The only reference I can find in /etc is
sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg
________________________________
From: ether bunny via FreeIPA-users <[email protected]>
Sent: Tuesday, December 23, 2025 11:03 PM
To: [email protected] <[email protected]>
Cc: ether bunny <[email protected]>
Subject: [Freeipa-users] getting rid of defunct ipa server
I thought I'd scrubbed out the old freeipa server (replaced by 2 shiny new
ones) but I keep seeing references to it in /var/log/krb5kdc.log on one of the
new ipa servers.
freeipa-a krb5kdc[959452](info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18),
aes128-cts-hmac-sha1-96(17), UNSUPPORTED:des3-hmac-sha1(16),
DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25),
camellia256-cts-cmac(26), aes256-cts-hmac-sha384-192(20),
aes128-cts-hmac-sha256-128(19)}) 10.95.96.52: CLIENT_NOT_FOUND:
host/freeipa.domain@DOMAIN for krbtgt/DOMAIN@DOMAIN, Client not found in
Kerberos database
Its not clear from this message what client/service is still pointing at the
old host.
If I do 'ipa-replica-manage dnarange-show' - all I see are the 2 new replicas
'ipa config-show | grep "CA renewal master"' - shows the new host
Where else should I be looking?
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
