On 7/19/24 8:26 AM, Rob Crittenden via FreeIPA-users wrote:
seojeong kim via FreeIPA-users wrote:
389 directory service automatically restarted. I can't find specific error to
trigger restart. there is no PANIC error and deadlock detect error...
there is only just 'Incomming BER element w
Johnnie W Adams wrote:
> So I adjusted my command line to point at the entire forest and not a
> single domain controller, and got both a trust and a much more
> interesting error:
>
> ipa: INFO: Response: {
>
> "error": {
>
> "code": 906,
>
> "data": {
>
> "err
So I adjusted my command line to point at the entire forest and not a
single domain controller, and got both a trust and a much more interesting
error:
ipa: INFO: Response: {
"error": {
"code": 906,
"data": {
"error": "Fetching domains from trusted forest failed
Rob Crittenden wrote:
The final line should read "INFO: ACME engine started"
Yes, this line is in the log
```
2024-07-18 13:18:27 [main] INFO: Loading ACME monitors config from
/var/lib/pki/pki-tomcat/conf/acme/configsources.conf
Vadim Dobroskokin via FreeIPA-users wrote:
> Yes, i have `/etc/pki/pki-tomcat/Catalina/localhost/acme.xml`
I've cc'd one of the PKI developers.
Perhaps next take a look at
/var/log/pki/pki-tomcat/acme/debug..log for any errors during startup.
The final line should read "INFO: ACME engine started
> Got what new ticket? IPA provides its own tooling for managing keytabs,
> ipa-getkeytab.
I kept saying ticket. I meant keytab. I used ktutil to get new keytab entries.
> On another system you might try kvno to see what IPA thinks the principal
> version should be with just kvno ldap/
On a cl
That's some verbose error logging! I think I've found the relevant line,
though:
dns child failed to find name '_ldap._tcp.adtest1.ad.test.example.com' of
type SRV
I checked with dig, and this record does not appear.
--
___
FreeIPA-users mailing list -
Johnnie W Adams via FreeIPA-users wrote:
> Hi, folks,
>
> Everywhere I check, I see this error associated with firewall
> issues. To get around that, I put my box on the same network segment as
> the ad boxes. No firewall between them. But I am still getting this
> message when I try to creat
I should add that this is the error message when I run with the -vv switch:
ipa: INFO: Response: {
"error": {
"code": 4001,
"data": {
"reason": "Cannot find specified domain or server name"
},
"message": "Cannot find specified domain or server
Hi, folks,
Everywhere I check, I see this error associated with firewall issues.
To get around that, I put my box on the same network segment as the ad
boxes. No firewall between them. But I am still getting this message when I
try to create a trust: ipa: ERROR: Cannot find specified domain o
>> On 18 Jul 2024, at 22:15, Rob Crittenden wrote:
>>
>> Francis Augusto Medeiros-Logeay wrote:
>>
>>
>>
>> I am a bit lost here. Shouldn’t adding these privileges be enough to
>> create users? And if the user is added to the admin group, shouldn’t
>> users it creates via ldap (not ipa user-
Yes, i have `/etc/pki/pki-tomcat/Catalina/localhost/acme.xml`
```
$ sudo cat /etc/pki/pki-tomcat/Catalina/localhost/acme.xml
```
vadim
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an em
carrollbry...@gmail.com wrote:
> (Resending this email, files were too large)
>
> Sorry for the delayed reply. I was on vacation for a few days.
>
>> Please show us the KDC log when you are provoking a failure.
>
> I'm attaching the slapd access, slapd error, krb5kdb.log and kadmind.log. The
>
Vadim Dobroskokin via FreeIPA-users wrote:
> Yes, the directory is in place.
>
> ```
> $ sudo ls -lah /var/lib/pki/pki-tomcat/conf/acme
> total 24K
> drwxr-x---. 2 pkiuser pkiuser 109 Mar 16 2023 .
> drwxrwx---. 8 pkiuser pkiuser 4.0K May 13 12:38 ..
> -rw---. 1 pkiuser pkiuser 157 Mar 16
seojeong kim via FreeIPA-users wrote:
> 389 directory service automatically restarted. I can't find specific error
> to trigger restart. there is no PANIC error and deadlock detect error...
>
> there is only just 'Incomming BER element was too long'
> This error situation can trigger LDA
Yes, the directory is in place.
```
$ sudo ls -lah /var/lib/pki/pki-tomcat/conf/acme
total 24K
drwxr-x---. 2 pkiuser pkiuser 109 Mar 16 2023 .
drwxrwx---. 8 pkiuser pkiuser 4.0K May 13 12:38 ..
-rw---. 1 pkiuser pkiuser 157 Mar 16 2023 configsources.conf
-rw---. 1 pkiuser pkiuser 149
389 directory service automatically restarted. I can't find specific error to
trigger restart. there is no PANIC error and deadlock detect error...
there is only just 'Incomming BER element was too long'
This error situation can trigger LDAP restart automatically ?
[19/Jul/2024:06:2
17 matches
Mail list logo
