The "allow" option in chrony.conf is disabled by default
by Andrey Bychkov
Hello all. I have a problem, the ipa client does not synchronize with
the ipa server, because ipa server does not listen to the ipa client's
address. By default the "allow" option is disabled in the chrony.conf.
Why is it done? And is there an alternative? If "allow" is enable, all ok.
5 years, 7 months
[freeipa PR#2326][opened] ipa-replica-install: fix pkinit setup
by flo-renaud
URL: https://github.com/freeipa/freeipa/pull/2326
Author: flo-renaud
Title: #2326: ipa-replica-install: fix pkinit setup
Action: opened
PR body:
"""
### ipa-replica-install: fix pkinit setup
commit 7284097 (Delay enabling services until end of installer)
introduced a regression in replica installation.
When the replica requests a cert for PKINIT, a check is done
to ensure that the hostname corresponds to a machine with a
KDC service enabled (ipaconfigstring attribute of
cn=KDC,cn=<hostname>,cn=masters,cn=ipa,cn=etc,$BASEDN must contain
'enabledService').
With the commit mentioned above, the service is set to enabled only
at the end of the installation.
The fix makes a less strict check, ensuring that 'enabledService'
or 'configuredService' is in ipaconfigstring.
Fixes: https://pagure.io/freeipa/issue/7566
### Tests: test successful PKINIT install on replica
Add a test checking that ipa-replica-install successfully configures
PKINIT on the replica
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2326/head:pr2326
git checkout pr2326
5 years, 7 months