On Thu, May 03, 2018 at 02:25:34PM +, Ross Infinger wrote:
> I assume the issue here is with the command...
> https://pci-mgmt-ipa01.pci.xx.com:443/ca/admin/ca/getDomainXML
>
> Which returns...
> domain info: standalone="no"?>IPA00
>
> I notice that all the SubsystemCount values are
On 24 April 2018 at 15:43, Lachlan Musicman wrote:
> On 23 April 2018 at 17:00, Alexander Bokovoy wrote:
>
>> On ma, 23 huhti 2018, Lachlan Musicman via FreeIPA-users wrote:
> Am I making hard work of something that is relatively straight forward
> and
> solved elsewhere but I'v
On Wed, May 09, 2018 at 03:12:37AM -, Henery Hawk via FreeIPA-users wrote:
> I've followed what I thought were the instructions to install
> Let's Encrypt certs on my recent FreeIPA installation but when I
> restart the services I pki-tomcatd fails to restart.
>
> During the installs I've trie
I've followed what I thought were the instructions to install Let's Encrypt
certs on my recent FreeIPA installation but when I restart the services I
pki-tomcatd fails to restart.
During the installs I've tried various combinations of installing the CA certs
but they all seem to result in the s
On Tue, May 08, 2018 at 05:35:19PM +0100, Roderick Johnstone via FreeIPA-users
wrote:
> Hi
>
> In our current ipa implementation some of the ipa internal certificates are
> not able to be renewed correctly.
>
> After a lot of support both from Redhat and also through this list, neither
> of whic
After a failed ipa-replica-install, I try to uninstall with ipa-server-install
--uninstall. However the uninstall is failing with the following:
[root@ipa-nyc-pci01 ~]# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and configuration!
It is highly re
Hi,
Duncan Colhoun via FreeIPA-users
writes:
> Can I get some feedback on the overall experience setting up and
> running Free-IPA. I am looking at implementing Free-IPA to
> enhance/replace an OpenLDAP environment.
I'm running a small FreeIPA (2 servers) installation in a family
network. Inst
On 05.05.2018 11:18, Alexander Bokovoy wrote:
> On Sat, 05 May 2018, Timo Aaltonen wrote:
>> On 05.05.2018 10:53, Alexander Bokovoy wrote:
>>> On la, 05 touko 2018, Timo Aaltonen via FreeIPA-users wrote:
Hi,
Named is crashing here on start, but not if I disable the dyndb part of
Hi
In our current ipa implementation some of the ipa internal certificates
are not able to be renewed correctly.
After a lot of support both from Redhat and also through this list,
neither of which was able to fix the issue, I was advised by Redhat to
implement a new instance of ipa and migr
On ti, 08 touko 2018, Nathan Brown wrote:
Alexander,
Thanks for the quick reply. We are wanting to “migrate” (manually) to
IPA 4 (from IPA 3) and wish to use the new ipaNTHash attributes instead
of the legacy Samba LDAP schema. The problem we are facing is that we
need to use ipasam.so with Samb
Alexander,
Thanks for the quick reply. We are wanting to “migrate” (manually) to IPA 4
(from IPA 3) and wish to use the new ipaNTHash attributes instead of the legacy
Samba LDAP schema. The problem we are facing is that we need to use ipasam.so
with Samba 4 if we want use the new attributes.
A
It sounds that there is an issue with connecting to the LDAP service (you
can authenticate w/ kinit but can't browse the directory). It could be
server's firewall but I suspect you are not having an issue with Linux
workstations. Mac OS's directory services setup is likely the issue,
if in *Direct
On ti, 08 touko 2018, Nathan Brown via FreeIPA-users wrote:
When trying to establish an AD trust between IPA 4.5.4 and Samba 4.8.1
(MIT Kerberos), it fails with the following error:
[root@atlas5ipa samba]# ipa -vv trust-add ATLAS5.HPC
--range-type=ipa-ad-trust --two-way=true --admin=Administrato
When trying to establish an AD trust between IPA 4.5.4 and Samba 4.8.1
(MIT Kerberos), it fails with the following error:
[root@atlas5ipa samba]# ipa -vv trust-add ATLAS5.HPC
--range-type=ipa-ad-trust --two-way=true --admin=Administrator
--server dc.atlas5.hpc
Active Directory domain administrator
I did create local user accounts and converted to mobile, but there never
seemed to be any link to FreeIPA on those accounts. When I went to browse the
accounts in Mac OS X it could not connect to the directory server. I did get
Active Directory working and was able to get Mac OS X working with
Jonathan Vaughn via FreeIPA-users wrote:
Still trying to figure this out. It looks like slapd is dying, I thought
it was still running for some reason.
slapd is dying to segfault. strace of it happening doesn't seem to
reveal much:
A stack trace would very much help trying to track down the
I'll try again in the future when time permits. I understand things break;
bad timing in many respects.
I'm not sour on FreeIPA so much as frustrated with the fact that so many
issues aligned badly at once in my environment.
On Fri, May 4, 2018 at 10:23 AM, Rob Crittenden wrote:
> Ok, sorry you
Hi Angus
Thanks for the feedback
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Main gripe (which doesn't have any plans for resolution) - no facility for
read-only replicas in untrusted sites.
On 8 May 2018 at 12:04, Angus Clarke wrote:
> Hi Duncan
>
> A few things I've learned:
>
> Understand how replication agreements work as part of your planning.
>
> Choose a suitable
Hi Duncan
A few things I've learned:
Understand how replication agreements work as part of your planning.
Choose a suitable location for the live CA server.
Deploy a replica by promoting an sssd client. Unless you have a reason not
to, always use --setup-ca to the ipa-replica-install command to
Hi All
I hope this is the appropriate forum for this question.
Can I get some feedback on the overall experience setting up and running
Free-IPA. I am looking at implementing Free-IPA to enhance/replace an OpenLDAP
environment.
So please share any horror/success stories.
Rgds
Duncan
21 matches
Mail list logo
