So, we are seeing that the centos 7.9 (current version) repo is trying to
install ipa-server-4.6.8-5.el7.centos. However, the ipa-server dependencies
state that it is requiring a system-logos version of 70.7.0 or greater, and the
only logos that goes up that high is redhat-logos-70.7.0-1.el7.n
Hi everyone,
I'm using a Centos 7 machine. rpm -q returns that it is
centos-release-7-9.2009.1.el7.centos.x86_64.
I am getting an error during the install of FreeIPA.
After entering yum install ipa-server with the current Centos repo, it fails
and reports at the end:
Error: Package: ipa-serv
Yes, this helps.
Thanks Rob and Flo.
Steve
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/pr
> Steve Reed via FreeIPA-users wrote:
>
> It depends on the version of IPA. Either mod_nss via
> /etc/httpd/conf.d/nss.conf or mod_ssl via /etc/httpd/conf.d/ssl.conf.
>
> rob
We're running ver 4.6.8.
That puts us in with mod_nss?
__
Hey,
This is a general question. What is providing SSL for the web GUI? I don't
see the ssl module installed with the apache server. That would be the usual
way it is done. How is it done for FreeIPA?
Thanks,
Steve
___
FreeIPA-users mailing list
If so, who can I contact?
Thanks.
Steve
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/proje
So, I ran across an article on how to install the client manually on the Red
Hat site.
https://access.redhat.com/articles/2622831
Thank you Red Hat technical writing team. Without it we would've had to dump
FreeIPA on our project.
As far as I can tell, what was missing was the correct configu
>>>What do any of the logs say?
I found something interesting in the secure log.
Failed password for invalid user admin(a)XYZ.COM from >>>Server
address> port 50203 ssh2
I was wrong. My network guys are telling me it's the ip address of the machine
I am trying to login from.
It's impossible to say without any details.
What details do you need?
What does login mean? It seems to mean ssh but it's unclear.
A ssh login. A local machine login. All of the above.
What output do you get?
Invalid password. But I know it's the correct password, and I try with
Also, I get the same response on clients that I cannot login with the FreeIPA
(LDAP accounts) , but i can login to Kerberos with my fixed krb5.conf file.
So I still have the problem even with that command returning what I reported
above. Kerberos is working fine, but I can't login as admin on t
Where would that be? Which file for Centos 7?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/
[root@ozservices installer]# ipa dns-update-system-records --dry-run
IPA DNS records:
_kerberos-master._tcp.cs.ssds. 86400 IN SRV 0 100 88 ozservices.cs.ssds.
_kerberos-master._udp.cs.ssds. 86400 IN SRV 0 100 88 ozservices.cs.ssds.
_kerberos._tcp.cs.ssds. 86400 IN SRV 0 100 88 ozservi
Also, dig xyz.com returns the server information.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-
Ah, after I did a kinit login.
It came back with the information on the server.
It won't work on the clients because they didn't install properly.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to fr
It says:
ipa: ERROR: did not receive Kerberos credentials
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraprojec
Hi Rob,
The FreeIPA accounts are using LDAP for logins to clients, right? That’s what
I’ve understood. Is that wrong?
The reason that I am forcing Kerberos realm is that the discovery does not
properly configure the krb5.conf, and it fails because it says it can’t contact
the KDC for the Rea
Hi all,
I am running Versions 4.8 of the client installations. I have one machine that
installed except it failed to configure the krb5.conf file properly and it
fails saying that it can't find the KDC for the realm xyz.com. I can fix
Kerberos by manually editing the kfb5.conf file. Except fo
Hi Stephen,
True. I understand that, but I think we are getting off track to my original
question. Can you run a FIPS FreeIPA server and still have the clients work
with it? It't not necessarily required to have the clients FIPS compliant, but
the server must since it has to do the encryptio
Hi rob,
I found out that they blew this machine away today. I appreciate the ideas so
far.
The error log just stated that it could not start the directory service and
gave a script error and a line number.
When I removed the slapd service. I deleted the service file (I think it was a
.lnk f
Hi Rob,
So, are you saying that CENTOS is not FIPS compliant? Because there is a long
list of web sites that state that CENTOS and RHEL are FIPS 140-2 compliant.
https://www.google.com/search?q=is+centos+7+fips+compliant&rlz=1C1DKCZ_enUS768US768&oq=Is+Centos+7+FIPS+com&aqs=chrome.0.0j69i57j0i39
Does anyone else have an idea? I could use some help tracking this down. I'm
not sure where to start other than what I have been doing.
Thanks,
Steve
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email
I'm just concerned that if FIPS is set on the server, that it will force all
clients to use FIPS as well and reject them if they are not FIPS enabled.
Thanks,
Steve
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe s
I'm using CENTOS 7. I post to this Fedora site for FreeIPA because I was told
this is the place for these types of questions. I apologize if this is the
wrong place.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe
If I successfully install FreeIPA in FIPS mode, does that mean that all my
clients that call on the server need to be in FIPS mode as well? Or can I just
have the server in FIPS mode and the clients in whatever mode I want?
Thanks in advance.
Steve
_
Hi Florence,
Thanks for the idea. I checked the services and there is no service running.
I verified with systemctl |grep slapd
And I did look at the logs. They all stop after the install failed.
And checked the ports with netstat. 389 and 636 are not being used.
Thanks for your time.
25 matches
Mail list logo
