On Mon, 2018-03-26 at 14:50 -0400, Rob Crittenden via FreeIPA-users
wrote:
>
> Sure looks like the problem is in the selfsign CA. Can you start
> certmonger from the command-line in debug mode to see if there is any
> indication why?
>
> # certmonger -d 9 -n
2018-03-26 15:09:42 [10537] Starting
On Mon, 2018-03-26 at 14:44 -0400, Rob Crittenden via FreeIPA-users
wrote:
>
> named requires 389-ds to be running. It is easier to manage the order
> within IPA than systemd.
Just curious, why is that more difficult in systemd? Is this the
dirsrv.target, yes? Is this difficulty a short-coming
Brian J. Murrell via FreeIPA-users wrote:
> I see on my EL7 machine with IDM (freeipa) installed that named-
> pcks11.service is actually set to disabled in systemd, but it is
> started at some point, presumably, directly by the ipa.service unit's
> /usr/sbin/ipactl.
>
> This causes problems with
On Mon, 2018-03-26 at 10:30 -0400, Rob Crittenden via FreeIPA-users
wrote:
> Brian J. Murrell via FreeIPA-users wrote:
> > I've been experiencing certmonger taking (too) long to start up and
> > systemd ends up giving up on it:
> >
> > Mar 25 08:47:41 server.interlinx.bc.ca systemd[1]: Starting
>
Brian J. Murrell via FreeIPA-users wrote:
> I've been experiencing certmonger taking (too) long to start up and
> systemd ends up giving up on it:
>
> Mar 25 08:47:41 server.interlinx.bc.ca systemd[1]: Starting Certificate
> monitoring and PKI enrollment...
> Mar 25 08:49:24
So today I come in to work and find that one of my FreeIPA servers isn't
synching with the rest of the cluster. I have a policy set to to go in a big
square. I tried doing a ipa-replica-manage force-sync --verbose and then tried
doing a re-initialize. I have the networks wide open to allow
