Re: [Freeipa-users] Ipa replica cannot gen as cert expire which folder I should replace new cert???

Hi: Which location i should renew cert? Http/alias Etc/dirsrv/slapd* Enough? 2016年5月24日 下午10:01 於 "Rob Crittenden" 寫道： > barry...@gmail.com wrote: > >> hi all: >> >> >> Thx ad title >> >> ipa : ERRORcert validation failed for "CN=server.abc.com >>

Re: [Freeipa-users] AD replication and password passthrough

We were doing this by utilising overrides (changing user names, /home/ s, etc), but I think we had to back out of that plan because we encountered issues. We may go back. Using Host Based Access Control (HBAC) and sudo is a powerful set of tools. What did you want to do that wasn’t covered by

[Freeipa-users] Ipa replica cannot gen as cert expire which folder I should replace new cert???

hi all: Thx ad title ipa : ERRORcert validation failed for "CN=server.abc.com,O=WISER S.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.) preparation of replica failed: cannot connect to 'https://server.ABC.com:944 4/ca/ee/ca/profileSubmitSSLClient':

Re: [Freeipa-users] What id my AD domain user password not available

On 05/23/2016 03:20 PM, Ben .T.George wrote: > Hi > > Thanks for your reply. > > I saw this before but the thing is i cant able to follow up this one as i am > not > completely getting those steps > > ipa trust-add --type=ad "ad_domain" --trust-secret > > Is asking for key and what i need to

[Freeipa-users] Error when adding new users via UI:

Hi I have IPA server 4,2 running on centos 7 (ipa-server-4.2.0-15.el7.centos.3.x86_64). This morning, after many months of stable operation, I tried to add a user and got this error via the web interface: --- Operations error: Allocation of a new value for range cn=posix ids,cn=distributed

Re: [Freeipa-users] question about automount config

You can stop the autofs daemon, and run it in foreground with automount -fvv. Then try to access the mount point in parallel. The logs from the foreground run should shed some light. Also, does your autofs setup work without kerberos ? As a first step it to work with non-kerberised nfs. On Mon,

Re: [Freeipa-users] increase the number of attempts to create /etc/krb5.keytab

Sorry for asking the dumb question again. Where are the 389-ds logs? I can't find them in /var/log/ .  On Monday, May 23, 2016 5:10 PM, Rob Crittenden wrote: Ask Stack wrote: > Rob > Thanks for the reply. > I didn't find anything obvious in

Re: [Freeipa-users] Ipa replica cannot gen as cert expire which folder I should replace new cert???

barry...@gmail.com wrote: hi all: Thx ad title ipa : ERRORcert validation failed for "CN=server.abc.com ,O=WISER S.COM " ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.) preparation of replica failed: cannot connect to

Re: [Freeipa-users] FreeIPA 4.3 with PWM 1.7 ?

On 05/23/2016 07:56 PM, Zak Wolfinger wrote: > Does anyone have this combo working? I’m running into problems with > pki-tomcat and tomcat for pwm conflicting and need some pointers. > > Thanks! You may need to do it on FreeIPA replica without a CA then or isolate these somehow (containers?)

Re: [Freeipa-users] Error when adding new users via UI:

Traiano Welcome wrote: Hi I have IPA server 4,2 running on centos 7 (ipa-server-4.2.0-15.el7.centos.3.x86_64). This morning, after many months of stable operation, I tried to add a user and got this error via the web interface: --- Operations error: Allocation of a new value for range

Re: [Freeipa-users] increase the number of attempts to create /etc/krb5.keytab

Ask Stack wrote: Sorry for asking the dumb question again. Where are the 389-ds logs? I can't find them in /var/log/ . /var/log/dirsrv/slapd-REALM What you'll want to look for is the BIND from the client and all results for that connection. The errors log tends to just log critical problems

Re: [Freeipa-users] Error when adding new users via UI:

On 05/24/2016 04:07 PM, Rob Crittenden wrote: > Traiano Welcome wrote: >> Hi >> >> I have IPA server 4,2 running on centos 7 >> (ipa-server-4.2.0-15.el7.centos.3.x86_64). >> >> This morning, after many months of stable operation, I tried to add a >> user and got this error via the web interface:

Re: [Freeipa-users] What is the correct repo for Centos 7.2(1511)

On 24.05.2016 17:47, Brooks, Charles wrote: How do I determine the correct repo to use for Centos 7.2.1511 ? The only Centos 7 repos are marked "unofficial ... Use at your own risk". The download page leads to ... https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3/ but that only

[Freeipa-users] What is the correct repo for Centos 7.2(1511)

How do I determine the correct repo to use for Centos 7.2.1511 ? The only Centos 7 repos are marked "unofficial ... Use at your own risk". The download page leads to ... https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3/ but that only has Fedora 23/24/Rawhide repos listed. A search

Re: [Freeipa-users] Forcing passync to periodically sync passwords

On Tue, 24 May 2016, pgb205 wrote: Currently passync is only triggered one the domain controller where the password change is made.Is there a way to trigger passync to run periodically and resend information to freeipa even if there are no changes? Passsync implements an interface on AD DC side

[Freeipa-users] Forcing passync to periodically sync passwords

Currently passync is only triggered one the domain controller where the password change is made.Is there a way to trigger passync to run periodically and resend information to freeipa even if there are no changes?-- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Forcing passync to periodically sync passwords

On Tue, 24 May 2016, pgb205 wrote: Alexander, thank you for such a quick reply. The reason im looking at this is that I want to synchronize from AD to several FIPA domains, but as you mention it's only1-1 passync option. This results in my not being able to synchronize passwords to second idm

Re: [Freeipa-users] Forcing passync to periodically sync passwords

Alexander, thank you for such a quick reply. The reason im looking at this is that I want to synchronize from AD to several FIPA domains, but as you mention it's only1-1 passync option. This results in my not being able to synchronize passwords to second idm domain. Other options I've considered

Re: [Freeipa-users] increase the number of attempts to create /etc/krb5.keytab

Thank you. On Tuesday, May 24, 2016 9:56 AM, Rob Crittenden wrote: Ask Stack wrote: > Sorry for asking the dumb question again. Where are the 389-ds logs? I > can't find them in /var/log/ . /var/log/dirsrv/slapd-REALM What you'll want to look for is the BIND