how to login without
prompting for passwords, but I think it is still necessary to provide
the username with AD realm when logging in.
If you're always logging in as the same user to certain machines, you
could configure a default user in the ssh_config.
Perhaps someone else will have a better
fo['trust_flags']
KeyError: 'trust_flags'
--
Korey
Hi Korey,
could you check if there is any more info in /var/log/pki/pki-ca-spawn log?
It might also be helpful verify if correct trust flags are set in nssdb:
certutil -d /etc/pki/pki-tomcat/alias/ -L
Finally, can you ch
noarch
pki-server-10.2.5-10.el7_2.noarch
pki-tools-10.2.5-10.el7_2.x86_64
python-nss-0.16.0-3.el7.x86_64
sssd-krb5-1.13.0-40.el7_2.12.x86_64
sssd-krb5-common-1.13.0-40.el7_2.12.x86_64
Hi,
can you check if your certificate can be used for an SSL server? You can
use the following command
ope
ed to increase this size limit, you will have to modify
the nsslapd-sizelimit in cn=config.
--
Tomas Krizek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
equired
Nov 28 11:15:35 krb5kdc[19573](info): closing down fd 11
Hi,
you're hitting an issue with Let's Encrypt setup.
https://github.com/freeipa/freeipa-letsencrypt/issues/1
unfortunately, I'm not aware of any workaround or solution as of now.
--
Tomas Krizek
--
Manage
On 11/29/2016 10:50 AM, Tomas Krizek wrote:
On 11/28/2016 05:38 PM, Robert Kudyba wrote:
There seems to be a problem either with Kerberos and/or using a self
signed certificate vs. Let’s Encrypt. I tried to run the set up
script from https://github.com/freeipa/freeipa-letsencrypt and below
list:
http://www.redhat.com/mailman/listinfo/freeipa-users
--
Tomas Krizek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
ce you want to only add a
secondary zone in the main section, you should be fine.
--
Tomas Krizek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
I don't understand whether you went through the steps and identified any
issue.
Does your setup use simple authentication or Kerberos?
When you try to manually set named.conf to use the other option, does it
work?
Are you able to authenticate to LDAP using these methods in commands
like ldapsearch?
>
> Jeff
>
>
>
--
Tomas Krizek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
ly working on a fix.
You can fix the problem yourself by modifying
/var/lib/pki/pki-tomcat/conf/server.xml on the master server. In the
AJP/1.3 Connector settings, change address from '::1' to 'localhost'.
After you restart the pki-tomcat service, you should be able to install
Could you be affected by the
limitations mentioned in [1]?
[1] -
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/OpenDNSSEC2BINDKeyStates#Limitationsmissingfeatures
--
Tomas Krizek
signature.asc
Description: OpenPGP digital signature
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
tly in BIND. If the AXFR doesn't contain the DS
records then, it's related to BIND. Perhaps the BIND users
(bind-us...@lists.isc.org) list might be able to assist you.
--
Tomas Krizek
signature.asc
Description: OpenPGP digital signature
--
Manage your subscription for the Freeipa-use
o?
>
> Thanks!
>
On a CentOS 7 IPA server, port 7389 should not be required. You can
bypass the check with --skip-conncheck when running ipa-replica-install.
--
Tomas Krizek
signature.asc
Description: OpenPGP digital signature
--
Manage your subscription for the Freeipa-users mailing l
> Interfaces port 389 for LDAP requests
> [28/Feb/2017:13:37:50 -0600] - Listening on All Interfaces port 636
> for LDAPS requests
> [28/Feb/2017:13:37:50 -0600] - Listening on
> /var/run/slapd-TEST-EXAMPLE-COM.socket for LDAPI requests
>
> I'm not sure why it is missing thoug
On 03/04/2017 12:51 AM, Chris Herdt wrote:
> On Fri, Mar 3, 2017 at 4:22 AM, Tomas Krizek wrote:
>>
>> On 03/02/2017 06:25 PM, Chris Herdt wrote:
>>
>> On Thu, Mar 2, 2017 at 10:06 AM, Martin Basti wrote:
>>>
>>>
>>>
>>> On 02.03.201
does
not assign the addresses. That's something DHCP would do. If you do not
use DHCP and assign the IP addresses statically, the network
administrator would be the person responsible for assigning you a free
IP address.
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
the
upcoming weeks.
== Feedback ==
Please provide comments, report bugs, and send any other feedback via the
freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
<http://www.redhat.com/mailman/listinfo/freeipa-users>
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933
install.cli.install_tool(Server): ERRORThe
> ipa-server-install command failed. See /var/log/ipaserver-install.log for
> more information
The installation most likely fails because mail= is expected to
be a part of the signed certificate's subject field.
--
Tomas Krizek
eem to fail. i am not sure where to look
> for issues.
You might be able to track down why does the zone update fail if you run
named in the foreground with a higher debug level to see more log messages:
$ sudo -u named named -g -d 50
Then you can check what does bind-dyndb-ldap log before you
rds, configure
dyndns_refresh_interval option in /etc/sssd/sssd.conf.
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
signature.asc
Description: OpenPGP digital signature
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mai
Vault documentation on the FreeIPA wiki [1]. I think you'd
probably be most interested in the Vault Management chapters in the
Implementation documents.
[1] - https://www.freeipa.org/page/V4/Password_Vault
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
signature.a
21 matches
Mail list logo