From what I experience, during " killing ntpd, going back a few days, restart
krb5kdc, dirsrv, httpd and the CA then certmonger", service
ipa-dnskeysyncd.service is failing.
Aug 10 10:19:18 ca-ldap04 ipa-dnskeysyncd: ipa : DEBUGKerberos
principal: ipa-dnskeysyncd/ca-ldap04.domain.
Rob, what kind of response means success, one server return 404 ?
> GET /ca/agent/ca/profileReview HTTP/1.1
> User-Agent: curl/7.29.0
> Host: ca-ldap01:8443
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Server: Apache-Coyote/1.1
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Conten
Hi Rob, it won't work on 4.4.0 for now.
# python2 /tmp/checkcerts/ipa-checkcerts.py
Traceback (most recent call last):
File "/tmp/checkcerts/ipa-checkcerts.py", line 21, in
from ipalib.install import certstore
ImportError: No module named install
I guess it's not appropriate to use this th
Take a look at OpenUnison (our project)
https://github.com/TremoloSecurity/openunison-qs-freeipa it integrated with
ipa and let's you setup password reset self service pretty easily.
Marc Boorshtein
CTO, Tremolo Security, Inc.
On Thu, Oct 18, 2018, 9:58 AM William Muriithi via FreeIPA-users <
fre
On ma, 29 loka 2018, Ryan Slominski via FreeIPA-users wrote:
It is not always clear the best way to create an account for a script
or application to use. Generally this special type of account has no
password expiration (or a very long expiration window). For example,
some applications require
It is not always clear the best way to create an account for a script or
application to use. Generally this special type of account has no password
expiration (or a very long expiration window). For example, some applications
require a bind user to connect to LDAP. It seems there are a half a
Thanks Rob
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedora
Ryan Slominski via FreeIPA-users wrote:
> FreeIPA allows disabling DNS Autodiscovery by explicitly listing the host
> names of FreeIPA servers. However, it isn't clear if the order of host names
> matters. For example:
>
> ipa-client-install --server firsthostname.example.com --server
> secon
FreeIPA allows disabling DNS Autodiscovery by explicitly listing the host names
of FreeIPA servers. However, it isn't clear if the order of host names
matters. For example:
ipa-client-install --server firsthostname.example.com --server
secondhostname.example.com
Is the first host name I list
Z D via FreeIPA-users wrote:
> Rob, I'd love to test your tool, as part of working on my problem
> "ipa.service fails to start", but I still run 4.4.0-12.0.1.el7.x86_64, hence
> do you think this is the obstacle?
I haven't tried it. It won't hurt anything to try though.
> Again, as part of "ip
Rob, I'd love to test your tool, as part of working on my problem "ipa.service
fails to start", but I still run 4.4.0-12.0.1.el7.x86_64, hence do you think
this is the obstacle?
Again, as part of "ipa.service fails to start" work, I was hoping to add new
IPA server 4.5.4, but ipa-replica-prepa
Kees Bakker via FreeIPA-users wrote:
> On 29-10-18 11:56, Kees Bakker via FreeIPA-users wrote:
>> On 26-10-18 18:20, Florence Blanc-Renaud wrote:
>>> On 10/26/18 6:09 PM, Kees Bakker via FreeIPA-users wrote:
On 26-10-18 18:00, Timo Aaltonen wrote:
> On 26.10.2018 18.59, Kees Bakker wr
Z D via FreeIPA-users wrote:
> Hi Kees, I've been also looking to Rob's blog as part of working on my
> problem ("ipa.service "fails" to start").
> In my case, when running the curl command (with -v), I do see
>
> * About to connect() to ca-ldap03 port 8443 (#0)
> * Trying x.x.x..x ...
> * Con
Hi Kees, I've been also looking to Rob's blog as part of working on my problem
("ipa.service "fails" to start").
In my case, when running the curl command (with -v), I do see
* About to connect() to ca-ldap03 port 8443 (#0)
* Trying x.x.x..x ...
* Connected to ca-ldap03 port 8443 (#0)
* Initia
We have a separate web app to change passwords. But the normal approach if they
haven’t forgotten their password is the kpasswd command. Of course we’re in a
Linux environment where our users know the command line.
> On Oct 18, 2018, at 9:58 AM, William Muriithi via FreeIPA-users
> wrote:
>
>
On 29-10-18 11:56, Kees Bakker via FreeIPA-users wrote:
> On 26-10-18 18:20, Florence Blanc-Renaud wrote:
>> On 10/26/18 6:09 PM, Kees Bakker via FreeIPA-users wrote:
>>>
>>> On 26-10-18 18:00, Timo Aaltonen wrote:
On 26.10.2018 18.59, Kees Bakker wrote:
> On 26-10-18 14:55, Timo Aaltonen
On 26-10-18 18:20, Florence Blanc-Renaud wrote:
> On 10/26/18 6:09 PM, Kees Bakker via FreeIPA-users wrote:
>>
>>
>> On 26-10-18 18:00, Timo Aaltonen wrote:
>>> On 26.10.2018 18.59, Kees Bakker wrote:
On 26-10-18 14:55, Timo Aaltonen wrote:
> On 26.10.2018 09:59, Kees Bakker via FreeIPA-us
On ma, 29 loka 2018, Lucas Cueff via FreeIPA-users wrote:
Thanks for your prompt feedback and advice.
You are right, sounds a must have for the v1.
Is there some data model published to have link between client version
and api stuff ? I don't know if the API browser for instance can be
requeste
Thanks for your prompt feedback and advice.
You are right, sounds a must have for the v1.
Is there some data model published to have link between client version and api
stuff ? I don't know if the API browser for instance can be requested and sends
back some JSON stuff to build all API info on
On su, 28 loka 2018, Joshua D Doll via FreeIPA-users wrote:
I'm in the same boat. The current documentation leaves a lot to be
desired. Most resources you find are terribly outdated.
There are two sources that stay more or less up to date:
- FreeIPA source code
- My plugins at https://github.co
I offer two packages for configuring ntp service. One for IPA server and
next for IPA client. Each package contains all supported ipa ntp modules
for the server and client, respectively. These packages do not dependen
on specific ntp services, so their installation will be successful. The
only
On ma, 29 loka 2018, Lucas Cueff via FreeIPA-users wrote:
Hello FreeIPA world,
First thanks for this great product, I was looking for an Active
Directory 'clone' for the opensource world and I have successfully
tested and deployed a FreeIPA infra, thanks to your great job guys !
Because I am al
22 matches
Mail list logo
