On ke, 03 touko 2017, Patrick Hemmer wrote:
Would it be reasonable to request a feature for FreeIPA to enforce
password history reuse based on age, instead of a count? Meaning
configure FreeIPA to enforce that a password cannot be reused within the
last 1 year? Then we could remove the minimum
Florence Blanc-Renaud wrote:
the issue looks similar to ticket 6766 [1]
Flo.
[1] https://pagure.io/freeipa/issue/6766
Thanks Flo, I agree that this looks like the issue I"m hitting in v4.4
much appreciated!
I'm gonna be watching this closely, it's nerve wracking knowing that I
can't
On 05/03/2017 05:16 PM, Chris Dagdigian wrote:
Any guidance for this one?
Summary - this seems to be the fatal error that causes the CA setup on
the replica to fail:
May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: testLDAPConnection:
The specified user cn=Replication Manager
Standa Laznicka wrote:
You can, but you probably won't be able to install a CA replica on
them (you have to leave out the --setup-ca option). In the meantime,
you can create replicas without CA replication and when the Dogtag/DS
guys solve the problem, you can run ipa-ca-install on those to
Michael Plemmons wrote:
> I realized that I was not very clear in my statement about testing with
> ldapsearch. I had initially run it without logging in with a DN. I was
> just running the local ldapsearch -x command. I then tested on
> ipa12.mgmt and ipa11.mgmt logging in with a full DN for
On 05/04/2017 12:41 AM, Ian Harding wrote:
Is there any way this can be made to work? This server does not exist
in real life or seemingly in FreeIPA, but a ghost of it does.
ianh@vm-ian-laptop:~$ ipa server-find freeipa-dal.bpt.rocks
1 IPA server matched
On 04/28/2017 02:57 PM, Bret Wortman wrote:
Flo,
I did find that issue and made those corrections to our /etc/hosts file,
but the problem persists.
Thanks for the idea!
after the change did you restart pki?
Bret
On 04/27/2017 03:42 AM, Florence Blanc-Renaud wrote:
On 04/26/2017 04:33
Petr Vobornik wrote:
> On 05/04/2017 12:41 AM, Ian Harding wrote:
>> Is there any way this can be made to work? This server does not exist
>> in real life or seemingly in FreeIPA, but a ghost of it does.
>>
>> ianh@vm-ian-laptop:~$ ipa server-find freeipa-dal.bpt.rocks
>>
>>
I'm trying to use certmonger to get an SSL certificate on a web host
which has an alias. I added the alias as a principal alias to the
host record in FreeIPA, and I added the service as well with the
actual hostname and the alias. However every time certmonger contacts
the CA, the request is
Hello,
I have a problem with Samba setup that I haven't been able to overcome for
months. I am trying to setup samba on RHEL 7 using SSSD instead of winbind
Currently, I have a one way trust between the production Active directory
and productin IPA. I have users on IPA and Active directory.
On 05/04/2017 10:20 AM, James Harrison wrote:
> Hello All,
> According to ipa_check_consistency we have "LDAP Conflicts"
> (https://github.com/peterpakos/ipa_check_consistency).
>
> How do I find and resolve them?
On 05/04/2017 02:01 PM, Chris Dagdigian wrote:
Florence Blanc-Renaud wrote:
the issue looks similar to ticket 6766 [1]
Flo.
[1] https://pagure.io/freeipa/issue/6766
Thanks Flo, I agree that this looks like the issue I"m hitting in v4.4
much appreciated!
I'm gonna be watching this
Hi All
Is the following statement correct?
"If a kerberos client (e.g. a FreeIPA client) holds a service ticket to a
service principal in its credentials cache, it no longer needs to interact
with the KDC to access the service (assuming the ticket is still valid).
i.e. if a kerberos client is
Hello All,According to ipa_check_consistency we have "LDAP Conflicts"
(https://github.com/peterpakos/ipa_check_consistency).
How do I find and resolve them?
I've seen:Re: [Freeipa-devel] LDAP conflicts resolution API
|
| |
Re: [Freeipa-devel] LDAP conflicts resolution API
| |
|
On Thu, May 04, 2017 at 05:36:26PM -0400, Steve Huston wrote:
> I'm trying to use certmonger to get an SSL certificate on a web host
> which has an alias. I added the alias as a principal alias to the
> host record in FreeIPA, and I added the service as well with the
> actual hostname and the
On Thu, May 4, 2017 at 9:15 PM, Fraser Tweedale wrote:
> The fix for this was released in FreeIPA 4.5. See ticket
> https://pagure.io/freeipa/issue/6295.
>
Excellent! Any chance of that getting backported into the 4.4.x
series available on RHEL7?
--
Steve Huston - W2SRH
On Thu, May 04, 2017 at 10:30:39PM -0400, Steve Huston wrote:
> On Thu, May 4, 2017 at 9:15 PM, Fraser Tweedale wrote:
> > The fix for this was released in FreeIPA 4.5. See ticket
> > https://pagure.io/freeipa/issue/6295.
> >
>
> Excellent! Any chance of that getting
you can start here:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-solving_common_replication_conflicts
you need first find out which conflict entries you have, which entries
need to be preserved, and then can start to
18 matches
Mail list logo