[Freeipa-users] Re: Announcing freeIPA 4.7.0

On Monday, July 23, 2018 12:43:53 PM CDT Rob Crittenden via FreeIPA-users wrote: > The FreeIPA team would like to announce FreeIPA 4.7.0 release! > > It can be downloaded from http://www.freeipa.org/page/Downloads. > > == Highlights in 4.7.0 == > > === Enhancements === > > mod_ssl = >

[Freeipa-users] Re: Problems after IPA upgrade: ipa-server-upgrade doesn't complete, pki-tomcatd won't start

On 08/15/2018 01:20 PM, Jokinen Eemeli via FreeIPA-users wrote: Hi! Anybody can help me with this one? Summary: 2 node freeipa server cluster, node 2 was initially down for other reasons and node 1 (renewal master) had forgot to update own certificates which resulted faulty cluster. With he

[Freeipa-users] FreeIPA and Domain Trust to AWS Directory Services

I was wondering if anyone had any experience using FreeIPA and establishing a Trust Relationship with AWS’s Directory Services (Microsoft AD)? I am beginning to wonder if there might be differences between AWS’s Directory Service and a “Real” Microsoft AD Forrest? --

[Freeipa-users] Re: [bind9-dyndb-ldap] How to configure update-policy?

On to, 16 elo 2018, Dominik George via FreeIPA-users wrote: { Please keep me in Cc, thanks. ] Hi, I am using bind9-dyndb-ldap (without FreeIPA). I want to enable GSS-TSIG updates for a zone. This means I would normally have to add an update-policy block for this zone - but how do I do this fo

[Freeipa-users] [bind9-dyndb-ldap] How to configure update-policy?

{ Please keep me in Cc, thanks. ] Hi, I am using bind9-dyndb-ldap (without FreeIPA). I want to enable GSS-TSIG updates for a zone. This means I would normally have to add an update-policy block for this zone - but how do I do this for a zone coming from dyndb-ldap? Cheers, Nik

[Freeipa-users] Re: Issues connecting to SQL Server in domain trust with CNAME

> > > > If you have more than one AD DC, make sure they actually synchronized. > If there is only one, it might well be that a credentials manager has a > cached version of the key for the MS SQL account. > > > We have a winner! To close the loop with anyone who runs into this issue in the intern

[Freeipa-users] Re: Changing domain name

Thanks Rob. I ll give a try. CHeers On Thu, Aug 16, 2018 at 2:31 PM Rob Crittenden wrote: > Alfredo De Luca via FreeIPA-users wrote: > > Hi Florence. > > But the example says ldap://*migrated*.freeipa.server.test > > > > so I ran the command from the actual server where I want migrate the > > u

[Freeipa-users] Re: IPA-Server-Upgrade crashes - Certificate has expired

okay i just manual set the ca for resubmitting with # ipa-getcert resubmit -i REQUEST_ID and it took aboud 30 seconds and i got the new ca's i now updatet the ipaserver with ipa-server-upgrade and everything worked, restarted ntpd, rebooted the whole machine and still everything seems to work,

[Freeipa-users] Re: Changing domain name

Alfredo De Luca via FreeIPA-users wrote: > Hi Florence.  > But the example says  ldap://*migrated*.freeipa.server.test > > so I ran the command from the actual server where I want migrate the > users from and pointing to the migrated (so the new which I will migrate > to) server... > So is it wron

[Freeipa-users] Re: Changing domain name

Hi Florence. But the example says ldap://*migrated*.freeipa.server.test so I ran the command from the actual server where I want migrate the users from and pointing to the migrated (so the new which I will migrate to) server... So is it wrong? So should I run the command instead fron the new ipa

[Freeipa-users] Re: Changing domain name

On 08/16/2018 12:37 PM, Alfredo De Luca via FreeIPA-users wrote: The IP is the new server where I'd like to migrate all the user/groups to and it  should be ok. The migrate-ds is the default I copy from the freeipa.org migration section.. Hi, the ldap URI should point to

[Freeipa-users] Re: Changing domain name

The IP is the new server where I'd like to migrate all the user/groups to and it should be ok. The migrate-ds is the default I copy from the freeipa.org migration section.. On Tue, Aug 14, 2018 at 7:00 PM Rob Crittenden wrote: > Alfredo De Luca via FreeIPA-users wrote: > > Hi Rob. > > Yes. I