Re: [Freeipa-users] Mostly working trust, SSH failure [SOLVED]

2016-05-25 Thread Jakub Hrozek
On Wed, May 25, 2016 at 09:43:55AM -0500, Erik Mackdanz wrote: > On Mon, May 23, 2016 at 4:26 PM, Rob Crittenden wrote: > > https://lists.fedorahosted.org/archives/list/sssd-de...@lists.fedorahosted.org/thread/TUZ6ZWLRZ6QSMUHV44PRT75T6OVBGILK/ > > This was exactly our issue.

Re: [Freeipa-users] Mostly working trust, SSH failure [SOLVED]

2016-05-25 Thread Erik Mackdanz
On Mon, May 23, 2016 at 4:26 PM, Rob Crittenden wrote: > https://lists.fedorahosted.org/archives/list/sssd-de...@lists.fedorahosted.org/thread/TUZ6ZWLRZ6QSMUHV44PRT75T6OVBGILK/ This was exactly our issue. We were able to build a patched version, and our forest AD user could

Re: [Freeipa-users] replica +dns +ca -> ERROR Unable to retrieve CA chain

2016-05-25 Thread lejeczek
On 25/05/16 14:19, Rob Crittenden wrote: lejeczek wrote: hi there, I'm trying to set up a replica with: --setup-dns --no-forwarders --setup-ca installer fails at: [10/23]: importing CA chain to RA certificate database [error] RuntimeError: Unable to retrieve CA chain: [Errno 111]

Re: [Freeipa-users] replica +dns +ca -> ERROR Unable to retrieve CA chain

2016-05-25 Thread lejeczek
On 25/05/16 16:46, Rob Crittenden wrote: lejeczek wrote: On 25/05/16 14:19, Rob Crittenden wrote: lejeczek wrote: hi there, I'm trying to set up a replica with: --setup-dns --no-forwarders --setup-ca installer fails at: [10/23]: importing CA chain to RA certificate database

Re: [Freeipa-users] replica +dns +ca -> ERROR Unable to retrieve CA chain

2016-05-25 Thread Rob Crittenden
lejeczek wrote: On 25/05/16 16:46, Rob Crittenden wrote: lejeczek wrote: On 25/05/16 14:19, Rob Crittenden wrote: lejeczek wrote: hi there, I'm trying to set up a replica with: --setup-dns --no-forwarders --setup-ca installer fails at: [10/23]: importing CA chain to RA certificate

[Freeipa-users] Adding groupOfUniqueNames to all freeipa replicas for Zenoss LDAP authentication

2016-05-25 Thread Bob Hinton
Hello, We are trying to get Zenoss login authentication to use freeipa over LDAP. Group mappings don't currently work and we think this is because Zenoss requires the groupOfUniqueNames object class. I managed to add the object class to a test VM using vsphere_groupmod.ldif taken from

Re: [Freeipa-users] Ipa replica cannot gen as cert expire which folder I should replace new cert???

2016-05-25 Thread barrykfl
externaly signed CA - Godaddy Exppired. Already add new to db /etc/https/alias / -L and config nickname map in /etc/http/config.d/nss.conf Already Import to /etc/slapd/PKI-IPA ...where nickname I should point to? Alreasy change /etc/dirsrv/slapd-ABC-COM and nickname map in dse.ldif Start stop

[Freeipa-users] mod_nss FreeIPA

2016-05-25 Thread Günther J . Niederwimmer
Hello, can any help to find the correct way to configure a Webserver with IPA. (mod_nss) I can't create a correct DB in /etc/httpd/alias I search on the INet and read the install Log from ipa-server but it is for me not possible to found a working way :-(. Thanks for a answer ? -- mit

Re: [Freeipa-users] replica +dns +ca -> ERROR Unable to retrieve CA chain

2016-05-25 Thread Rob Crittenden
lejeczek wrote: hi there, I'm trying to set up a replica with: --setup-dns --no-forwarders --setup-ca installer fails at: [10/23]: importing CA chain to RA certificate database [error] RuntimeError: Unable to retrieve CA chain: [Errno 111] Connection refused Your system may be partly

[Freeipa-users] replica +dns +ca -> ERROR Unable to retrieve CA chain

2016-05-25 Thread lejeczek
hi there, I'm trying to set up a replica with: --setup-dns --no-forwarders --setup-ca installer fails at: [10/23]: importing CA chain to RA certificate database [error] RuntimeError: Unable to retrieve CA chain: [Errno 111] Connection refused Your system may be partly configured. Run

Re: [Freeipa-users] Ipa replica cannot gen as cert expire which folder I should replace new cert???

2016-05-25 Thread Martin Basti
On 25.05.2016 04:36, Barry wrote: Hi: Which location i should renew cert? Http/alias Etc/dirsrv/slapd* Enough? We need to know if you have IPA configured with * externaly signed CA * or selfsigned CA * or if you have any other certificates from different CAs If I remember correctly you

Re: [Freeipa-users] replica +dns +ca -> ERROR Unable to retrieve CA chain

2016-05-25 Thread Rob Crittenden
lejeczek wrote: On 25/05/16 14:19, Rob Crittenden wrote: lejeczek wrote: hi there, I'm trying to set up a replica with: --setup-dns --no-forwarders --setup-ca installer fails at: [10/23]: importing CA chain to RA certificate database [error] RuntimeError: Unable to retrieve CA chain: