F your I: The kpasswd issue was only temporary... A while later it was
working just time. Setting passwords in the webUI wasn't enough for oVirt,
I needed to set passwords with kpasswd. By the time I figured that out,
kpasswd was working with no changes (kdestroy/kinit were done when it
wasn't work
Hey, that did it! You're the man!
I didn't have to downgrade openldap, just changed /etc/openldap/ldap.conf
to "SASL_NOCANON off". This allowed the install script to complete, and the
install script overwrite ldap.conf anyway removing SASL_NOCANON altogether,
so things still work.
I rolled my own
Derek Moore wrote:
Setting /etc/hostname manually and several restarts and reboots later, I
finally got the install to work (mostly) properly again last night.
But I still cannot get the XML-RPC server to function properly, the end
of the install script fails on /usr/sbin/ipa-client-install:
Setting /etc/hostname manually and several restarts and reboots later, I
finally got the install to work (mostly) properly again last night.
But I still cannot get the XML-RPC server to function properly, the end of
the install script fails on /usr/sbin/ipa-client-install:
ipalib.errors.Network
First I'll undo the oVirt/FreeIPA relationship:
# engine-manage-domains -action=delete -domain=hackunix.org
...
Manage Domains completed successfully
# service ovirt-engine restart
oVirt works with internal domain and admin user.
Now let's uninstall FreeIPA:
# pkidestroy -s CA -i pki
> Did you restart all IPA services including KDC after you changed the minssf?
Yes, tried many combinations of restarts and reboots trying to undo the
breakage.
I found a similar thread on here ("sudden ipa errors") where someone spent a
lot of time debugging when suddenly RH support came back
On 05/07/2013 07:08 PM, Derek Moore wrote:
> I'm running FreeIPA 3.2.0 Beta 1 in Fedora 19 Alpha, and I'm running
> oVirt 3.3.0 pre-Beta in Fedora 18.
>
> In order to get oVirt's JGSS crap to work with FreeIPA, I had to
> change nsslapd-minssf to 1 (apparently a known issue right now in
> OpenJDK).
I'm running FreeIPA 3.2.0 Beta 1 in Fedora 19 Alpha, and I'm running oVirt
3.3.0 pre-Beta in Fedora 18.
In order to get oVirt's JGSS crap to work with FreeIPA, I had to change
nsslapd-minssf to 1 (apparently a known issue right now in OpenJDK). But
this setting seems to break ipa CLI, and when I c