IPA Replica installation fails on IPV4 Linux box, The exception/messages on
screen are:
...
error: [Errno 97] Address family not supported by protocol
...
After looking into the python code, it is found out that the IPA program tried
to test both IPV4 and IPv6 address families, and it failed there when IPV6 is
turned off.
So I turn on IPV6 again, try ipa-conncheck again and it works this time.
--David
________________________________
From: hshhs caca <[email protected]>
To: "[email protected]" <[email protected]>
Sent: Thursday, April 26, 2012 1:51 PM
Subject: [Freeipa-users] What are the main purposes of Dogtag certificate
system inside IPA
Hi folks,
When evaluating migration from existing seperate LDAP/Kerberos solution to
integrated IPA, I got confused on the purposes of Dogtag Certificate system
inside IPA. What are the main purposes of it? or what value it brings in to
IPA?
I can see the points of KDC and 389 Directory server parts, even NTP and DNS,
but not for Dogtag. Frankly, I am not sure where I should put it. Say, For
Kerberos authentication, I need only /etc/krb5.conf and /etc/krb5.keytab
locally on client and then krb5 tools/libs will do their work happily. Then
why should I authenticate a machine with certificate, or certificate+keytab --
either way the certificate part is a MUST -- see document
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/hosts.html
( at the very bottom).
A close question is: what are the main points/benefits of machine
authentication? because of with traditional keytab based kerberos setup, the
users, machines and services can authenticate no problem, then why we need an
extra authentication with machine certificate as a must?
Please help me clarify the question of why the statement 'pkinit_anchors =
FILE:/etc/ipa/ca.crt' is put inside krb5.conf after running ipa-client-install
script? what is its purposes?
Last problem is: after I following the steps at
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/linux-manual.html
to setup my Linux client manually, I still can not run 'ipa user-find' command
on the client; when another same type linux client installed with
'ipa-client-install' has no problem to run it.
Does there are any difference between manual and automatic installations?
Sorry I got too many questions and probably more, as I read though the Redhat
IPA document serveral times, and every time more questions pop up. :)
Thanks a lot.
--Robinson
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
