Sorarely, a second server is built with the same fqdn, causing an issue
with the original server kerberos realm membership...thing.
Is there an easy way to check/confirm this similar to how you'd check the
computer accounts for M$ AD?
Thanks in advance!
-Jake
__
We have experienced several cases of end users not being able to authenticate.
While investigating I've found that I can not obtain kinit credentials on the
local freeipa replicaipactl however shows all processes including Directory
Server as running. Doing ipactl restart hangs but service ipa
OK I think I got the ldapmodify to work. I reran the commands to check
the two certs and they appear to match now. However, when I run an ipactl
restart the system still fails on pki-tomcatd.
On Mon, Oct 30, 2017 at 3:42 AM, Florence Blanc-Renaud
wrote:
> On 10/28/2017 01:15 AM, Kristian Pete
I've finally had a chance to make this attempt and after running the clean up:
# python /usr/share/pki/scripts/restore-subsystem-user.py -v
Subsystem certificate: 2;4;CN=Certificate Authority,O=DOMAIN.TLD;CN=CA
Subsystem,O=DOMAIN.TLD
-BEGIN CERTIFICATE-
*snip*
-END CERTIFICATE-
Us
On 10/28/2017 01:15 AM, Kristian Petersen via FreeIPA-users wrote:
I forgot to include the results of the commands in case it is helpful:
-bash-4.2$ ldapsearch -LLL -D 'cn=directory manager' -W -b
uid=pkidbuser,ou=people,o=ipaca userCertificate description seeAlso
Enter LDAP Password:
dn: uid=
On 10/30/2017 03:55 AM, Sergei Gerasenko via FreeIPA-users wrote:
Hi,
When searching for RUVs, agreements, etc, the following ldapsearch command can
be used:
ldapsearch -xLLL -h HOST -D "cn=directory manager" -W -b cn=config cn=replica
nsds50ruv -o ldif-wrap=no
That seems to work. The report
On 10/30/2017 03:56 AM, Sergei Gerasenko via FreeIPA-users wrote:
Hi,
When searching for RUVs, agreements, etc, the following ldapsearch
command can be used:
ldapsearch -xLLL -h HOST -D "cn=directory manager" -W -b cn=config
cn=replica nsds50ruv -o ldif-wrap=no
That seems to work. The rep