if the
master server is down.
Naively I would
15 matches
Mail list logo
