Re: [Freeipa-users] How to remove bad cert renewal from certmonger?

2016-04-25 Thread Tikkanen, Tuomo (Nokia - FI/Espoo)
On 23.4.2016 1:23, EXT Rob Crittenden wrote: Tikkanen, Tuomo (Nokia - FI/Espoo) wrote: Repetitio est mater studiorum: How I can clean this defective state of certmonger? # ipa-getcert stop-tracking -i 20160212110456 Ah! That was obvious! Thanks a lot Rob. Second question

Re: [Freeipa-users] How to remove bad cert renewal from certmonger?

2016-04-25 Thread Alexander Bokovoy
On Mon, 25 Apr 2016, Rob Crittenden wrote: Tikkanen, Tuomo (Nokia - FI/Espoo) wrote: On 23.4.2016 1:23, EXT Rob Crittenden wrote: Tikkanen, Tuomo (Nokia - FI/Espoo) wrote: Repetitio est mater studiorum: How I can clean this defective state of certmonger? # ipa-getcert

Re: [Freeipa-users] nss unrecognized name alert with SAN name

2016-04-25 Thread Rob Crittenden
John Obaterspok wrote: 2016-02-11 1:34 GMT+01:00 Fraser Tweedale >: On Sun, Feb 07, 2016 at 12:05:19PM +0100, John Obaterspok wrote: > 2016-02-06 23:29 GMT+01:00 Rob Crittenden >:

Re: [Freeipa-users] How to remove bad cert renewal from certmonger?

2016-04-25 Thread Rob Crittenden
Tikkanen, Tuomo (Nokia - FI/Espoo) wrote: On 23.4.2016 1:23, EXT Rob Crittenden wrote: Tikkanen, Tuomo (Nokia - FI/Espoo) wrote: Repetitio est mater studiorum: How I can clean this defective state of certmonger? # ipa-getcert stop-tracking -i 20160212110456 Ah! That was

Re: [Freeipa-users] Migrate FreeIPA data from v3.0. to v4.2.0

2016-04-25 Thread Anthony Cheng
So I went ahead and ran the migrate-ds command; ran into issue that was described here: https://www.redhat.com/archives/freeipa-users/2015-March/msg00398.html when trying to change password I re-ran migrate-ds option; but I actually don't see the user accounts being migrated at all when I run a

[Freeipa-users] Migrate FreeIPA data from v2.0. to v4.2.0

2016-04-25 Thread Anthony Cheng
Hi list, Currently in the midst of doing a migration of FreeIPA from v3.0.0 to v4.2.0; I have setup the new IPA instances and I am looking at migrate the data. Based on the section under 'Migrating from other FreeIPA to FreeIPA' here (

Re: [Freeipa-users] nss unrecognized name alert with SAN name

2016-04-25 Thread John Obaterspok
Thanks Rob! I rebuilt the mod_nss-1.0.14-1 version from rawhide for my F23 IPA server and it works like a charm. Thanks, john 2016-04-25 16:47 GMT+02:00 Rob Crittenden : > John Obaterspok wrote: > >> >> 2016-02-11 1:34 GMT+01:00 Fraser Tweedale

[Freeipa-users] Add CA server AFTER install?

2016-04-25 Thread Zak Wolfinger
Not having much luck with the docs / Google. Is there a way to add the CA server role to a FreeIPA installation if it wasn’t included at the time of install? Thanks! signature.asc Description: Message signed with OpenPGP using GPGMail -- Manage your subscription for the Freeipa-users

Re: [Freeipa-users] Add CA server AFTER install?

2016-04-25 Thread Rob Crittenden
Zak Wolfinger wrote: Not having much luck with the docs / Google. Is there a way to add the CA server role to a FreeIPA installation if it wasn’t included at the time of install? Thanks! ipa-ca-install rob -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Add CA server AFTER install?

2016-04-25 Thread Rob Crittenden
Zak Wolfinger wrote: Not having much luck with the docs / Google. Is there a way to add the CA server role to a FreeIPA installation if it wasn’t included at the time of install? Too quick on the draw... It isn't clear what you mean. ipa-ca-install can add a CA to a master installed using

Re: [Freeipa-users] nss unrecognized name alert with SAN name

2016-04-25 Thread John Obaterspok
2016-02-11 1:34 GMT+01:00 Fraser Tweedale : > On Sun, Feb 07, 2016 at 12:05:19PM +0100, John Obaterspok wrote: > > 2016-02-06 23:29 GMT+01:00 Rob Crittenden : > > > > > John Obaterspok wrote: > > > > > >> Hi, > > >> > > >> I have a ipa.my.lan and a cname

Re: [Freeipa-users] Best practice for requesting a certificate in Kickstart?

2016-04-25 Thread David Kupka
On 24/04/16 04:46, Anthony Clark wrote: Hello All, TL;DR: what's the best way to grab a SSL cert and key during kickstart? (this is all using CentOS 7.2 latest) I'm using Foreman to manage my kickstart and Puppet services, and its built-in FreeIPA client enrollment works just fine. However

Re: [Freeipa-users] RoundRobin - Cname - 2 servers with same services

2016-04-25 Thread Petr Spacek
On 22.4.2016 16:41, Martin Basti wrote: > > > On 22.04.2016 16:00, Gady Notrica wrote: >> >> Hello World, >> >> I am trying to enable roundrobin on freeipa. I have 2 servers providing same >> service (http). I am trying to give it a friendly name so that when user >> what to access it, they can

[Freeipa-users] Differential data on cluster syn back to server1

2016-04-25 Thread barrykfl
Hi: I have 2 servers clusters replicating ...server1 down server2 take up role running, if server 1 turn on again I found the differential ac/data created on server2 not replicate back to server 1 ...any idea ? Is it possible to syn back the different data manually or force syn? if both servers

[Freeipa-users] 2 servers replicatong if onefail_how_made itreplicate the differential?

2016-04-25 Thread barrykfl
Tried.noramlly it replicationg but if one fail and still add new users. The recovered server not syn back. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project