[Freeipa-users] Hard Crash of Server Corrupted IPA
Auerbach, Steven via FreeIPA-users wrote:
> A storage subsystem failure below our virtualization layer caused a
> hard crash of our 2^nd IPA Master. It will not start back up.
>
> $ Systemctl status –l ipa
>
> ● ipa.
rupted IPA
Auerbach, Steven via FreeIPA-users wrote:
> A storage subsystem failure below our virtualization layer caused a
> hard crash of our 2^nd IPA Master. It will not start back up.
>
> $ Systemctl status –l ipa
>
> ● ipa.service - Identity, Policy, Audit
>
> Loade
A storage subsystem failure below our virtualization layer caused a hard crash
of our 2nd IPA Master. It will not start back up.
$ Systemctl status -l ipa
● ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor preset:
disabled)
Active:
I have tried to set this server to clear SecureWorks Vulnerabilities. This
warning I do not understand. I have the following in nss.conf:
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
NSSCipherSuite
I have been able to force NSSProtocol to TLSv1.2 on the web service of this IPA
server in the nss.conf. But I am receiving a Threat Assessment Hit
(SecureWorks) that TLSv1.0 is open on port 636/TCP. I attempted to manually
edit the /etc/dirsrv/slapd-/dse.ldif file, but once I made that change
From: Florence Blanc-Renaud
Sent: Monday, June 22, 2020 3:40 AM
To: FreeIPA users list
Cc: Auerbach, Steven
Subject: Re: [Freeipa-users] Problems Cleaning Up After Migration and Upgrade
On 6/20/20 9:59 PM, Auerbach, Steven via FreeIPA-users wrote:
> I have finally been able to create an RHEL7/IP
I have finally been able to create an RHEL7/IPAv4 server using
ipa-replica-prepare on a RHEL6/IPA v3 server (ipa01)(added the needed schema)
and running ipa-replica-install on the RHEL7/IPAv4 server (ipa03). I followed
a number of steps to stop CA and CA Renewal on ipa01 and make ipa03 the CA a
Can we add the CA mastery or CA replica to an IPA v4 server that is a replica
and later promote to CA mastery? We have a IPA v3 server that has been the
only CA master for several years. We have a recent IPAv4 replica that was set
up without DNS or CA or NTP at the point of creation, so only th
https://bugzilla.redhat.com/show_bug.cgi?id=1035010\
I need to resolved this in order to do an in-place upgrade from Linux 6 to
Linux 7 and have my IPA upgrade in place from v3 to v4.
Steven Auerbach
Assistant Director of Information Systems
Information Technology & Security
State University Sy
eIPA users list
Cc: Auerbach, Steven
Subject: Re: [Freeipa-users] ipa-replica-install latest failure attempt:
On 11/18/19 11:24 PM, Rob Crittenden wrote:
> Auerbach, Steven via FreeIPA-users wrote:
>> Executed ipa-replica-prepare on an RHEL 6.9 server running ipa-server
>>
Executed ipa-replica-prepare on an RHEL 6.9 server running ipa-server
3.0.0.1_51 (name : ipa01)
Yum installed ipa-server, ipa-server-dns, bind-dyndb-ldap on the target Linux
7.6 server (name: ipa04)
Copied the file to the target server to which ipa-server 4.6.5-11.0.1 is
installed (ipa04)
Copie
, 2019 1:25 PM
To: FreeIPA users list ; Florence
Blanc-Renaud
Cc: Auerbach, Steven
Subject: Re: [Freeipa-users] Re: CA Master Confusion
Auerbach, Steven via FreeIPA-users wrote:
> After several weeks I am moving back to this project.
>
> I am reading the "Howto/Promote CA to Renewal
ahassee, Florida 32399
(850) 245-9592
www.flbog.edu
-Original Message-
From: Florence Blanc-Renaud
Sent: Tuesday, August 27, 2019 9:20 AM
To: FreeIPA users list
Cc: Auerbach, Steven
Subject: Re: [Freeipa-users] CA Master Confusion
On 8/6/19 9:21 PM, Auerbach, Steven via FreeIPA-users wrote:
As I work through understanding the current state of my CA mastering in this
realm I am getting results I do not understand from these ipa commands (on the
v4.6.4 server) and from the ldapsearch commands (on the v3.0.0 server):
On the v4.6.4 replica (ipa<3>):
$ sudo ipa config-show |grep 'CA rene
Crittenden ; Auerbach, Steven
Subject: Re: [Freeipa-users] Re: Replacing IPA v3.0.0-51 on OEL6 with IPA
v4.6.4-10 on OEL7: Making the newest replica the master
On Tue, Aug 6, 2019 at 2:59 PM Auerbach, Steven via FreeIPA-users
wrote:
>
> When I add the --no-lookup option on the v4.6.4 ipa se
ct: Re: [Freeipa-users] Re: Replacing IPA v3.0.0-51 on OEL6 with IPA
v4.6.4-10 on OEL7: Making the newest replica the master
Auerbach, Steven via FreeIPA-users wrote:
> From the master-master original IPA v3.0.0 server - - I ran and
> received the following responses:
> NOTE: u
From the master-master original IPA v3.0.0 server - - I ran and received
the following responses:
NOTE: using aliases within arrow points for ambiguation.
[@ ~]$ sudo ipa-replica-manage list -v ''
[sudo] password for :
Cannot find in public server list
[@ ~]$ sudo ipa-replica-manage
I am struggling through this. I have a new server built and IPA 4.6.4-10
installed. I made it a replica from the v3.0.0-51 master.
Ipa-replica-manage shows 3 ipa servers, the original 2 v3.0.0-51 servers and
the new ipa v4.6.4-10 server. But when I poll for replication agreements I get
no ans
We perform monthly patching of our IPA servers on consecutive weeks. We have a
realm member server that loses it's 'A' record in DNS after every monthly
patching cycle on the first of our 2 IPA servers. And this member server is the
ONLY machine to have such a problem.
Using the DNS Admin GUI
We perform monthly patching of our IPA servers on consecutive weeks. We have a
realm member server that loses it's 'A' record in DNS after every monthly
patching cycle on the first of our 2 IPA servers. And this member server is the
ONLY machine to have such a problem.
Using the DNS Admin GUI
20 matches
Mail list logo