Brian LaMere wrote:
On Fri, Sep 24, 2010 at 10:43 AM, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>> wrote:

    Brian LaMere wrote:
     > ah, odd - I'm used to IPs being IA5.  then the equality match should
     > be changed?  Can't have  caseIgnoreIA5Match on a directory string :)
    Yes. This is what the patch does :-)


so, out of curiousity...why 60sudo? Seems like a string matching netmask
could be used more generically...it's redefined over as
radiusFramedIPNetmask in 60radius.ldif.  I go through and purge my tree
of attributes I'll never need, sorry - I have strange quirks.

Also, I've noted that when I stop services, then start them again per
the order in /etc/rc3.d, named doesn't know about the local domain yet
because it connects to an empty socket (since the krb and dirsrv
services aren't started yet)

     trying to establish LDAP connection to
ldapi://%2fvar%2frun%2fslapd-BRIAN-INTERNAL.socket

which fails at:

     Principal not found in cred cache (Matching credential not found)

Once everything is up, if I run "rndc reload" the local domain lookups
(and thus, everything else) works again.  Should one of the other
services incorporate a rndc reload, for this reason?  I didn't actually
restart the server (can't, due to something else it is doing) I just
stopped things per rc3.d/k* order, and then started them per s* order.

Brian

I use /usr/sbin/ipactl to restart all the IPA services myself. This could definitely be a problem on reboot though. I filed ticket https://fedorahosted.org/freeipa/ticket/294 to investigate this further.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to