On 4.12.2014 05:02, Janelle wrote:
> Thanks -- still a bit strange that it did not show up on some servers - vary
> random and intermittent.
> BTW - a bit of information others might find useful. If you try to use the
> "LDAP" portion of IPA for authentication - rather than fulling installing the
> IPA client and using Kerberos - the servers running ds-389 do not do well in
> handling the load. In other words - a few hundred hosts trying to authenticate
> via LDAP only will send CPU through the roof and crashes the slapd process
> often. Since IPA is supposed to handle all options, I guess I am
> On 12/3/14 2:56 PM, Dmitri Pal wrote:
>> On 12/03/2014 04:40 PM, Janelle wrote:
>>> Here is a bit of baffling one on 4.0.5:
>>> Replica install p11-kit???
>> This is a part of the DNSSEC set of packages.
>>> Connection from master to replica is OK.
>>> Connection check OK
>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>> Configuring NTP daemon (ntpd)
>>> [1/4]: stopping ntpd
>>> [2/4]: writing configuration
>>> Your system may be partly configured.
>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>> LDAP error: UNWILLING_TO_PERFORM
>>> database is read-only
We need more information about your problem.
As always, please start with information requested on
/var/log/ipa*.log from affected replica will be invaluable (along with exact
package version numbers [including p11-kit] and repo configuration).
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project