On 4.12.2014 05:02, Janelle wrote:
> Thanks -- still a bit strange that it did not show up on some servers - vary
> random and intermittent.
> 
> BTW - a bit of information others might find useful.  If you try to use the
> "LDAP" portion of IPA for authentication - rather than fulling installing the
> IPA client and using Kerberos - the servers running ds-389 do not do well in
> handling the load. In other words - a few hundred hosts trying to authenticate
> via LDAP only will send CPU through the roof and crashes the slapd process
> often.   Since IPA is supposed to handle all options, I guess I am 
> disappointed.
> 
> regards
> ~J
> 
> 
> On 12/3/14 2:56 PM, Dmitri Pal wrote:
>> On 12/03/2014 04:40 PM, Janelle wrote:
>>> Here is a bit of baffling one on 4.0.5:
>>>
>>> Replica install p11-kit???
>>
>> This is a part of the DNSSEC set of packages.
>>
>>>
>>> Connection from master to replica is OK.
>>>
>>> Connection check OK
>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>> Configuring NTP daemon (ntpd)
>>>   [1/4]: stopping ntpd
>>>   [2/4]: writing configuration
>>> ...
>>>
>>> Your system may be partly configured.
>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>
>>> LDAP error: UNWILLING_TO_PERFORM
>>> database is read-only
>>>
>>>
>>> Thoughts?

We need more information about your problem.

As always, please start with information requested on
http://www.freeipa.org/page/Troubleshooting#Reporting_bugs

/var/log/ipa*.log from affected replica will be invaluable (along with exact
package version numbers [including p11-kit] and repo configuration).

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to