I have - what I believe to be - a couple of basic questions (I apologize in
advance if these are answered elsewhere, though I've tried to do some
searching ahead of time.):
I recently added an IPA replica to an existing IPA server and noticed that
everything appeared to succeed in the setup. One
I clearly missed that. Thanks for the clarification. As far as adding
additional DNS servers merely to slave the zones, is that more or less the
same as configuring any other bind slave?
On Mon, Apr 6, 2015 at 3:15 PM, Rob Crittenden wrote:
> Christopher Young wrote:
> > I have
I, too, am very much in need of user certificates. If it is possible to
setup an additional FreeIPA server to test this out, then I could help out
in testing the feature. I obviously don't want to impact my production
environment too much, but it is rather stagnant, so if I can backup the
LDAP db
I'm trying to develop a process in Ansible to enroll new hosts (as well as
check beforehand to see if the host is already enrolled). I was wondering
a couple of things:
#1. Has anyone else worked out a process for doing this using a non 'admin'
account?
#2. Is there a simple mechanism (preferabl
I'm hoping to provide enough information to get some help to a very
important issue that I'm currently having.
I have two IPA servers at a single location that recently had a
replication issue that I eventually resolved by reinitializing one of
the masters/replicas with one that seemed to be the m
I have a similar issue (see my recent list post), and I was wondering
if this was ever fixed? CA appears to work one system
(master/replica) but not the other.
On Mon, Jun 13, 2016 at 4:41 AM, Petr Vobornik wrote:
> On 06/12/2016 07:05 PM, dan.finkelst...@high5games.com wrote:
>> The restore I w
ill the
same (verify replication and get things working properly on the
'ipa01' system.
Any help is very much appreciated!
-- Chris
On Fri, Dec 16, 2016 at 3:35 PM, Christopher Young
wrote:
> I'm hoping to provide enough information to get some help to a very
> importa
Some of this might be rudimentary, so I apologize if this is answered
somewhere, though I've tried to search and have not had much luck...
Basically, I would like to be able to issue user certificates (Subject:
email=sblblabla@blabla.local) in order to use client SSL security on some
things. I'm
Some of this might be rudimentary, so I apologize if this is answered
somewhere, though I've tried to search and have not had much luck...
Basically, I would like to be able to issue user certificates (Subject:
email=sblblabla@blabla.local) in order to use client SSL security on some
things. I'm
wrote:
> Christopher Young wrote:
> > Some of this might be rudimentary, so I apologize if this is answered
> > somewhere, though I've tried to search and have not had much luck...
> >
> > Basically, I would like to be able to issue user certificates (Subject:
> > email=sbl
wrote:
> On 02/06/2015 12:53 AM, Christopher Young wrote:
> > Obvious next question: Any plans to implement that functionality or
> advice
> > on how one might get some level of functionality for this? Would it be
> > possible to create another command-line based openssl CA
9, 2015 at 12:18 PM, Christopher Young
wrote:
> Would anyone happen to have any guides on how one could get through this
> process? I'm a one-man IT shop at the moment, so I'm building up a
> tremendous amount of infrastructure at once. I'm thinking that the option
&g
Do we know what the status of getting these packages prepped and into the
mainstream repos (like EPEL, I suppose)?
I'm just curious as I try and keep my repos minimal on servers (for obvious
reasons), but I would really like to begin testing/using the functionality
in 4.2.
Thanks as always!
Chr
that we should wait until
the RHEL 7.2 release (and the following CentOS 7.2 release) before
this will generally available? I want to make sure I pay attention to
that as it gets released.
Thanks,
Chris
On Thu, Nov 12, 2015 at 3:45 AM, Alexander Bokovoy wrote:
> On Wed, 11 Nov 2015, Chris
I've been doing some reading and perhaps I'm confusing myself, but I
couldn't find any definitive guide on how to go about doing what I
think it a pretty simple thing.
My ipa-client installs appear to generate a new TLS/SSL/PKI cert for
each host when they are registered. I'd like to utilize that
to
> alternate trust stores (PKCS for IIS and JKS for Java).
>
> https://confluence.id.ubc.ca:8443/display/ITSecurity/how+to+obtain%2C+deploy+and+verify+an+X.509+certificate
>
> Let me know if you have suggestions for improvement.
>
> --
> Luca Filipozzi, UBC IT Enterprise Arc
oing to
do some searching for that.
On Wed, Feb 3, 2016 at 3:12 AM, Martin Kosek wrote:
> On 02/03/2016 12:42 AM, Christopher Young wrote:
>> I've been doing some reading and perhaps I'm confusing myself, but I
>> couldn't find any definitive guide on how to go about d
This is great work. Could you perhaps write up a Howto of some sort? I
could definitely use this!
On Mar 12, 2016 11:27 AM, "Brad Bendy" wrote:
> After doing some more trial and error I got it it to work.
>
> Take the 20 byte secret key, remove the spaces and convert to base 32.
> Also disable
I've seen similar posts, but in the interest of asking fresh and
trying to understand what is going on, I thought I would ask for
advice on how best to handle this situation.
In the interest of providing some history:
I have three (3) FreeIPA servers. Everything is running 4.4.0 now.
The original
ith
this for a while now.
-- Chris
On Tue, Mar 7, 2017 at 8:45 AM, Mark Reynolds wrote:
> What version of 389-ds-base are you using?
>
> rpm -qa | grep 389-ds-base
>
>
> comments below..
>
> On 03/06/2017 02:37 PM, Christopher Young wrote:
>
> I've seen simila
PM, Mark Reynolds wrote:
>
>
> On 03/07/2017 11:29 AM, Christopher Young wrote:
>> Thank you very much for the response!
>>
>> To start:
>>
>> [root@orldc-prod-ipa01 ~]# rpm -qa 389-ds-base
>> 389-ds-base-1.3.5.10-18.el7_3.x86_64
>>
>
same errors.
Any additional thoughts beyond just destroying 'orldc-prod-ipa02' and
bohdc-prod-ipa01 and re-installing them as new replicas?
As always, many thanks.
On Tue, Mar 7, 2017 at 7:40 PM, Mark Reynolds wrote:
>
>
> On 03/07/2017 06:08 PM, Christopher Young wrote:
22 matches
Mail list logo