On 10/20/2016 05:05 AM, beeth beeth wrote:
First of all, thanks for the quick response Florence!
I have question about your suggested step [1] and [2]:
For [1], "ipa-cacert-manage install cert.pem". Which certificate is
this? Is it the ChainBundle cert(root cert + intermediate cert)?
For [2],
Hi All,
I wanted to enable secure LDAP connection on freeIPA but alas after changing
cn=config
nsslapd-minssf from 0 to 128 i am getting below error:
ipactl restart
Failed to read data from Directory Service: Unknown error when retrieving list
of services from LDAP: Server is unwilling to
On Thu, Oct 20, 2016 at 04:46:01PM +1100, Robert Sturrock wrote:
> Hello,
>
> We have an IPA (4.2) server setup on RHEL 7.2 in a trust arrangement with
> our University organisational AD. The AD forest contains *two*
> domains:
>
> EXAMPLE.AU (staff users)
> STUDENT.EXAMPLE.AU (student
Hi everyone,
In order to prevent administrators to make mistakes that could have
silly consequences, I would like to set "preserve" as the default selected
action in freeipa's webui.
What do you think would be the best way to achieve this ?
Thank you in advance,
Sebastien Julliot.
--
On 10/19/2016 06:28 PM, Andrew E. Bruno wrote:
On Wed, Oct 19, 2016 at 05:41:37PM +0200, Ludwig Krispenz wrote:
On 10/19/2016 05:02 PM, Ludwig Krispenz wrote:
On 10/19/2016 03:48 PM, Andrew E. Bruno wrote:
On Wed, Oct 19, 2016 at 10:13:26AM +0200, Ludwig Krispenz wrote:
On 10/18/2016 08:52
Hi all, I need advice or help with freeIPA implementation behind F5 bigip
loadbalancer. My goal is to have all freeIPA services (including json/xml API)
behind loadbalancer for freeIPA clients.
>> Because RHEL support says me IPA behind loadbalancer is not supported I was
>> coming out of
Hello everyone,
Both server are fresh install 2008r2 and fedora 24 server freeipa 4.3.2 as
documentation explain in
http://www.freeipa.org/page/Active_Directory_trust_setup#If_AD_is_subdomain_of_IPA
however the server is unable to resolve any record from my child domain, i
found
this bug
On to, 20 loka 2016, Carlos Raúl Laguna wrote:
Hello everyone,
Both server are fresh install 2008r2 and fedora 24 server freeipa 4.3.2 as
documentation explain in
http://www.freeipa.org/page/Active_Directory_trust_setup#If_AD_is_subdomain_of_IPA
however the server is unable to resolve any
Hi Deepak,
What you did was disabling unsecure connections to the directory service.
As such, use LDAPS to connect and enable unsecure connections again:
ldapmodify -D "cn=directory manager" -W -H ldaps://`hostname`
dn: cn=config
changetype: modify
replace: nsslapd-minssf
nsslapd-minssf: 0
On 10/19/2016 08:18 PM, Bertrand Rétif wrote:
*De: *"Bertrand Rétif"
*À: *freeipa-users@redhat.com
*Envoyé: *Mercredi 19 Octobre 2016 15:42:07
*Objet: *Re: [Freeipa-users] Impossible to renew certificate.
pki-tomcat issue
Hi Alexander,
I do belive is a DNS problem, the command failing are
host -t srv _ldap._tcp.ad_domain
or
dig SRV _ldap._tcp.ad_domain
after checkig the logs a see this error
"no valid DS resolving '_ldap._tcp.ad_domain /SRV/IN': 10.20.4.22#53"
so i disable the dnssec validation on IPA and it work
On to, 20 loka 2016, Carlos Raúl Laguna wrote:
Hi Alexander,
I do belive is a DNS problem, the command failing are
host -t srv _ldap._tcp.ad_domain
or
dig SRV _ldap._tcp.ad_domain
after checkig the logs a see this error
"no valid DS resolving '_ldap._tcp.ad_domain /SRV/IN': 10.20.4.22#53"
so i
Thanks for the clarification. Regards
2016-10-20 14:23 GMT-04:00 Alexander Bokovoy :
> On to, 20 loka 2016, Carlos Raúl Laguna wrote:
>
>> Hi Alexander,
>> I do belive is a DNS problem, the command failing are
>>
>> host -t srv _ldap._tcp.ad_domain
>> or
>> dig SRV
> On Thu, Oct 20, 2016 at 04:46:01PM +1100, Robert Sturrock wrote:
> […]
> > However, when I try logging in as a student domain user
> > (student.example.au),
> > I don't see any of the groups (there should be 8):
> >
> > $ ssh -l rnst student example au ipa-client-rh7.ipa.example.au
> >
Hi,Thanks again.
Lastly, we've switched away from Ubuntu's FreeIPA due to a bad Samba
compilation choice stopping AD trusts from working (samba isn't using MIT
kerberos). We're now using CentOS 7.2.
While we know the CentOS version will operate correctly, we only get to use 4.2
of
15 matches
Mail list logo