On 03/11/2015 04:37 PM, Steven Jones wrote:
======
[root@vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns 
--forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg  
--skip-conncheck
Checking forwarders, please wait ...
WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in answers
Please fix forwarder configuration to enable DNSSEC support.
(For BIND 9 add directive "dnssec-enable yes;" to "options {}")
WARNING: DNSSEC validation will be disabled
======

The AD server is a win2k12r2.

Thanks, I will follow up.

regards

Steven
________________________________________
From: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> on behalf 
of Dmitri Pal <d...@redhat.com>
Sent: Thursday, 12 March 2015 9:07 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA 4.1.0 in RHEL 7.1

On 03/11/2015 03:49 PM, Steven Jones wrote:
Hi,

When I try to join a 7.1 based replica to an existing setup and use an AD 
forwarder the command complains that the AD box isnt doing DNSSEC suggesting to 
me it is present in 7.1?
Can you share the message that you get and what steps you take to get to
that message?

At the moment however I cant join a 7.1 based IPA server into a 6.6 based IPA 
cluster.  Or a 7.1 client to IPA, to 6.6 for that matter, 7.0 works fine though.


regards

Steven

________________________________________
From: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> on behalf 
of Erinn Looney-Triggs <erinn.looneytri...@gmail.com>
Sent: Thursday, 12 March 2015 8:15 a.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] IPA 4.1.0 in RHEL 7.1

First off congratulations on getting this out. Love the new UI, all pretty and
integrates well with the access.redhat.com UI.

Second, did DNSSEC not make the chop? It looks like for FreeIPA DNSSEC was
included in the 4.1.0 release, but near as I can tell it is not part of IPA
4.1.0 in RHEL 7.1.

Third, there appears to be a behavior change from in ipalib. I cleaned up a
little inventory script for ansible, you can take a look at it here:
https://github.com/ansible/ansible/blob/devel/plugins/inventory/freeipa.py

Before RHEL 7.1 the call to api.Command.hostgroup_find()['result'] on line 30
worked, now it fails:

Traceback (most recent call last):
    File "./freeipa.py", line 133, in <module>
      list_groups(api)
    File "./freeipa.py", line 71, in list_groups
      result = api.Command.host_find()['result']
    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in
__call__
      ret = self.run(*args, **options)
    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in run
      return self.forward(*args, **options)
    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 776, in
forward
      return self.Backend.rpcclient.forward(self.name, *args, **kw)
    File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 880, in forward
      command = getattr(self.conn, name)
    File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 97, in
__get_conn
      self.id, threading.currentThread().getName())
AttributeError: no context.rpcclient in thread 'MainThread'

Is this expected? Is this a regression?

Thanks again for your work.

-Erinn


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to