[Freeipa-users] SSSD bug found? FreeIPA vs SSSD

Hola, On CentOS 7.3, using FreeIPA VERSION: 4.4.0, API_VERSION: 2.213 and sssd (via COPR) 1.15.1, which has a one way trust to an AD domain. unix.name.org -> name.org I've seen some interesting behaviour. Being part of a large organisation with a smaller nix environment and a larger Windows

Re: [Freeipa-users] Replication Issues

On 03/08/2017 11:39 AM, Christopher Young wrote: > My replication scheme has things like so: > > orldc-prod-ipa01 <--> orldc-prod-ipa02 <--> bohdc-prod-ipa01 > > I had run re-initialize on orldc-prod-ipa02 (--from orldc-prod-ipa01) AND > re-initialize on bohdc-prod-ipa01 (--from

[Freeipa-users] Issue upgrading freeipa to ipa-server-4.4.0-14.el7.centos.4.x86_64

Hi all! I'm trying to upgrade my ipa-server to the version in subject and hitting some bug that seems similar to https://bugzilla.redhat.com/show_bug.cgi?id=1404910 The yum upgrade process took a bit longer than expected so i ctrl+c it and executed the command ipa-server-upgrade The error

Re: [Freeipa-users] Replication Issues

My replication scheme has things like so: orldc-prod-ipa01 <--> orldc-prod-ipa02 <--> bohdc-prod-ipa01 I had run re-initialize on orldc-prod-ipa02 (--from orldc-prod-ipa01) AND re-initialize on bohdc-prod-ipa01 (--from orldc-prod-ipa02). That is where i'm currently at with the same errors. Any

Re: [Freeipa-users] cannot connect to ldaps during replica install, port 636 not listening

On Mon, Mar 6, 2017 at 3:20 AM, Tomas Krizek wrote: > On 03/04/2017 12:51 AM, Chris Herdt wrote: >> On Fri, Mar 3, 2017 at 4:22 AM, Tomas Krizek wrote: >>> >>> On 03/02/2017 06:25 PM, Chris Herdt wrote: >>> >>> On Thu, Mar 2, 2017 at 10:06 AM, Martin Basti

[Freeipa-users] Can't start dirsrv. Can't force reinitialize

ipactl startExisting service file detected!Assuming stale, cleaning and proceedingStarting Directory ServiceFailed to read data from service file: Failed to get list of services to probe status!Configured hostname this_server.domain' does not match any master server in LDAP: in

Re: [Freeipa-users] External DNS and replication

On 08.03.2017 14:05, Wimmer Ronald (BCC.B.SO) wrote: > > Hi, > > > > I am using FreeIPA with external DNS. Is it ok to balance the requests > between master and replica with DNS SRV records like this: > > > > _kerberos-master._tcp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net. > >

[Freeipa-users] External DNS and replication

Hi, I am using FreeIPA with external DNS. Is it ok to balance the requests between master and replica with DNS SRV records like this: _kerberos-master._tcp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net. _kerberos-master._udp.example.net. 86400 IN SRV 10 50 88 ipa1.example.net.

[Freeipa-users] attrlist_replace - attr_replace (nsslapd-referral ????

I have no idea what this means but it is causing issues with a replica Mar 07 10:27:02 dc2-rd-ipa01.ipa.example.com ns-slapd[2266]: [07/Mar/2017:10:27:02.158131947 -0500] attrlist_replace - attr_replace (nsslapd-referral,

[Freeipa-users] Replica fail to create , all new cert already inside

Hi: I already done input new cert but ipa-replica-prepare central03.ABC.com (ipa 3.0) it fail with the error as below: which "location" I should check the old cert still inside some where Below I already input CA / server cert ..and nssdb poting is right ..already spent serveral days to check

Re: [Freeipa-users] consumer replica which does not show up in ruv list

On 03/07/2017 09:21 PM, lejeczek wrote: On 07/03/17 16:48, Ludwig Krispenz wrote: On 03/07/2017 05:29 PM, lejeczek wrote: On 07/03/17 12:39, Martin Babinsky wrote: On Tue, Mar 07, 2017 at 09:55:52AM +, lejeczek wrote: hi, I presume I need to use ldapmodify/delete? I found