Not sure if it's considered best practice, but the ipa-join command takes a
`--hostname` option, and you can provide a separate hostname there from
what is set on the server I believe. I do not think it will change what
hostname is set on the instance.
On Tue, Sep 16, 2025 at 4:04 PM Navid Talesh
I can confirm this fixed it for me as well.
--Russ
On Fri, Apr 4, 2025 at 11:15 AM Vicente Quintans via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> We found this issue today, upgrading from Fedora 40 to Fedora 41.
>
> In dogtagpki the /ca/rest/account/login endpoint (actually
ed.
>
> rob
>
> Russell Long via FreeIPA-users wrote:
> > Just wondering if there were any ideas on what I could do to resolve
> > this, still seeing the same issue with the latest version on Stream 9. I
> > do not use the CA for anything other than internal IPA usage. Is th
> Does the CA start? If not add --ignore-service-failures
>> > >
>> > > Once everything else is up and settled, if the CA start failed
>> > run:
>> > > systemctl restart pki-tomcatd@pki-tomcat
>> > >
; it
> > > appears to have done so in the recent past.
> > >
> > > If so try a basic cert command:
> > > # openssl x509 -serial -noout -in /etc/ipa/ca.crt
> > > # ipa cert-show
> > >
> > > Does it
t; And see if that is successful. I think it should succeed since it
> > appears to have done so in the recent past.
> >
> > If so try a basic cert command:
> > # openssl x509 -serial -noout -in /etc/ipa/ca.crt
> > # ipa cert-show
> >
> >
I didn't believe it's possible to change easily, but how I get around it
for service accounts and the like is to change it from the admin side, then
login as the service account using the password set from the admin side.
Then I change the password as the user, which will then obey whatever
passwor
Re-sending this as I forgot to send to the list itself, sorry.
On Mon, Sep 18, 2023 at 6:55 AM Florence Blanc-Renaud
wrote:
> Hi,
>
> On Fri, Sep 15, 2023 at 7:43 PM Russ Long via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>> I have a single-server IPA environment in my hom
Thanks Flo,
I just re-tried adding the variables to the Inventory variables, the
inventory group variables, and the individual host variables in AWX. No
matter what I do, unless I add them to each individual task, when AWX runs
the play, I get an error stating that the password is not set.
--Rus
Not sure if it's what you're looking for, but I developed a bash script to
auto-generate tokens daily for all users not in my service-accounts group
if they did not exist. It then emails a QR code to the user and a
notification email to the management email. This may not be the best way
to do it,
I use this:
ipa user-show $USER --all --raw | grep krbLastSuccessful | awk '{print $2}'
On Fri, Jul 10, 2020 at 9:52 AM White, Daniel E. (GSFC-770.0)[NICS] via
FreeIPA-users wrote:
> I want to get createtimestamp, krbLastSuccessfulAuth, and krbLastPwdChange
> for all active users
>
> The "ipa
If your /var fills, lots of other things will fail too. Seems the best
option here is to setup proper log rotation and alerting along with a large
partition if you're worried.
On Wed, Mar 4, 2020, 17:34 Daniel PC via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> The goal is avoid
12 matches
Mail list logo
