[Freeipa-users] Re: how I spent my day (hints on dealing with issues setting up a replica)

2017-10-06 Thread Rob Crittenden via FreeIPA-users
Charles Hedrick via FreeIPA-users wrote: > In case anyone else has the same problem, let me document what I did today > with our IPA installation (Centos 7.3) Sorry to hear you had so many problems. > > We started out by installing a primary with a default install, and doing >

[Freeipa-users] how I spent my day (hints on dealing with issues setting up a replica)

2017-10-06 Thread Charles Hedrick via FreeIPA-users
In case anyone else has the same problem, let me document what I did today with our IPA installation (Centos 7.3) We started out by installing a primary with a default install, and doing ipa-replica-install with no parameters. That worked fine. We then install a commercial certificate, because

[Freeipa-users] Re: IPA Server Upgrade Error

2017-10-06 Thread Charles Hedrick via FreeIPA-users
We were in the same situation. I tried this solution, and it does fix the problem with not being able to upgrade. However it still leaves an inconsistency in the configuration. I was unable to add a new replica. It failed at the CA step, even if the new replica was installed without CA. The

[Freeipa-users] Re: Valid Sender ? - Re: Re: Web UI login fails after upgrading to 4.5

2017-10-06 Thread Alexander Bokovoy via FreeIPA-users
On pe, 06 loka 2017, Marius Bjørnstad wrote: Wow that's well spotted! That IP is the 4.4 server (I just blindly assumed that it would use the value in krb5.conf, which is the 4.5 server). It goes to 248 every time. strace showed me that kinit gets the IP address from

[Freeipa-users] Re: Valid Sender ? - Re: Re: Web UI login fails after upgrading to 4.5

2017-10-06 Thread Marius Bjørnstad via FreeIPA-users
Just learned a new keyboard shortcut in my mail client. Didn't mean to send without saying thanks a lot, that was very helpful. > 6. okt. 2017 kl. 12.24 skrev Marius Bjørnstad via FreeIPA-users > : > > Wow that's well spotted! That IP is the 4.4 server (I

[Freeipa-users] Re: Valid Sender ? - Re: Re: Web UI login fails after upgrading to 4.5

2017-10-06 Thread Marius Bjørnstad via FreeIPA-users
Wow that's well spotted! That IP is the 4.4 server (I just blindly assumed that it would use the value in krb5.conf, which is the 4.5 server). It goes to 248 every time. strace showed me that kinit gets the IP address from /var/lib/sss/pubconf/kdcinfo.OUS.NSC.LOCAL. This file contains only

[Freeipa-users] Re: Valid Sender ? - Re: Re: Web UI login fails after upgrading to 4.5

2017-10-06 Thread Alexander Bokovoy via FreeIPA-users
On pe, 06 loka 2017, Marius Bjørnstad via FreeIPA-users wrote: Thanks for the replies! I do have the krb5-pkinit package installed. ipa-pkinit-manage status was disabled, but enabling it with ipa-pkinit-manage enable didn't fix the problem. $ ipa pkinit-status --server=SERVER_NAME says PKINIT