Thanks -- still a bit strange that it did not show up on some servers -
vary random and intermittent.
BTW - a bit of information others might find useful. If you try to use
the "LDAP" portion of IPA for authentication - rather than fulling
installing the IPA client and using Kerberos - the servers running
ds-389 do not do well in handling the load. In other words - a few
hundred hosts trying to authenticate via LDAP only will send CPU through
the roof and crashes the slapd process often. Since IPA is supposed to
handle all options, I guess I am disappointed.
regards
~J
On 12/3/14 2:56 PM, Dmitri Pal wrote:
On 12/03/2014 04:40 PM, Janelle wrote:
Here is a bit of baffling one on 4.0.5:
Replica install p11-kit???
This is a part of the DNSSEC set of packages.
Connection from master to replica is OK.
Connection check OK
p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported
attribute
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
...
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
LDAP error: UNWILLING_TO_PERFORM
database is read-only
Thoughts?
~J
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project