Any ideas on where to look next?
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
Hello,
I am trying to install 3 replicas agains the same master. Two out of 3 installs
succeed, while the other one fails with
On replica:
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC
Hi Flo,
>Did I get it right that the login and commands fail on the replica but
>everything is working on the master?
Yes, that is correct.
>If that's the case, check on the master if the users contain an
>ipantsecurityidentifier. The users are replicated and should have the same
>content
I added more log info below and also applied this solution to generate SIDs
https://access.redhat.com/solutions/7052703
Still unable to login via web UI and every ipa command fails.
--
___
FreeIPA-users mailing list --
I have the same issue. Were you able to resolve it?
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
I also applied this solution: https://access.redhat.com/solutions/7052703
Since ipa config-mod --enable-sid --add-sids gave me ipa: ERROR: No valid
Negotiate header in server response
I did python3 /usr/libexec/ipa/oddjob/org.freeipa.server.config-enable-sid
--add-sids
It was successful as
Here are some kerberos logs:
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3895](info): AS_REQ (6 etypes
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
camellia256-cts-cmac(26), camellia128-cts-cmac(25)})
Good call, thank you. Got rid of
failed request, will retry: 903 (an internal error has occurred).)
However, got this instead:
>[28/30]: importing IPA certificate profiles
>Lookup failed: Preferred host ipa-slave01.flora.ltfs.tools does not provide CA.
>Lookup failed: Preferred host
And another update. Tried patching the file - still the same issue.
Note: line 863 now has ca_kdc_check(self.api instead of ca_kdc_check(ldap
[Wed Mar 13 19:07:28.353046 2024] [:error] [pid 13823] File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.py", line 863, in
execute
[Wed Mar
>Did you make any plugin changes?
Ok, you were right. I managed to fix ipa-replica-manage del command.
Apparently, after I restored original .py files I needed to delete .pyc files
as well. That fixed the error here.
As for AttributeError: 'ldap2' object has no attribute 'Object' - I applied
Hi Rob,
Thanks for your reply.
>what OS release are you using?
My master is running in docker container with freeipa-server:centos-7-4.6.8 and
replica is freeipa-server:almalinux-8-4.9.12.
>I'd also look in the journal for certmonger to see if it logged additional
>info about the request.
Here
Hello, I've encountered several issues while installing freeipa replica.
I have freeipa 4.6.8 master and the replica I tried installing is 4.9.12.
During the replica install it seems that the replica is unable to get a CA cert
from my master:
DEBUG Configuring Kerberos KDC (krb5kdc)
DEBUG
12 matches
Mail list logo