[Freeipa-users] deploying freeipa

I know I have sent in multiple emails, but we are trying to deploy FreeIPA correctly.  However I am getting asked to find out some other details.   Can FreeIPA survive w/o DNS?  We would like to implement FreeIPA and still be able to use the SSH, sudo, selinux, LDAP & krb5.   We are moving to AWS

[Freeipa-users] dsInOps

I have two 4.X IPA servers running on CentOS 7. Identical VM's essentially, with the same settings in: /etc/sysconfig/dirsrv.systemd /etc/sysconfig/dirsrv /etc/security/limits.conf /etc/sysctl.conf Replication and everything else seems to be working as expected, no problems. This question is

[Freeipa-users] Re: wildcard ssl on free-ipa 3.1

On Tue, Feb 13, 2018 at 08:53:10AM +0800, Umarzuki Mochlis via FreeIPA-users wrote: > Hi, > > Is it possible to apply wildcard SSL on v3.1 to be able to migrate to > recent free-ipa? > Reason being that, I need to backdate date to year before self-signed expired. > I have not been able to renew c

[Freeipa-users] wildcard ssl on free-ipa 3.1

Hi, Is it possible to apply wildcard SSL on v3.1 to be able to migrate to recent free-ipa? Reason being that, I need to backdate date to year before self-signed expired. I have not been able to renew certificate so far. Thanks. ___ FreeIPA-users mailing

[Freeipa-users] DNS forward zones

Is it possible to have DNS forward zones only exist on servers in a specific location?___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] resolvers

If I don't have global resolver FreeIPA will fallback to using what is in /etc/resolv.conf, correct?___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Missing MasterCRL.bin after upgrade from 3.0 to 4 on CentOS 7.4

Thanks Rob: I did go through the upgrade process again, starting from rolling back my vm snapshot. And, we're good now. I also changed: ca.crl.MasterCRL.publishOnStart=false to true, which may have helped with the impatient types like me :) Thanks !

[Freeipa-users] Re: Missing MasterCRL.bin after upgrade from 3.0 to 4 on CentOS 7.4

Jim Richard via FreeIPA-users wrote: > Thanks Rob, > > Correct, did a clean install on CentOS 7, and then on my CentOS 6 unit > applied the schema update and then replica prepare, scp'd the file over and > then replica install on the new CentOS 7 server. > Plus all the other steps in between of

[Freeipa-users] Re: Freeipa Replica with second nfs server

Jens Laufer via FreeIPA-users wrote: > Hey, > > as we just bought an new server, i moved everything to him, and it seems > to work pretty fine. But now i want to use the spare server as an backup > and their the problems started: > > 1. How i set up a duplicated nfs server for autofs'ing the home

[Freeipa-users] Re: New replica (4.5) issues

john.bowman--- via FreeIPA-users wrote: > > Bump hoping someone can confirm whether or not this is a good next step to > try to resolve the issue. Mainly concerned that the solution only mentions: > > Red Hat Identity Management (IPA) 4.3, 4.4 > Red Hat Enterprise Linux (RHEL) 7.2 and 7.3 > >

[Freeipa-users] Re: FreeIPA UI not working - Only shows certificate management

Tezarin via FreeIPA-users wrote: > Thank you for your prompt reply. I modified my SSH config and replaced > the last line with: > >  LocalForward 443 127.0.0.1:443 > > But it still doesn't work and when I try to login to the VM, I get this > error: Privileged ports can only be forwarded by root

[Freeipa-users] Re: IPA-Server Deletion issues

Jamal Mahmoud wrote: > Sure thing,  > Output on* lithium*: > > [root@lithium ~]# ipa-replica-manage del oxygen.eggvfx.ie > --force --cleanup > oxygen.eggvfx.ie : server not found What is baffling me the most is that the string 'server not found'

[Freeipa-users] Re: timed out waiting on keys?

Kat via FreeIPA-users wrote: > Rob - > > Yes, I do wonder about that, but I am adding missing pieces manually - > > ipa-dns-install (no errors) > > ipa-ca-install (no errors) > > so, I have rebooted a few times, rechecked logs and don't seem to have > further errors. I know this is risky, but I

[Freeipa-users] Re: Confused by the default group permissions

Great! Thanks for your help. I appreciate it. Oliver Northam Lead Technical [image: Si digital] Website: sidigital.co | *DDI*: 02393 190 262 | *Office: *02393 190 260 Twitter: @sidgtl | Facebook: /sidgtl Si digit

[Freeipa-users] Freeipa Replica with second nfs server

Hey, as we just bought an new server, i moved everything to him, and it seems to work pretty fine. But now i want to use the spare server as an backup and their the problems started: 1. How i set up a duplicated nfs server for autofs'ing the home directory? 1. a. How is the best practices to keep

[Freeipa-users] Sportfire and FreeIPA

Hi Wondering if anyone has tried to integrate Spotfire serer using FreeIPA and Kerberos. Thanks K ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: New replica (4.5) issues

Bump hoping someone can confirm whether or not this is a good next step to try to resolve the issue. Mainly concerned that the solution only mentions: Red Hat Identity Management (IPA) 4.3, 4.4 Red Hat Enterprise Linux (RHEL) 7.2 and 7.3 And we have RHEL 6 and IPA 3.x as well in the environmen

[Freeipa-users] Re: kinit -n asking for password on clients

On 2/11/2018 11:39 PM, Alexander Bokovoy via FreeIPA-users wrote: On su, 11 helmi 2018, John Ratliff via FreeIPA-users wrote: When trying to do pkinit, if I do kinit -n on one of the IdM servers, it works fine. If I try on a client machine, it asks me for the password for WELLKNOWN/ANONYMOUS@RE