Running in debug mode definitely shows a recently expired cert and running
it again this time only shows the correct hostname now unlike before. Is
this cert something that I can regenerate/renew? I'll find out about
getting a new host to test with as well.
[root@ipa1 ~]# ipa-replica-prepare
What would be the best method to stand up a new IPA environment while
keeping as much of the existing data as possible?
I've read that the ipa migrate-ds only migrates the users and groups and
the recommended suggestion is to set up a replica. I'd like to sever any
ties to the existing
After a lot of patching in order to get the environment up to date in order
to add a new CA replica and remove our IPA 3.0 servers we ended up with a
bunch of conflicts and other inconsistencies:
$ ldapsearch -o ldif-wrap=no -ZZ -LLLx -h "ipa0.domain.tld" -D
"cn=directory manager" -w secret -b
So yesterday we upgrade our older IPA 3.x servers (RHEL 6.8) to the latest
and greatest (RHEL 6.9) and it seemed to be working as expected. Came in
the next day and older IPA 4.2 server (RHEL 7.2) was having issues so
thought it would be a good time patch it up to the latest (IPA 4.4 and RHEL
That was it. They opened up 8080 and its working as expected. Thank you!
On Wed, Jun 7, 2017 at 12:17 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> John Bowman via FreeIPA-users wrote:
> > I'm hoping this is a firewall issue but I figured I would check just in
>
I'm hoping this is a firewall issue but I figured I would check just in
case I'm looking in the wrong direction.
I setup a pair non-CA replicas today and as far as I could tell everything
seemed to be okay but I noticed that when searching via the web ui on the
new replicas it would take 2