[Freeipa-users] Re: How does RBAC work?

> On 2 Aug 2024, at 13:18, Florence Blanc-Renaud via FreeIPA-users > wrote: > > Hi, > > On Fri, Jul 19, 2024 at 4:53 PM Francis Augusto Medeiros-Logeay via > FreeIPA-users > wrote: >> >> >> >> On 18 Jul 2024, at 22:15, Rob Crittenden > >>

[Freeipa-users] Re: krb5PrincipalName - is it there?

> On 28 Aug 2024, at 16:18, Alexander Bokovoy > wrote: > > On Срд, 28 жні 2024, Francis Augusto Medeiros-Logeay wrote: >> >>> On 28 Aug 2024, at 15:37, Alexander Bokovoy wrote: >>> >>> On Срд, 28 жні 2024, Francis Augusto Medeiros-Logeay via FreeIPA-users >>> wr

[Freeipa-users] time out for an external domain

Hi Everyone, I'm running into a weird DNS resolution problem (at home) for an external subdomain. rogersbank.com can be looked up from my Fedora 40 host joined to a two server AlmaLinux 9 IdM domain: $ dig rogersbank.com ; <<>> DiG 9.18.28 <<>> rogersbank.com ;; global options: +cmd ;; Got answ

[Freeipa-users] Re: Error upgrading to version 4.11.0

Luis Correia via FreeIPA-users wrote: > I looked at those logs, and saw that we're getting a lot of these: > 2024-08-28 09:05:10 [main] INFO: PKISocketFactory: Creating SSL socket for > :636 > 2024-08-28 09:05:10 [main] SEVERE: Add listener!!! > org.dogtagpki.server.PKIClientSocketListener@79ac50

[Freeipa-users] Re: Error upgrading to version 4.11.0

I looked at those logs, and saw that we're getting a lot of these: 2024-08-28 09:05:10 [main] INFO: PKISocketFactory: Creating SSL socket for :636 2024-08-28 09:05:10 [main] SEVERE: Add listener!!! org.dogtagpki.server.PKIClientSocketListener@79ac50fe 2024-08-28 09:05:10 [main] INFO: PKISocketFac

[Freeipa-users] Re: Error upgrading to version 4.11.0

Luis Correia via FreeIPA-users wrote: > Hello all. > I'm currently running a FreeIPA server on Docker using the rocky-9-4.10.2 and > trying to upgrade my installation to version rocky-9-4.11.0, but currently > getting this error: > > 2024-08-28T09:21:52Z DEBUG Failed to check CA status: cannot c

[Freeipa-users] Re: krb5PrincipalName - is it there?

On Срд, 28 жні 2024, Francis Augusto Medeiros-Logeay wrote: On 28 Aug 2024, at 15:37, Alexander Bokovoy wrote: On Срд, 28 жні 2024, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: On 28 Aug 2024, at 15:02, Rob Crittenden wrote: Francis Augusto Medeiros-Logeay via FreeIPA-use

[Freeipa-users] Re: krb5PrincipalName - is it there?

> On 28 Aug 2024, at 15:37, Alexander Bokovoy wrote: > > On Срд, 28 жні 2024, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: >> >> On 28 Aug 2024, at 15:02, Rob Crittenden wrote: >>> >>> Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: Hi, I have conf

[Freeipa-users] Re: krb5PrincipalName - is it there?

On Срд, 28 жні 2024, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: On 28 Aug 2024, at 15:02, Rob Crittenden wrote: Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: Hi, I have configured Keycloak with FreeIPA for kerberos authentication. It has worked fine, but today I

[Freeipa-users] Re: krb5PrincipalName - is it there?

> On 28 Aug 2024, at 15:02, Rob Crittenden wrote: > > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: >> Hi, >> >> I have configured Keycloak with FreeIPA for kerberos authentication. >> >> It has worked fine, but today I noticed something: >> >> Keycloak seems to look up krb5Princ

[Freeipa-users] Re: krb5PrincipalName - is it there?

Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: > Hi, > > I have configured Keycloak with FreeIPA for kerberos authentication. > > It has worked fine, but today I noticed something: > > Keycloak seems to look up krb5PrincipalName attribute to look for the > user principal. However, I do

[Freeipa-users] Re: Running FreeIPA in same Domain as AD without any interaction

On 28.08.24 14:44, patrik uytterhoeven via FreeIPA-users wrote: Hi Thx for the quick feedback but in our case it's not needed to have same users on freeipa and AD in fact the AD is only used for the windows servers DNS is managed externally and there is no DHCP server everything is with fixed I

[Freeipa-users] krb5PrincipalName - is it there?

Hi, I have configured Keycloak with FreeIPA for kerberos authentication. It has worked fine, but today I noticed something: Keycloak seems to look up krb5PrincipalName attribute to look for the user principal. However, I don't see that attribute when I perform an ldapsearch. Is it there at al

[Freeipa-users] Re: Running FreeIPA in same Domain as AD without any interaction

Hi Thx for the quick feedback but in our case it's not needed to have same users on freeipa and AD in fact the AD is only used for the windows servers DNS is managed externally and there is no DHCP server everything is with fixed IPs so in our case it would be a freeipa server that 100% detached

[Freeipa-users] Re: Running FreeIPA in same Domain as AD without any interaction

On Срд, 28 жні 2024, patrik uytterhoeven via FreeIPA-users wrote: Hi, I would like to know if i can install the FreeIPA for my linux servers in same domain that is being used by AD for the windows servers without any trusts between both servers I like to keep the domain the same name but also wa

[Freeipa-users] Re: Error upgrading to version 4.11.0

I'm facing the same problem On Wed, Aug 28, 2024 at 12:01 PM Luis Correia via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello all. > I'm currently running a FreeIPA server on Docker using the rocky-9-4.10.2 > and trying to upgrade my installation to version rocky-9-4.11.0, bu

[Freeipa-users] Error upgrading to version 4.11.0

Hello all. I'm currently running a FreeIPA server on Docker using the rocky-9-4.10.2 and trying to upgrade my installation to version rocky-9-4.11.0, but currently getting this error: 2024-08-28T09:21:52Z DEBUG Failed to check CA status: cannot connect to 'http://:8080/ca/admin/ca/getStatus': [

[Freeipa-users] Re: LDAP System User permissions

On 28.08.24 11:25, Ronald Wimmer via FreeIPA-users wrote: On 20.08.24 17:56, Rob Crittenden wrote: Ronald Wimmer via FreeIPA-users wrote: On 14.08.24 10:50, Florence Blanc-Renaud wrote: Hi, On Tue, Aug 13, 2024 at 1:15 PM Ronald Wimmer via FreeIPA-users mailto:freeipa- us...@lists.fedorahoste

[Freeipa-users] Re: LDAP System User permissions

On 20.08.24 17:56, Rob Crittenden wrote: Ronald Wimmer via FreeIPA-users wrote: On 14.08.24 10:50, Florence Blanc-Renaud wrote: Hi, On Tue, Aug 13, 2024 at 1:15 PM Ronald Wimmer via FreeIPA-users mailto:freeipa- us...@lists.fedorahosted.org>> wrote:     On 13.08.24 11:35, Ronald Wimmer via

[Freeipa-users] Running FreeIPA in same Domain as AD without any interaction

Hi, I would like to know if i can install the FreeIPA for my linux servers in same domain that is being used by AD for the windows servers without any trusts between both servers I like to keep the domain the same name but also want to be sure that this will not create any conflicts -- ___

[Freeipa-users] Re: Unknown ca error preventing a variety of operations

Hi, On Mon, Aug 26, 2024 at 9:13 PM Toma Morris via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Thanks, Rob, > > ipa-cacert-manage list succeeds, with ~13 lines of output that look like > they're probably enumeration of certs. pki client init && pki ca cert find > succeeds and