[Freeipa-users] Re: Howto: Migrate DNS/DNSSec off freeipa

Harry G Coin via FreeIPA-users wrote: > If you've decided freeipa's DNS and/or DNSsec isn't part of your future, > here's a way to migrate to another solution without disrupting the rest > of freeipa's capabilities.   I couldn't find any documentation about how > to do this in an automated way, thi

[Freeipa-users] Howto: Migrate DNS/DNSSec off freeipa

If you've decided freeipa's DNS and/or DNSsec isn't part of your future, here's a way to migrate to another solution without disrupting the rest of freeipa's capabilities.   I couldn't find any documentation about how to do this in an automated way, this worked for me.  (Watch someone answer th

[Freeipa-users] Re: unable to convert attribute 'cacertificate:binary'

I used the cert you provided us out-of-band and was able to load it in Fedora rawhide with cryptography-42.0.5, same (I think) as tumbleweed unless tumbleweed includes some additional change. Let's try excluding LDAP from the picture. Can you copy /etc/ipa/ca.crt from a working install to /tmp/ca

[Freeipa-users] Re: Reenrolling IPA client in split-brain environment

William Faulk via FreeIPA-users wrote: > Sorry; I should have been more explicit in my initial post. I'm basically > only concerned with authentication on the client server and minimizing any > outage related to that. The system is running services, but they are > independent of IPA other than

[Freeipa-users] Re: unable to convert attribute 'cacertificate:binary'

On 4/30/24 15:34, Rob Crittenden wrote: Antoine Gatineau via FreeIPA-users wrote: Hello, When enrolling a opensuse tumbleweed client, ipa-client-install fails to get the cacertificate from ldap with error: 2024-04-30T11:23:16Z DEBUG Initializing principal adminprincipal using password 2024-04

[Freeipa-users] Re: Reenrolling IPA client in split-brain environment

Sorry; I should have been more explicit in my initial post. I'm basically only concerned with authentication on the client server and minimizing any outage related to that. The system is running services, but they are independent of IPA other than that they're running as users that are defined

[Freeipa-users] Re: unable to convert attribute 'cacertificate:binary'

On 4/30/24 15:50, Alexander Bokovoy wrote: On Аўт, 30 кра 2024, Antoine Gatineau via FreeIPA-users wrote: Hello, When enrolling a opensuse tumbleweed client, ipa-client-install fails to get the cacertificate from ldap with error: 2024-04-30T11:23:16Z DEBUG Initializing principal adminprinci

[Freeipa-users] Re: unable to convert attribute 'cacertificate:binary'

On Аўт, 30 кра 2024, Antoine Gatineau via FreeIPA-users wrote: Hello, When enrolling a opensuse tumbleweed client, ipa-client-install fails to get the cacertificate from ldap with error: 2024-04-30T11:23:16Z DEBUG Initializing principal adminprincipal using password 2024-04-30T11:23:16Z DEB

[Freeipa-users] Re: unable to convert attribute 'cacertificate:binary'

Antoine Gatineau via FreeIPA-users wrote: > Hello, > > When enrolling a opensuse tumbleweed client, ipa-client-install fails to > get the cacertificate from ldap with error: > > 2024-04-30T11:23:16Z DEBUG Initializing principal adminprincipal using > password > 2024-04-30T11:23:16Z DEBUG Starting

[Freeipa-users] unable to convert attribute 'cacertificate:binary'

Hello, When enrolling a opensuse tumbleweed client, ipa-client-install fails to get the cacertificate from ldap with error: 2024-04-30T11:23:16Z DEBUG Initializing principal adminprincipal using password 2024-04-30T11:23:16Z DEBUG Starting external process 2024-04-30T11:23:16Z DEBUG args=['/