On 04/15/2016 05:13 PM, Ott, Dennis wrote:
> My master began life as OS 6.2 / IPA 2.1.3 / pki-9.0.3 and does not have a
> cert database at:
>
> /etc/pki/pki-tomcat/alias
>
> At:
>
> /var/lib/pki-ca/alias
right
>
> subsystemCert cert-pki-ca has a serial number of 18 (0x12)
>
> At:
>
>
Kilian Ries wrote:
I'm not quite familiar with the db2index.pl script ... what am i doing wrong?
db2index.pl -n userRoot -D cn=admin -w
ldap_bind: No such object (32)
Failed to search the server for indexes, error (32)
db2index.pl -n userRoot -D cn=admin -w -v -t entryrdn
ldap_bind: No such
We’re trying to setup FreeIPA to be a good provider of UIDs and GIDs for our
mostly RHEL systems. Overall, that works great. The issue I’m running into is
that we need to have the same consistent UIDs and GIDs for our Isilon system
which serves up both CIFS and NFS. Each user of the Isilon
This allowed the replica install to complete. Thank you.
However, when I try to kinit admin on the replica I get:
kinit: Invalid UID in persistent keyring name while getting default ccache
After some research I found that by commenting out this line in /etc/krb5.conf
default_ccache_name =
Hi folks,
If I run "kinit admin; ipa -v ping" as a regular user, then I get
ipa: INFO: trying https://ipa2.example.com/ipa/json
ipa: INFO: Connection to https://ipa2.example.com/ipa/json failed with
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
unsupported format.
ipa:
On 04/15/2016 10:14 AM, Kilian Ries wrote:
Hi,
on auht01 i see the following error just before installation fails:
[14/Apr/2016:15:57:09 +0200] - database index operation failed BAD 1031,
err= Unknown error
[14/Apr/2016:15:57:09 +0200] - add: attempt to index 625 failed; rc=
On 15/04/16 11:42, Harald Dunkel wrote:
Hi folks,
If I run "kinit admin; ipa -v ping" as a regular user, then I get
ipa: INFO: trying https://ipa2.example.com/ipa/json
ipa: INFO: Connection to https://ipa2.example.com/ipa/json failed with
(SEC_ERROR_LEGACY_DATABASE) The certificate/key
On 15/04/16 13:31, Harald Dunkel wrote:
Hi folks,
I have no luck with the ipa cli, so I wonder if it is
possible to ldapsearch for disabled or enabled users?
A command line like
ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com uid=somebody
doesn't show :-(.
Every helpful
Hi David,
> Hello Harri,
>
> the FreeIPA certificate database is stored in /etc/ipa/nssdb, by default the
> permissions are set to:
>
> $ ls -dl /etc/ipa/nssdb/
> drwxr-xr-x. 2 root root 73 Apr 15 14:00 /etc/ipa/nssdb/
>
> $ ls -l /etc/ipa/nssdb/
> total 80
> -rw-r--r--. 1 root root 65536 Apr
hi Harald,
On Fri, Apr 15, 2016 at 1:31 PM, Harald Dunkel
wrote:
> Hi folks,
>
> I have no luck with the ipa cli, so I wonder if it is
> possible to ldapsearch for disabled or enabled users?
> A command line like
>
> ldapsearch -LLL -Y GSSAPI -b
Hi folks,
I have no luck with the ipa cli, so I wonder if it is
possible to ldapsearch for disabled or enabled users?
A command line like
ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com uid=somebody
doesn't show :-(.
Every helpful hint is highly welcome
Harri
--
Manage
11 matches
Mail list logo