In the final step of upgrading my freeIPA servers to fedora26/freeIPA 4.4.4, I
removed the current demoted the current renewal master, and promoted a CA (sif)
as new renewal master, following instructions from <
https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Reconfigure_
Hi Alexander and Robbie,
Thanks for the responses. I'm not quite ready to start hacking IPA just yet as
I'm still trying to get it setup and running. I'll try to re-create the
weirdness with password expiration not sticking with kadmin.local and I'll post
back if I'm able to reproduce that.
On ti, 17 heinä 2018, Kees Bakker wrote:
On 17-07-18 13:15, Alexander Bokovoy wrote:
[...]
Could you please file a ticket with all these details?
You mean at https://pagure.io/freeipa/issues ?
Yes. Thanks in advance.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity
On ti, 17 heinä 2018, Ludwig Krispenz via FreeIPA-users wrote:
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG 33554432
2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize',
['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])]
Somehow it considered addin
On 17-07-18 13:15, Alexander Bokovoy wrote:
> [...]
> Could you please file a ticket with all these details?
You mean at https://pagure.io/freeipa/issues ?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an emai
Hi Alexander,
>>I don’t see any ‘memberUid’ attributes, but would expect to see about 8
>>members.
>Do you get those users from sssd?
>E.g. 'getent group lcm-managedlinux@localdomain'?
No, this returns an empty list:
# getent group lcm-managedlinux@localdomain
lcm-managedlinux@localdomain:*:13
On ti, 17 heinä 2018, paul mitchell via FreeIPA-users wrote:
We currently have a single AD (2016) domain, company.co.uk. The DNS
zone file is managed by Active Directory, so all machines (Windows and
Linux) are listed in the zone file. Windows users authenticate against
AD and Linux users authe
On 07/17/2018 01:15 PM, Alexander Bokovoy via FreeIPA-users wrote:
On ti, 17 heinä 2018, Kees Bakker wrote:
On 17-07-18 11:48, Alexander Bokovoy wrote:
On ti, 17 heinä 2018, Kees Bakker wrote:
To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an up
On ti, 17 heinä 2018, Kees Bakker wrote:
On 17-07-18 11:48, Alexander Bokovoy wrote:
On ti, 17 heinä 2018, Kees Bakker wrote:
To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an update file is provided. In addition,
you have some substitution variab
We currently have a single AD (2016) domain, company.co.uk. The DNS zone file
is managed by Active Directory, so all machines (Windows and Linux) are listed
in the zone file. Windows users authenticate against AD and Linux users
authenticate against a separate NIS server. We are considering r
On 17-07-18 11:48, Alexander Bokovoy wrote:
> On ti, 17 heinä 2018, Kees Bakker wrote:
>>> To modify you'd rather use ipa-ldap-updater tool which manages
>>> automatically this for you when an update file is provided. In addition,
>>> you have some substitution variables available too. These aren't
On ti, 17 heinä 2018, Peter Tselios via FreeIPA-users wrote:
Satellite/Katello has a script that automates the whole process of
creating a user that will manage the hosts. I haven't try that yet but
I will return when I have more data.
Then you are using a wrong term and getting a response based
Great, many thanks Rob. I will add it.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
Li
Satellite/Katello has a script that automates the whole process of creating a
user that will manage the hosts. I haven't try that yet but I will return when
I have more data.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To uns
Why? It's pretty much clear. You have multiple locations, multiple IPA servers
and clients register to the appropriate IPA based on the DNS resolvers.
Even in the link you attached, the client is assigned to a location
(Prague/Paris).
When you do in a cloud environment, obviously you want to au
On ti, 17 heinä 2018, Kees Bakker wrote:
To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an update file is provided. In addition,
you have some substitution variables available too. These aren't needed
for this specific case but it would be useful in
On 17-07-18 10:56, Alexander Bokovoy wrote:
> On ti, 17 heinä 2018, Kees Bakker via FreeIPA-users wrote:
>> Hi,
>>
>> This is about the infamous log message
>>
>> WARNING: changelog: entry cache size 2097152B is less than db size
>> 19701760B; We recommend to increase the entry cache size
>>
Hello,
Could you please recommend procedure to replace self signed IPA
certificate with external signed CA?
I found this
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/index#manual-cert-renewal-ext
On ti, 17 heinä 2018, Kees Bakker via FreeIPA-users wrote:
Hi,
This is about the infamous log message
WARNING: changelog: entry cache size 2097152B is less than db size
19701760B; We recommend to increase the entry cache size nsslapd-cachememsize.
I've searched the Internet, including thi
Hi,
This is about the infamous log message
WARNING: changelog: entry cache size 2097152B is less than db size
19701760B; We recommend to increase the entry cache size nsslapd-cachememsize.
I've searched the Internet, including this mailing list, but I haven't found
a sensible FreeIPA soluti
On ti, 17 heinä 2018, Robert Sturrock via FreeIPA-users wrote:
Hello.
We are using FreeIPA primarily to connect our Linux fleet efficiently
to our organisational AD and it’s working well in that capacity.
However, we are investigating a number of different enterprise NAS
solutions to provide (k
Hello.
We are using FreeIPA primarily to connect our Linux fleet efficiently to our
organisational AD and it’s working well in that capacity.
However, we are investigating a number of different enterprise NAS solutions to
provide (kerberized) NFSv4 file services to this fleet. We were hoping t
22 matches
Mail list logo
