Re: [Freeipa-users] IPA PKI Questions

Excellent, thanks for the information regarding re-initialization. I had tried this before, but I still ended up having issues in the logs where it says something along the lines of a CSN is no longer available, may need to do a full re-initializaion after I did that. It seems to only happen

Re: [Freeipa-users] IPA PKI Questions

Thank you! I’ll give the re-initialization of all my replicas a try! Kendal On 4/27/17, 5:58 AM, "thierry bordaz" wrote: On 04/26/2017 11:58 PM, Rob Crittenden wrote: > Kendal Montgomery wrote: >> Hi all, >> >> >> >> I’ve been

Re: [Freeipa-users] "Purge" scripts?

On 26.04.2017 20:07, Robert L. Harris wrote: So twice now I've tried installing freeipa on an Ubuntu 16.04 system. Both times I've gotten an error and followed the instructions to "fix it" and they didn't work so I removed files ( with purge ), cleaned up everything I could find related

Re: [Freeipa-users] "Purge" scripts?

It changes each time it seems. In a minute I'm going to do a completely virgin install under a "script" session for Ubuntu 16.04 and 17.04 with and with the PPAs then upload the scripts to pastebin so they can be looked at. Robert On Thu, Apr 27, 2017 at 9:01 AM Martin Bašti

Re: [Freeipa-users] "Purge" scripts?

Martin Bašti wrote: > > > On 26.04.2017 20:07, Robert L. Harris wrote: >> So twice now I've tried installing freeipa on an Ubuntu 16.04 >> system. Both times I've gotten an error and followed the instructions >> to "fix it" and they didn't work so I removed files ( with purge ), >> cleaned up

Re: [Freeipa-users] "Purge" scripts?

"apt-get remove --purge " or "dpkg -P " should remove all files. One a previous build I tried the --uninstall and got an error. Right now I'm trying the PPA and 17.04 and getting a KRB error. On Thu, Apr 27, 2017 at 9:06 AM Rob Crittenden wrote: > Martin Bašti wrote: > >

Re: [Freeipa-users] "Purge" scripts?

Robert L. Harris wrote: > > "apt-get remove --purge " or "dpkg -P " should remove all > files. One a previous build I tried the --uninstall and got an error. > Right now I'm trying the PPA and 17.04 and getting a KRB error. As I said, configuration is not erased on package removal, on purpose

Re: [Freeipa-users] How to customized freeipa certificate form

On Thu, Apr 27, 2017 at 12:02:56PM +0530, rajkumar wrote: > Hello Fraser, > > Ok, I got similar fields, MD5 Fingerprint and Sha1 Fingerprint value in > certificate form in freeipa, But it values are disabled in certificate form > in webui. suggest me how can I enable these values via webui or

Re: [Freeipa-users] How to customized freeipa certificate form

On Thu, Apr 27, 2017 at 10:16:15AM +0530, rajkumar wrote: > Hello Fraser, > > Thanks for your quick reply, I need to add hash value field in certificate > details form and write a code to get hash value of create certificated and > viewed to that hash value field. Suggest me How can I do this.

Re: [Freeipa-users] I think I lost my CA...

On 04/26/2017 04:33 PM, Bret Wortman wrote: So I can see my certs using cert-find, but can't get details using cert-show or add new ones using cert-request. # ipa cert-find : -- Number of entries returned 385 -- #

Re: [Freeipa-users] IPA PKI Questions

On 04/26/2017 11:58 PM, Rob Crittenden wrote: Kendal Montgomery wrote: Hi all, I’ve been struggling the last few days with rebuilding part of my FreeIPA infrastructure, which has lead me to some questions about how some of the IPA infrastructure works. To give a bit of background, I

Re: [Freeipa-users] TLS 1.2 for PKI+SLAPD

Callum Guy wrote: > Hi All, > > I'm currently looking at hardening my FreeIPA server as part of a PCI > assessment. > > I am hoping to be able to fix PKI (ports 8443) and SLAPD (LDAPS) to use > only TLS1.2 - both currently support TLS1.0 and unfortunately that is > non-compliant for my

Re: [Freeipa-users] TLS 1.2 for PKI+SLAPD

Thanks so much for the link Rob - i'm on 4.4.0. I'll get back in touch if i run into any issues - i find it difficult to locate these help pages so really do appreciate the advice On Thu, Apr 27, 2017 at 8:16 PM Rob Crittenden wrote: > Callum Guy wrote: > > Hi All, > > > >

Re: [Freeipa-users] TLS 1.2 for PKI+SLAPD

For others reference this is regarding CentOS 7.2 with FreeIPA 4.4.0 Directory server change suggested on the link are for an older version. Minimum TLS support can be altered as follows: */etc/dirsrv/slapd-DOMAIN.COM/dse.ldif* dn: cn=encryption,cn=config allowWeakCipher: off cn: encryption

Re: [Freeipa-users] TLS 1.2 for PKI+SLAPD

Managed to get PKI/Tomcat patched for TLS 1.2. */etc/pki/pki-tomcat/server.xml* *...* * sslVersionRangeStream="tls1_2:tls1_2" * *sslVersionRangeDatagram="tls1_2:tls1_2" * *...* Thanks, resolved. On Thu, Apr 27, 2017 at 10:01 PM Callum Guy wrote: > For others reference

[Freeipa-users] Creating another sudo rules full

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello! Is it possible to create another sudo rules that same with sudo_rule_full or admin privileges, it means that the user can run `sudo su -` without password. I've create the similar rules, but no luck. [root@idm ~]# ipa sudorule-show

[Freeipa-users] TLS 1.2 for PKI+SLAPD

Hi All, I'm currently looking at hardening my FreeIPA server as part of a PCI assessment. I am hoping to be able to fix PKI (ports 8443) and SLAPD (LDAPS) to use only TLS1.2 - both currently support TLS1.0 and unfortunately that is non-compliant for my environment. Also i'm very much hoping not

Re: [Freeipa-users] CA Certificate didn't automatically transfer to replica(s)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello! On 04/26/2017 08:08 PM, Florence Blanc-Renaud wrote: > On 04/25/2017 10:56 AM, Dewangga Bachrul Alam wrote: Hello! > > Master IPA Server: - I install 1 (one) server as master > (self-signed) and add/modify using external CA. - I am using >

Re: [Freeipa-users] List SPAM

On 24 April 2017 at 12:24, Prasun Gera wrote: > That doesn't work very well. The spam bots use different emails. And gmail > marks the entire message thread as spam, not just the spam reply. > > On Sun, Apr 23, 2017 at 7:20 AM, Dewangga Bachrul Alam < >