======
[root@vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns 
--forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg  
--skip-conncheck
Checking forwarders, please wait ...
WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in answers
Please fix forwarder configuration to enable DNSSEC support.
(For BIND 9 add directive "dnssec-enable yes;" to "options {}")
WARNING: DNSSEC validation will be disabled
======

The AD server is a win2k12r2.

regards

Steven
________________________________________
From: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> on 
behalf of Dmitri Pal <d...@redhat.com>
Sent: Thursday, 12 March 2015 9:07 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA 4.1.0 in RHEL 7.1

On 03/11/2015 03:49 PM, Steven Jones wrote:
> Hi,
>
> When I try to join a 7.1 based replica to an existing setup and use an AD 
> forwarder the command complains that the AD box isnt doing DNSSEC suggesting 
> to me it is present in 7.1?

Can you share the message that you get and what steps you take to get to
that message?

>
> At the moment however I cant join a 7.1 based IPA server into a 6.6 based IPA 
> cluster.  Or a 7.1 client to IPA, to 6.6 for that matter, 7.0 works fine 
> though.
>
>
> regards
>
> Steven
>
> ________________________________________
> From: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> on 
> behalf of Erinn Looney-Triggs <erinn.looneytri...@gmail.com>
> Sent: Thursday, 12 March 2015 8:15 a.m.
> To: freeipa-users@redhat.com
> Subject: [Freeipa-users] IPA 4.1.0 in RHEL 7.1
>
> First off congratulations on getting this out. Love the new UI, all pretty and
> integrates well with the access.redhat.com UI.
>
> Second, did DNSSEC not make the chop? It looks like for FreeIPA DNSSEC was
> included in the 4.1.0 release, but near as I can tell it is not part of IPA
> 4.1.0 in RHEL 7.1.
>
> Third, there appears to be a behavior change from in ipalib. I cleaned up a
> little inventory script for ansible, you can take a look at it here:
> https://github.com/ansible/ansible/blob/devel/plugins/inventory/freeipa.py
>
> Before RHEL 7.1 the call to api.Command.hostgroup_find()['result'] on line 30
> worked, now it fails:
>
> Traceback (most recent call last):
>    File "./freeipa.py", line 133, in <module>
>      list_groups(api)
>    File "./freeipa.py", line 71, in list_groups
>      result = api.Command.host_find()['result']
>    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in
> __call__
>      ret = self.run(*args, **options)
>    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in 
> run
>      return self.forward(*args, **options)
>    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 776, in
> forward
>      return self.Backend.rpcclient.forward(self.name, *args, **kw)
>    File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 880, in forward
>      command = getattr(self.conn, name)
>    File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 97, in
> __get_conn
>      self.id, threading.currentThread().getName())
> AttributeError: no context.rpcclient in thread 'MainThread'
>
> Is this expected? Is this a regression?
>
> Thanks again for your work.
>
> -Erinn
>


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to