Oh. I hadn't forgotten. This is what happened. These are my settings:
[root@ipa02 etc]# cat sysctl.conf | grep -v '#' net.ipv6.conf.all.disable_ipv6=0 net.ipv6.conf.default.disable_ipv6=0 These will overwrite my settings: [root@ipa02 etc]# cat sysctl.d/anaconda.conf # Anaconda disabling ipv6 (noipv6 option) net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 Two questions: - Does FreeIPA (or, some components therein) really require ipv6? During installation, it forced me to enable it. - If so, these anaconda settings look like a trivial way to break the system. I didn't install anaconda, but it was probably part of some dependencies. Can something be done to make this more robust? Best, Roberto On Thu, 17 Nov 2022 at 19:06, Roberto Cornacchia < [email protected]> wrote: > I found it! > > dirsrv listens on ipv6 only. > I had set net.ipv6.conf.all.disable_ipv6 > and net.ipv6.conf.all.disable_ipv6 to 0, but apparently forgot to make the > change permanent, so after the reboot ipv6 was disabled. > > > > On Thu, 17 Nov 2022 at 18:50, Roberto Cornacchia < > [email protected]> wrote: > >> This, however, works: >> >> # ldapsearch -H ldap://localhost:389 -x uid=roberto >> # extended LDIF >> # >> # LDAPv3 >> # base <dc=hq,dc=spinque,dc=com> (default) with scope subtree >> # filter: uid=roberto >> # requesting: ALL >> # >> >> # roberto, users, compat, hq.spinque.com >> dn: uid=roberto,cn=users,cn=compat,dc=hq,dc=spinque,dc=com >> [.. omitted ..] >> >> >> On Thu, 17 Nov 2022 at 18:44, Roberto Cornacchia < >> [email protected]> wrote: >> >>> >>>> You still have a replication agreement, and until its removed you will >>>> keep seeing these messages. However it's not related to this issue though. >>>> >>> >>> Good to know. I hope there is a way to force removal of that agreement. >>> >>>> - sometimes, but not always, this log also shows: >>>> ERR - bdb_version_write - Could not open file >>>> "/dev/shm/slapd-HQ-SPINQUE-COM/DBVERSION" for writing Netscape Portable >>>> Runtime -5950 (File not found.) >>>> >>>> This might happen after a system reboot. It should be safe to ignore >>>> as long as the server still starts :) >>>> >>> Again, good to know, thanks >>> >>>> So looking at the error log it looks like the server is started. >>>> Schema compat plugin is doing its initialization which is very resource >>>> intensive, but the server should still be working. >>>> >>>> Try doing a ldapsearch just to see if it's responding: >>>> >>>> ldapsearch -H ldap://localhost:389 -b "" -s base -D "cn=directory >>>> manager" -W >>>> >>> Ouch, I don't have the directory manager password with me at the moment, >>> I'll have to wait till tomorrow when I go to the office. >>> The server is up and listening: >>> >>> # netstat -tulnp | grep 389 >>> tcp6 0 0 :::389 :::* >>> LISTEN 3575/ns-slapd >>> >>> However, it's not just a slow start. >>> I can start all the other services via systemctl, so things seem ok, but >>> when much later I do ipactl stop I get: >>> >>> # ipactl stop >>> Failed to read data from Directory Service: Timeout exceeded >>> Shutting down >>> >>> So, it's really not cooperating. >>> >>> >>>
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
