Thanks -- still a bit strange that it did not show up on some servers - vary random and intermittent.

BTW - a bit of information others might find useful. If you try to use the "LDAP" portion of IPA for authentication - rather than fulling installing the IPA client and using Kerberos - the servers running ds-389 do not do well in handling the load. In other words - a few hundred hosts trying to authenticate via LDAP only will send CPU through the roof and crashes the slapd process often. Since IPA is supposed to handle all options, I guess I am disappointed.


On 12/3/14 2:56 PM, Dmitri Pal wrote:
On 12/03/2014 04:40 PM, Janelle wrote:
Here is a bit of baffling one on 4.0.5:

Replica install p11-kit???

This is a part of the DNSSEC set of packages.

Connection from master to replica is OK.

Connection check OK
p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

database is read-only


Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to