On ke, 03 touko 2017, Patrick Hemmer wrote:
Would it be reasonable to request a feature for FreeIPA to enforce
password history reuse based on age, instead of a count? Meaning
configure FreeIPA to enforce that a password cannot be reused within the
last 1 year? Then we could remove the minimum ti
On 04/28/2017 02:57 PM, Bret Wortman wrote:
Flo,
I did find that issue and made those corrections to our /etc/hosts file,
but the problem persists.
Thanks for the idea!
after the change did you restart pki?
Bret
On 04/27/2017 03:42 AM, Florence Blanc-Renaud wrote:
On 04/26/2017 04:33
On 05/04/2017 12:41 AM, Ian Harding wrote:
Is there any way this can be made to work? This server does not exist
in real life or seemingly in FreeIPA, but a ghost of it does.
ianh@vm-ian-laptop:~$ ipa server-find freeipa-dal.bpt.rocks
1 IPA server matched
--
On 05/03/2017 05:16 PM, Chris Dagdigian wrote:
Any guidance for this one?
Summary - this seems to be the fatal error that causes the CA setup on
the replica to fail:
May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: testLDAPConnection:
The specified user cn=Replication Manager
masterAgreeme
Florence Blanc-Renaud wrote:
the issue looks similar to ticket 6766 [1]
Flo.
[1] https://pagure.io/freeipa/issue/6766
Thanks Flo, I agree that this looks like the issue I"m hitting in v4.4
much appreciated!
I'm gonna be watching this closely, it's nerve wracking knowing that I
can't use,
On 05/04/2017 02:01 PM, Chris Dagdigian wrote:
Florence Blanc-Renaud wrote:
the issue looks similar to ticket 6766 [1]
Flo.
[1] https://pagure.io/freeipa/issue/6766
Thanks Flo, I agree that this looks like the issue I"m hitting in v4.4
much appreciated!
I'm gonna be watching this closely
Standa Laznicka wrote:
You can, but you probably won't be able to install a CA replica on
them (you have to leave out the --setup-ca option). In the meantime,
you can create replicas without CA replication and when the Dogtag/DS
guys solve the problem, you can run ipa-ca-install on those to set
Petr Vobornik wrote:
> On 05/04/2017 12:41 AM, Ian Harding wrote:
>> Is there any way this can be made to work? This server does not exist
>> in real life or seemingly in FreeIPA, but a ghost of it does.
>>
>> ianh@vm-ian-laptop:~$ ipa server-find freeipa-dal.bpt.rocks
>>
>> 1
Michael Plemmons wrote:
> I realized that I was not very clear in my statement about testing with
> ldapsearch. I had initially run it without logging in with a DN. I was
> just running the local ldapsearch -x command. I then tested on
> ipa12.mgmt and ipa11.mgmt logging in with a full DN for th
Hello All,According to ipa_check_consistency we have "LDAP Conflicts"
(https://github.com/peterpakos/ipa_check_consistency).
How do I find and resolve them?
I've seen:Re: [Freeipa-devel] LDAP conflicts resolution API
|
| |
Re: [Freeipa-devel] LDAP conflicts resolution API
| |
|
you can start here:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-solving_common_replication_conflicts
you need first find out which conflict entries you have, which entries
need to be preserved, and then can start to re
Hi All
Is the following statement correct?
"If a kerberos client (e.g. a FreeIPA client) holds a service ticket to a
service principal in its credentials cache, it no longer needs to interact
with the KDC to access the service (assuming the ticket is still valid).
i.e. if a kerberos client is n
On 05/04/2017 10:20 AM, James Harrison wrote:
> Hello All,
> According to ipa_check_consistency we have "LDAP Conflicts"
> (https://github.com/peterpakos/ipa_check_consistency).
>
> How do I find and resolve them?
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/admi
I'm trying to use certmonger to get an SSL certificate on a web host
which has an alias. I added the alias as a principal alias to the
host record in FreeIPA, and I added the service as well with the
actual hostname and the alias. However every time certmonger contacts
the CA, the request is reje
Hello,
I have a problem with Samba setup that I haven't been able to overcome for
months. I am trying to setup samba on RHEL 7 using SSSD instead of winbind
Currently, I have a one way trust between the production Active directory
and productin IPA. I have users on IPA and Active directory. For
On Thu, May 04, 2017 at 05:36:26PM -0400, Steve Huston wrote:
> I'm trying to use certmonger to get an SSL certificate on a web host
> which has an alias. I added the alias as a principal alias to the
> host record in FreeIPA, and I added the service as well with the
> actual hostname and the alia
On Thu, May 4, 2017 at 9:15 PM, Fraser Tweedale wrote:
> The fix for this was released in FreeIPA 4.5. See ticket
> https://pagure.io/freeipa/issue/6295.
>
Excellent! Any chance of that getting backported into the 4.4.x
series available on RHEL7?
--
Steve Huston - W2SRH - Unix Sysadmin, PICSc
On Thu, May 04, 2017 at 10:30:39PM -0400, Steve Huston wrote:
> On Thu, May 4, 2017 at 9:15 PM, Fraser Tweedale wrote:
> > The fix for this was released in FreeIPA 4.5. See ticket
> > https://pagure.io/freeipa/issue/6295.
> >
>
> Excellent! Any chance of that getting backported into the 4.4.x
>
18 matches
Mail list logo
