Tank you very much for your response.
Adding debugging to /etc/ipa/server.conf did not add any additional
information, but I discovered that -d flag to
ipa-replica-install gives a lot of information.
After a lot of weird stuff, problems and son on, I decided to scratch the
entire server
On Tue, Apr 25, 2017 at 12:38:11PM -0500, Michael Rainey (Contractor) wrote:
> Hello,
>
> While using Fedora 25 we noticed smart card login is broken with the latest
> update to SSSD. A month or so ago a patch was created to fix the same
> issue. Here are some of the details:
>
> Before
Using the firefox debugger, I get these errors when trying to pop up the
New Certificate dialog:
Empty string passed to getElementById(). (5)
jquery.js:4:1060
TypeError: u is undefined app.js:1:362059
Empty string passed to getElementById(). (5)
Good news. One of my servers _does_ have CA installed. So why does
"Action -> New Certificate" not do anything on this or any other server?
Bret
On 04/25/2017 02:52 PM, Bret Wortman wrote:
I recently had to upgrade all my Fedora IPA servers to C7. It went
well, and we've been up and
On 04/25/2017 10:56 AM, Dewangga Bachrul Alam wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Master IPA Server:
- - I install 1 (one) server as master (self-signed) and add/modify
using external CA.
- - I am using ipa-cacert-manage install then ipa-certupdate on master
Hi,
I
Hello Freeipa Team,
I am new to freeipa, I have installed freeipa for generate certificate
for our products, I have generated certificates, its works fine, but I
need to customized freeipa certificate form for add more fields. Suggest
me how can I achieve this?
Reference: please find the
So I can see my certs using cert-find, but can't get details using
cert-show or add new ones using cert-request.
# ipa cert-find
:
--
Number of entries returned 385
--
# ipa cert-show 895
ipa: ERROR: Certificate
Digging still deeper:
# ipa cert-request f.f --principal=HTTP/`hostname`@DAMASCUSGRP.COM
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (503)
Looks like this is an HTTP error; so is it possible that my IPA thinks
it has a CA but there's no CMS
Bret Wortman wrote:
> Digging still deeper:
>
> # ipa cert-request f.f --principal=HTTP/`hostname`@DAMASCUSGRP.COM
> ipa: ERROR: Certificate operation cannot be completed: Unable to
> communicate with CMS (503)
>
> Looks like this is an HTTP error; so is it possible that my IPA
On 04/26/2017 10:22 AM, Rob Crittenden wrote:
Bret Wortman wrote:
Digging still deeper:
# ipa cert-request f.f --principal=HTTP/`hostname`@DAMASCUSGRP.COM
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (503)
Looks like this is an HTTP
Hi all,
I’ve been struggling the last few days with rebuilding part of my FreeIPA
infrastructure, which has lead me to some questions about how some of the IPA
infrastructure works. To give a bit of background, I have two IPA servers (my
initially installed IPA server, and a replica) both of
Hi again,
Well, Let's Encrypt is working nicely with the httpd cert - but I am
wondering if there is a way to use Let's Encrypt or another signed cert
to replace the CA to be able to sign all the certs with it, or is the
only way to sign our certs with the built in CA? I guess, thinking
Apologies if this is a duplicate. Not sure if posting via Gmane works
these days ...
Did something change re Apache LDAP group authentication. The following
configuration directive was working for me until recently.
Require ldap-group cn=sprinklers,cn=groups,cn=accounts,dc=penurio,dc=us
So twice now I've tried installing freeipa on an Ubuntu 16.04 system.
Both times I've gotten an error and followed the instructions to "fix it"
and they didn't work so I removed files ( with purge ), cleaned up
everything I could find related to freeipa, sssd and kerb but trying to run
it again
Did something change re Apache LDAP group authentication. The following
configuration directive was working for me until recently.
Require ldap-group cn=sprinklers,cn=groups,cn=accounts,dc=penurio,dc=us
Today, this is causing authentication failures, even though the users
are still in the
On 25.04.2017 23:59, Robert L. Harris wrote:
>
>I'm trying to install freeipa-server on an ubuntu 16.04 box, fresh
> install, but it keeps failing:
>
> Running ipa-server-upgrade...
> IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run
> command ipa-server-upgrade manually.
>
I am setting up LDAP authentication with a remote service. On
https://www.freeipa.org/page/HowTo/LDAP it says the following:
"Do not use the Directory Manager account to authenticate remote
services to the IPA LDAP server. Use a system account, created like
this:"
I followed the steps there to
I had to let this sit for a few days, but now that I try again I can remove and
re-add the host (using CLI). The web UI still presents an error though IPA
Error 4302: CertificateFormatError Certificate format error:
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old
Bret Wortman wrote:
> So I can see my certs using cert-find, but can't get details using
> cert-show or add new ones using cert-request.
>
> # ipa cert-find
> :
> --
> Number of entries returned 385
> --
> # ipa
Thanks Jason, that was exactly the issue! It's working now.
On Wed, Apr 26, 2017 at 4:11 PM, Jason B. Nance wrote:
> Hi Chris,
>
>> # remoteu, sysaccounts, etc, example.com
>> dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com
>> objectClass: account
>> objectClass:
Hi Chris,
> # remoteu, sysaccounts, etc, example.com
> dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com
> objectClass: account
> objectClass: simplesecurityobject
> objectClass: top
> uid: remoteu
> userPassword:: [hash value]
>
> This new user is unable to run LDAP searches though:
>
Hello.
First wanted to thank everyone working hard to bring this awesome bundle
of applications to market. This is a great project and I really
appreciate the efforts.
I need a hand with a new 4.4.3 install that I'm still trying to flesh
out fully to support all the services I need.
I recently
On Wed, Apr 26, 2017 at 07:02:08PM +0530, rajkumar wrote:
> Hello Freeipa Team,
>
> I am new to freeipa, I have installed freeipa for generate certificate for
> our products, I have generated certificates, its works fine, but I need to
> customized freeipa certificate form for add more fields.
On Wed, Apr 26, 2017 at 09:51:34AM -0500, Kat wrote:
> Hi again,
>
> Well, Let's Encrypt is working nicely with the httpd cert - but I am
> wondering if there is a way to use Let's Encrypt or another signed cert to
> replace the CA to be able to sign all the certs with it, or is the only way
> to
Kendal Montgomery wrote:
> Hi all,
>
>
>
> I’ve been struggling the last few days with rebuilding part of my
> FreeIPA infrastructure, which has lead me to some questions about how
> some of the IPA infrastructure works. To give a bit of background, I
> have two IPA servers (my initially
25 matches
Mail list logo