I think I do not have this problem anymore. There are still problems in
upgrading from pre-releases to 4.7.1 (see #1800631), but probably for
different reasons.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
I had a very similar problem (with bionic). I was able to upgrade to
FreeIPA 4.3.1 by installing version 3.36.1 of the package libnss3, from
the cosmic repositories. There is a bug in the version 3.35 distributed
with bionic (see https://bugzilla.redhat.com/show_bug.cgi?id=1568271)
which prevents
Package version 1:9.11.3+dfsg-1ubuntu1.3 in -proposed also works for me.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
A new bind has been pushed to bionic (1:9.11.3+dfsg-1ubuntu1.2). This is
newer than bind9 in ppa:freeipa/ppa, but does not contain the fix for
this bug. Therefore, bind9 upgrade should be prevented by helding the
ppa package, or bind9-pkcs11 will stop working.
--
You received this bug
I confirm that this works for me, too.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1793994
Title:
freeipa server upgrade fails trying to switch to authselect
Status in freeipa package in
Public bug reported:
The file "/usr/lib/python2.7/dist-packages/ipaplatform/debian/paths.py"
is missing the line
GZIP = "/bin/gzip"
Without this definition, the default incorrect value of "/usr/bin/gzip"
is used. Among the others, this is required by the "ipa-backup" command.
** Affects:
Public bug reported:
I am trying to upgrade from freeipa 4.7.0~pre1 to 4.7.0~pre2-0~ppa3 of
the staging repository. The install fails with the following error:
RemoteRetrieveError: Failed to authenticate to CA REST API
In the past, I also tried upgrading freeipa 4.7.0~pre1 to
4.7.0~pre2-0~ppa2
Actually, on a second attempt, ~ppa3 works fine. Wierd.. both my
attempts were clean installations.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1772450
Title:
freeipa server -- problems
No, I cannot retry ~ppa2 since it seems not to be available anymore and
I deleted my previous installation my mistake.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1772450
Title:
freeipa
I confirm that it works!
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1772921
Title:
freeipa web ui -- incorrect configuration for awesome fonts
Status in freeipa package in Ubuntu:
In
I confirm that it works!
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1772205
Title:
freeipa install does not correctly setup krb5-admin-server
Status in freeipa package in Ubuntu:
In
Confirming that it works!
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1772447
Title:
freeipa installation - directory /var/lib/krb5kdc is not accessible by
Apache
Status in freeipa
I tried installing with 4.7.0.pre2, but I get an exception
KeyError: 'FONT_AWESOME_DIR'
I think you should add
FONT_AWESOME_DIR=paths.FONT_AWESOME_DIR
in the create_instance function in httpinstance.py
--
You received this bug notification because you are a member of FreeIPA,
which is
In my case, with dogtag 10.6.1-0ubuntu0.1, giving the "pki cert-find"
command returns tons of warning of the kind
WARN: RESTEASY002145: NoClassDefFoundError: Unable to load builtin
provider org.jboss.resteasy.plugins.providers.InputStreamProvider from
Public bug reported:
Hi, another bug for FreeIPA, but this is quite trivial and not very
important either. The file /usr/share/ipa/ipa.conf.template containw the
line
Alias /ipa/ui/fonts/fontawesome "${FONTS_DIR}/fontawesome"
for providing the Awesome font to web browsers. $FONTS_DIR si
I think the my trick (copy /usr/sbin/named into /usr/sbin/named-pkcs11)
works quite well. Not sure about the differences between named and
named-pkcs11, but I think it is essentially the fact that named-pkcs11
supports cryptographic devices while plain named doesn't. In order to
avoid
Public bug reported:
After having installed FreeIPA server on Ubuntu 18.04 and having sorted
out all the other bugs, I still have problems with certificates.
In the web interface, every attempt to select the "Authentication ->
Certificates" tab ends with the following error
IPA Error 4301:
Public bug reported:
After having installed FreeIPA on Ubuntu 18.04, I cannot login by the
web interface. I think the problem is that Apache uses the certificate
in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this
file is readable by everyone, the directory /var/lib/krb5kdc is
For some reason, I have /usr/sbin/named in enforce mode by default (I am
sure I did not change anything manually). Ubuntu 18.04 installed with an
alternate CD on a KVM virtual machine.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in
Public bug reported:
The package opendnssec-common has a configuration file in
/usr/share/opendnssec/conf.xml. This file get copied into
/etc/opendnssec/conf.xml but, since it is invalid (due to nested
comments, I think), the services opendnssec-signer and opendnssec-
enforcer do not start, and
Public bug reported:
In Ubuntu 18.04, ipa-dns-intall (or ipa-server-install when asking to
configure BIND) does not create reverse DNS zones for my domain. Note
that I already fixed (or more correctly, circumvented) other bugs
involving BIND, such as
I added your line just before the case statement in ipa-httpd-pwdreader,
and it works.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1769485
Title:
freeipa install server fails - cannot
Changed affected package.
** Package changed: tomcat8 (Ubuntu) => freeipa (Ubuntu)
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1772205
Title:
freeipa install does not correctly setup
I tried with the Alternate ISO. The problem still occurs, but now I can
change the hostname to my fully qualified domain name with hostnamectl
in a reliable way. Still, ipa-server-install should work with a simple
hostname, since this is the standard for Ubuntu sysems.
--
You received this bug
I realized now that "hostnamectl set-hostname" is not deterministic.
Most of the times, the new hostname is lost after reboot, sometimes,
without any apparent reason, it is preserved. The problem is that I
installed Ubuntu 18.04 with the Live image, which has some peculiarities
(see
I was able to permanently change the host name with "hosnamectl --set-
hostname". Nonetheless, I still thinks there is a bug here, because the
Ubuntu 18.04 installer only allows me to set a unqualified host name,
while "ipa-server-install" insists on a FQDN, and the two do not
matches.
--
You
I made some progress. The problem is that the script /usr/lib/ipa/ipa-
httpd-pwdreader, which reads the passphrase of the SSL key on behalf of
Apache, checks that the hostname passed by Apache has the same value of
the $HOSTNAME environment variable. In my case, the two are different:
Apache uses
Right... it was a race condition. Also, increasing the number of CPU and
amount of memory in my virtual machine solved the problem.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1765616
Title:
ipa-server-install still fails for me during step "[24/28]: migrating
certificate profiles to LDAP". It gives me the following error:
NetworkError: cannot connect to
'https://ipa.labeconomnia.unich.it:8443/ca/rest/account/login': [Errno
111] Connection refused
The problem is that, when this
29 matches
Mail list logo
