[Freeipa-users] Re: FreeIPA DNS troubleshooting

2018-04-05 Thread Tony Brian Albers via FreeIPA-users
Of course it is :) A suggestion would be to log in to 389ds and see what it says internally, that might give you an idea of what is going on. You need the 389ds administration console to do that. /tony On 2018-04-05 15:58, Kristian Petersen via FreeIPA-users wrote: > The 3 is next to the

[Freeipa-users] Re: Third Party SSL for HTTP and Certmonger SSL for LDAP

2018-04-05 Thread Alka Murali via FreeIPA-users
Hi Rob, > Often people make backups of the databases. Have you looked to see if > they exist? >Given you have no RA agent cert (ipaCert) IPA has no way to talk to your >existing dogtag CA. I'd start with a hunt for backups. There may be a >way to force dogtag to generate a new on, I'd cc'd one

[Freeipa-users] Re: FreeIPA v4.5.0 install lost topology suffixes

2018-04-05 Thread Gavin Williams via FreeIPA-users
Petr Yeh, I was unable to see the suffixes and replication agreements via the WebUI. However searching using ldapsearch, they were still present. So I tracked the issue down to my named user account not having enough permissions. Logged in as ‘admin’ user and was able to see all the details.

[Freeipa-users] Re: FreeIPA v4.5.0 install lost topology suffixes

2018-04-05 Thread Petr Vobornik via FreeIPA-users
On Wed, Apr 4, 2018 at 4:31 PM, Gavin Williams via FreeIPA-users wrote: > Afternoon all > > I’ve got a slightly strange one with one of our FreeIPA clusters, whereby the > topology suffixes appear to have disappeared. How is this manifested? No visible in

[Freeipa-users] Re: Third Party SSL for HTTP and Certmonger SSL for LDAP

2018-04-05 Thread Rob Crittenden via FreeIPA-users
Alka Murali wrote: > Hi Rob, > > I can see that the certs with nickname 'Server-Cert' doesn't exist on my > server for HTTP/LDAP. Hence, I believe, it is not possible apply the > changes to the des.ldif and nss configuration. Often people make backups of the databases. Have you looked to see if

[Freeipa-users] Re: Fwd: Centos Update to 4.6.X

2018-04-05 Thread Rob Crittenden via FreeIPA-users
Jens Laufer via FreeIPA-users wrote: > Hey, > > i run an centos vserver with freeipa in version 4.5 but i am not able to > upgrade it to 4.6.x. > > I tried yum update allready and looked at the upgrade > (https://www.freeipa.org/page/Upgrade > ), but didnt

[Freeipa-users] FreeIPA ipa-ca-install problem at the second replica

2018-04-05 Thread Jan Gardian via FreeIPA-users
Hello, We have freeipa installed in our environment with two master replica servers but only one have CA installed. I tried to install CA also at the second server but got error during communication with first replica "HTTPError: 502 Server Error: Proxy Error". Server's OS: "Ubuntu 16.04.3

[Freeipa-users] Re: FreeIPA DNS troubleshooting

2018-04-05 Thread Kristian Petersen via FreeIPA-users
The 3 is next to the decimal key on the number pad. Ha ha. On Thu, Apr 5, 2018 at 12:04 AM, Tony Brian Albers via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On 2018-04-04 22:45, Kristian Petersen via FreeIPA-users wrote: > > I am in the process of switching a small network

[Freeipa-users] Fwd: Centos Update to 4.6.X

2018-04-05 Thread Jens Laufer via FreeIPA-users
Hey, i run an centos vserver with freeipa in version 4.5 but i am not able to upgrade it to 4.6.x. I tried yum update allready and looked at the upgrade ( https://www.freeipa.org/page/Upgrade), but didnt found any helpfull informations. Any idea what is wrong? thank you very much

[Freeipa-users] Re: Failed to start pki-tomcatd Service - javax.ws.rs.ServiceUnavailableException: Subsystem unavailable

2018-04-05 Thread Florence Blanc-Renaud via FreeIPA-users
On 04/04/2018 04:16 PM, lejeczek via FreeIPA-users wrote: On 04/04/18 12:43, Florence Blanc-Renaud wrote: You need to check which server is your renewal master (ipa config-show | grep 'IPA CA renewal master'), then make sure that the certs were properly renewed on this master (check

[Freeipa-users] Re: Failed to start pki-tomcatd Service - javax.ws.rs.ServiceUnavailableException: Subsystem unavailable

2018-04-05 Thread Florence Blanc-Renaud via FreeIPA-users
On 04/04/2018 03:21 PM, lejeczek via FreeIPA-users wrote: On 04/04/18 12:43, Florence Blanc-Renaud wrote: Hi, CA_WORKING means that certmonger's helper is trying to download the certificate from LDAP, but does not find new certs. In topologies with multiple servers, only one server is the

[Freeipa-users] Re: Failed to start pki-tomcatd Service - javax.ws.rs.ServiceUnavailableException: Subsystem unavailable

2018-04-05 Thread Florence Blanc-Renaud via FreeIPA-users
On 04/04/2018 02:49 PM, lejeczek via FreeIPA-users wrote: On 04/04/18 12:43, Florence Blanc-Renaud wrote: On 04/04/2018 12:37 PM, lejeczek via FreeIPA-users wrote: On 04/04/18 09:36, Florence Blanc-Renaud wrote: On 04/03/2018 08:37 PM, lejeczek wrote: On 29/03/18 12:43, Florence

[Freeipa-users] Re: Third Party SSL for HTTP and Certmonger SSL for LDAP

2018-04-05 Thread Alka Murali via FreeIPA-users
Hi Rob, I can see that the certs with nickname 'Server-Cert' doesn't exist on my server for HTTP/LDAP. Hence, I believe, it is not possible apply the changes to the des.ldif and nss configuration. Is it possible for me to install the certs, by generating the Dogtag certs using the steps in the

[Freeipa-users] Re: FreeIPA DNS troubleshooting

2018-04-05 Thread Tony Brian Albers via FreeIPA-users
On 2018-04-04 22:45, Kristian Petersen via FreeIPA-users wrote: > I am in the process of switching a small network over from a DNS hosted > on a pfSense firewall appliance to one handled by FreeIPA.  I haven't > got a lot of expereience with DNS in this regard. When I made the cut > over,