I believe is an administrative policy that traffic not related to application
should be routed by management's interface.
Daniel
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@l
Daniel PC via FreeIPA-users
writes:
> I would like to know what do you think about using the management
> network (eth1) to enable the flow from clients to IPA servers? My
> company is concerned about using the production network interface
> (eth0) and is considering doing everything on the secon
Dmitri Moudraninets via FreeIPA-users wrote:
> Hi Rob,
>
>
> I was able to start my CA via instructions from here:
> https://www.redhat.com/archives/freeipa-users/2017-January/msg00215.html
>
> I also tried to set the clock back and restart certmonger. Still no luck:
That seems to be a pretty g
Not very helpful I realise but in my experience, moving away from
multi-interfaced servers to single interface was the best thing we ever did. It
took massive change in the tech department to do that but was well worth it
with respect to reduced complexity.
Regards
Angus
__
I would like to know what do you think about using the management network
(eth1) to enable the flow from clients to IPA servers? My company is concerned
about using the production network interface (eth0) and is considering doing
everything on the second interface.
Is it worth it?
Pros and cons
The solution/hack I came up with to get around this was to just let
tmpfiles.d create the dir with a local user and open enough permissions
that the ipa based user that the service runs as has enough permissions to
write it's pid file into the directory. Not elegant, but works for now.
/usr/lib/tmp
Not sure why that line wrapped on the pam.d/sudo file:
#%PAM-1.0
auth sufficient pam_ssh_agent_auth.so
authorized_keys_command=/usr/bin/sss_ssh_authorizedkeys
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
Hi all,
After all, no issues at all with FreeIPA. The reboot of the Cable modem
caused changing the IPv6 Prefix Delegation, more or less destroying my
IPv6 setup.
After fixing IPv6 (enabled on IPA also :) ) all is going blazing fast again.
Winfried
Op 11-02-2020 om 16:01 schreef Winfried de
Hi all,
I'd like to monitor couple of FreeIPA servers with prometheus.
What to use to monitor FreeIPA via prometheus? Any tips?
I only found 389ds_exporter but's there's an error when it tries to get
replica agreements. Otherwise it seems to return valid metrics.
~~~
...
DEBU[0020] getting repl
