On 06/25/2018 07:48 AM, Jokinen Eemeli via FreeIPA-users wrote:
Hi!
gssproxy up and running
--
systemctl status gssproxy
● gssproxy.service - GSSAPI Proxy Daemon
Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; vendor
preset: disabled)
Active: active (running) since Fri 2018-06-15 12:58:24 EEST; 1 weeks 2 days
ago
Process: 3807 ExecStart=/usr/sbin/gssproxy -D (code=exited, status=0/SUCCESS)
--
Also seems like there's some default configuration of gssproxy, no ipa.conf
(googling said that there should probably be also ipa.conf?).
--
ls /etc/gssproxy/
24-nfs-server.conf 99-nfs-client.conf gssproxy.conf
--
Hi,
you are indeed missing the file /etc/gssproxy/10-ipa.conf, and this file
should be created during ipa-server-upgrade, but after the step
restarting pki-tomcat.
So let's go back to our initial goal: finding which master is the
renewal master. You can use a ldapsearch query to find out the renewal
master:
# ldapsearch -D cn=directory\ manager -W -LLL -b
cn=masters,cn=ipa,cn=etc,$BASEDN
'(&(cn=CA)(ipaConfigString=caRenewalMaster))' dn
Enter LDAP Password:
dn: cn=CA,cn=myrenewalmaster.domain.com,cn=masters,cn=ipa,cn=etc,$BASEDN
(replace BASEDN with your own setting that can be found in
/etc/ipa/default.conf)
Flo
Eemeli
-----Original Message-----
From: Florence Blanc-Renaud [mailto:f...@redhat.com]
Sent: perjantai 22. kesäkuuta 2018 15.39
To: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: Jokinen Eemeli <eemeli.joki...@cinia.fi>
Subject: Re: [Freeipa-users] Re: Problems after IPA upgrade: ipa-server-upgrade
doesn't complete, pki-tomcatd won't start
On 06/21/2018 08:57 AM, Jokinen Eemeli via FreeIPA-users wrote:
Hi!
Forgot kinit:
--
kinit admin
Password for admin@<<REALM>>:
klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin@<<REALM>>
Valid starting Expires Service principal
06/21/2018 09:55:07 06/22/2018 09:54:54 HTTP/<<ipa1.fqdn>>@<<REALM>>
06/21/2018 09:55:02 06/22/2018 09:54:54 krbtgt/<<REALM>>@<<REALM>>
ipa config-show
ipa: ERROR: No valid Negotiate header in server response
--
Hi,
can you check if the service gssproxy is running:
# systemctl status gssproxy
and if not, restart it.
Flo
Still no luck getting ipa config
Eemeli
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/GR4ULROH2LK6PXMDLLD7F4JAVEY34776/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/JDQJELPIIP4WLOQ6PL7NE2257AWZV3W2/
