Hi All Please help me in adding a synchronization agreement. I followed ( http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/) but the example given in 4.4. Creating Synchronization Agreements is not correct. There is no more option add in ipa-replica-manage command. After googling they suggested me to use connect instead of add. This command worked but it stopped directory server and thorws following errors. Jakub Hrozek suggested me to get logs from /var/log/ipareplica-install.log. But this file is not at all created only ipaclient-install.log ipaserver-install.log are the two files in that there is no reference to ipa-replica-mange command.
I have installed ipa v2 from http://jdennis.fedorapeople.org repo. [root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert /root/bgkerb.cer 10.0.65.28 -v --passsync asd312ASD INFO:root:args=/sbin/service dirsrv stop INFO:root:stdout=Shutting down dirsrv: AGV-COM...[ OK ] PKI-IPA...[ OK ] INFO:root:stderr= unexpected error: DsInstance instance has no attribute 'subject_base' Regards, AGV On Fri, Jan 14, 2011 at 10:30 PM, <[email protected]> wrote: > Send Freeipa-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/freeipa-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeipa-users digest..." > > > Today's Topics: > > 1. ipa-replica-manage command fails while Setting up Windows > Sync on the IPA Server V2 (Aravind GV) > 2. Re: ipa-replica-manage command fails while Setting up Windows > Sync on the IPA Server V2 (Jakub Hrozek) > 3. Re: certmonger selinux issue and freeipa dns database error > problem (Rob Crittenden) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 14 Jan 2011 15:08:44 +0530 > From: Aravind GV <[email protected]> > To: [email protected] > Subject: [Freeipa-users] ipa-replica-manage command fails while > Setting up Windows Sync on the IPA Server V2 > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="windows-1252" > > Hi > > I?m trying to set up password/identity sync to the FreeIPA V2 server from a > Windows 2003R2 SP2 server to a Fedora 14. According to installation > document > in free ipa website [ > http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/ ] > ipa-replica-manage add option is no more there if i use connect option i > get > below error. There is not much in logs to troubleshoot. Please help me to > resolve this issue. > > [root@fedora ~]# ipa-replica-manage connect --winsync --binddn > CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert > /root/bgkerb.cer bgkerb.test02.com -v --passsync asd312ASD > Directory Manager password: > INFO:root:args=/sbin/service dirsrv stop > INFO:root:stdout=Shutting down dirsrv: > AGV-COM...[ OK ] > PKI-IPA...[ OK ] > > INFO:root:stderr= > unexpected error: DsInstance instance has no attribute 'subject_base' > > -- > ---------------------------- > With Best Regards > Aravind G V > Ph-9880346065 > "I want it all, > That's why I strive for it, > I know that it's coming" - Drake from "Successful" > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://www.redhat.com/archives/freeipa-users/attachments/20110114/518de32f/attachment.html > > > > ------------------------------ > > Message: 2 > Date: Fri, 14 Jan 2011 11:15:23 +0100 > From: Jakub Hrozek <[email protected]> > To: [email protected] > Subject: Re: [Freeipa-users] ipa-replica-manage command fails while > Setting up Windows Sync on the IPA Server V2 > Message-ID: <[email protected]> > Content-Type: text/plain; charset=utf-8 > > On Fri, Jan 14, 2011 at 03:08:44PM +0530, Aravind GV wrote: > > Hi > > > > I?m trying to set up password/identity sync to the FreeIPA V2 server from > a > > Windows 2003R2 SP2 server to a Fedora 14. According to installation > document > > in free ipa website [ > > http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/] > > ipa-replica-manage add option is no more there if i use connect option i > get > > below error. There is not much in logs to troubleshoot. Please help me to > > resolve this issue. > > > > [root@fedora ~]# ipa-replica-manage connect --winsync --binddn > > CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert > > /root/bgkerb.cer bgkerb.test02.com -v --passsync asd312ASD > > Directory Manager password: > > INFO:root:args=/sbin/service dirsrv stop > > INFO:root:stdout=Shutting down dirsrv: > > AGV-COM...[ OK ] > > PKI-IPA...[ OK ] > > > > INFO:root:stderr= > > unexpected error: DsInstance instance has no attribute 'subject_base' > > > > Hi, > > The full Python exception can be found in > /var/log/ipareplica-install.log. Can you post the last couple of lines > with the traceback? > > Thank you, > Jakub > > > > ------------------------------ > > Message: 3 > Date: Fri, 14 Jan 2011 09:19:21 -0500 > From: Rob Crittenden <[email protected]> > To: Uzor Ide <[email protected]> > Cc: [email protected] > Subject: Re: [Freeipa-users] certmonger selinux issue and freeipa dns > database error problem > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Uzor Ide wrote: > > > > We have a network that relies on kerberos, 389-ds, bind and nfs4. I am > > currently testing out the freeipa version 2 to see if we can use it to > > consolidate the various configuration into one interface. For the most > > part it works great apart from the obvious area where it has not been > > completed. However there are somethings that I have noticed. > > > > 1.) The DNS logging always logs database error every time it access the > > ldap. even though the query returns okay and the dns reply is fine. > > > > here is an excerpt of the log named.run > > > > 24-Oct-2010 10:32:33.025 edns-disabled: info: success resolving > > 'www.mailscanner.tv/A <http://www.mailscanner.tv/A>' (in 'mailscanner.tv > > <http://mailscanner.tv>'?) after reducing the advertised EDNS UDP packet > > size to 512 octets > > 24-Oct-2010 10:34:41.137 database: error: querying 'idnsName=wpad, > > idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with > > '(objectClass=idnsRecord)' > > 24-Oct-2010 10:34:41.140 database: error: querying 'idnsname=uzdomain.ca > > <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with > > '(objectClass=idnsRecord)' > > 24-Oct-2010 10:34:41.143 database: error: entry count: 1 > > 24-Oct-2010 10:34:41.146 database: error: querying 'idnsName=wpad, > > idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with > > '(objectClass=idnsRecord)' > > 24-Oct-2010 10:39:43.581 database: error: querying 'idnsName=wpad, > > idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with > > '(objectClass=idnsRecord)' > > 24-Oct-2010 10:39:43.583 database: error: querying 'idnsname=uzdomain.ca > > <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with > > '(objectClass=idnsRecord)' > > 24-Oct-2010 10:39:43.586 database: error: entry count: 1 > > 24-Oct-2010 10:39:43.589 database: error: querying 'idnsName=wpad, > > idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with > > '(objectClass=idnsRecord)' > > > > here is our logging configuration > > > > // ******************* > > // Logging definitions > > // ******************* > > > > // Logging > > logging { > > channel "named_log" { > > file "data/log/named.run" versions 5 size 4m; > > severity dynamic; > > print-category yes; > > print-severity yes; > > print-time yes; > > }; > > > > channel "security_log" { > > file "data/log/security.log" versions 5 size 10m; > > severity dynamic; > > print-category yes; > > print-severity yes; > > print-time yes; > > }; > > > > channel "query_log" { > > file "data/log/query.log" versions 5 size 50m; > > #severity dynamic; > > severity debug; > > print-category yes; > > print-severity yes; > > print-time yes; > > }; > > > > channel "transfer_log" { > > file "data/log/transfer.log" versions 5 size 10m; > > severity dynamic; > > print-category yes; > > print-severity yes; > > }; > > > > category "default" { > > "named_log"; > > "default_syslog"; > > "default_debug"; > > }; > > > > category "general" { > > "named_log"; > > }; > > > > category "queries" { > > "query_log"; > > }; > > > > category "lame-servers" { > > null; > > }; > > > > category "security" { > > "security_log"; > > }; > > > > category "config" { > > "named_log"; > > }; > > > > category "resolver" { > > "query_log"; > > }; > > > > category "xfer-in" { > > "transfer_log"; > > }; > > > > category "xfer-out" { > > "transfer_log"; > > }; > > > > category "notify" { > > "transfer_log"; > > }; > > > > category "client" { > > "query_log"; > > }; > > > > category "network" { > > "named_log"; > > }; > > > > category "update" { > > "transfer_log"; > > }; > > > > category "dnssec" { > > "security_log"; > > }; > > > > category "dispatch" { > > "security_log"; > > }; > > }; > > > > This error message keeps triggering our monitoring systems. > > This has been fixed in bug > https://bugzilla.redhat.com/show_bug.cgi?id=656454. It should show up as > bind-dyndb-ldap-0.2.0-1.fc14 in the Fedora updates-testing repo in the > next day or so. > > rob > > > > ------------------------------ > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > > End of Freeipa-users Digest, Vol 30, Issue 8 > ******************************************** > -- ---------------------------- With Best Regards Aravind G V Ph-9880346065 "I want it all, That's why I strive for it, I know that it's coming" - Drake from "Successful"
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
