[Freeipa-users] Re: Questions about /root/cacert.p12 file

Hi Rob, Thank you for the explanation. Makes sense. Kathy. On Tue, Feb 7, 2023 at 5:32 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hi Team, > > > > I like to understand more about the /root/cacert.p12 file in a self > > signed CA environm

[Freeipa-users] Questions about /root/cacert.p12 file

Hi Team, I like to understand more about the /root/cacert.p12 file in a self signed CA environment. Here are the questions: 1, could this file be located somewhere other than under /root? 2, what operations use this file instead of nssdb? In other words, if the /root/cacert.p12 file were not in

[Freeipa-users] Re: How to check the number of read/write locks on /usr/sbin/ns-slapd process?

as opened to further analysis from our Developers. - [2124214 – schema compat plugin deadlock on delete post op](https://bugzilla.redhat.com/show_bug.cgi?id=2124214) On Tue, Sep 6, 2022 at 4:16 AM Kees Bakker via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On 30-08-2022

[Freeipa-users] How to check the number of read/write locks on /usr/sbin/ns-slapd process?

Hi Team, We used following to get the number of rwlocks for /usr/sbin/ns-slapd process in Centos 7.9 to catch deadlocks: PID=`pidof ns-slapd` gdb -ex 'set confirm off' -ex 'set pagination off' -ex 'thread apply all bt full' -ex 'quit' /usr/sbin/ns-slapd $PID |& grep '^#0.*lock' | grep

[Freeipa-users] Re: ipa-healthcheck Error - how to remove an old replica in pki DB ?

M Rob Crittenden > wrote: > >> Florence Blanc-Renaud wrote: >> > >> > >> > On Wed, Jul 13, 2022 at 12:46 AM Kathy Zhu via FreeIPA-users >> > > > <mailto:freeipa-users@lists.fedorahosted.org>> wrote: >> > >> > Hi

[Freeipa-users] Re: ipa-healthcheck Error - how to remove an old replica in pki DB ?

Thank you! > > > > We are migrating to Red Hat 8.6, that master will be replaced. > > So far, we do not see any issue yet. > > > > The outputs from "dsconf slapd-EXAMPLE-COM repl-conflict list > > o=ipaca" are binaries. Have no clue what

[Freeipa-users] Re: ipa-healthcheck Error - how to remove an old replica in pki DB ?

12:08 AM Florence Blanc-Renaud wrote: > > > On Wed, Jul 13, 2022 at 12:46 AM Kathy Zhu via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Hi Rob, >> >> On a different topic, we started migration from Centos 7 to Red Hat 8.6 over >&

[Freeipa-users] Re: ipa-healthcheck Error - how to remove an old replica in pki DB ?

elp! It made our domain cleaner. Appreciate it. > > Kathy. > > On Tue, Jul 12, 2022 at 2:03 PM Rob Crittenden > wrote: > >> Kathy Zhu via FreeIPA-users wrote: > > > Hi Rob, >> > >> > Thank you! >> > >> > It worked! There were 4 ba

[Freeipa-users] Re: ipa-healthcheck Error - how to remove an old replica in pki DB ?

We have 11 valid ones plus 4 old removed ones, that is total 15. > > Somewhere in IPA still shows 15. > > They must be there somewhere. It is a 389-ds check that returns these > results. I'd try: dsconf slapd-YOUR_INSTANCE repl-conflict list o=ipaca > > rob > > > > &

[Freeipa-users] Re: ipa-healthcheck Error - how to remove an old replica in pki DB ?

removed ones, that is total 15. Somewhere in IPA still shows 15. Many thanks. Kathy. On Mon, Jul 11, 2022 at 7:24 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hi Team, > > > > > > We are migrating from Centos 7 IPA to Red Hat 8.6. Aft

[Freeipa-users] ipa-healthcheck Error - how to remove an old replica in pki DB ?

Hi Team, We are migrating from Centos 7 IPA to Red Hat 8.6. After adding the first Red Hat master, it reported error: # ipa-healthcheck --source=pki.server.healthcheck.clones.connectivity_and_data Internal server error HTTPSConnectionPool(host='ipa4.example.com', port=443): Max retries

[Freeipa-users] Re: ipa_check_consistency - Ghost

903 manually cleaned the second one (by ldapmodify). Thanks again, Rob, for your help. Kathy. On Thu, Jun 9, 2022 at 6:02 AM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hello team, > > > > We use ipa_check_consistency > > <https://github.com/pe

[Freeipa-users] ipa_check_consistency - Ghost

Hello team, We use ipa_check_consistency tool to check IPA master consistency every night via cron. One of the masters failed at Ghost last night. Here is the check for Ghost: ldapsearch -o ldif-wrap=no -ZZ -LLLx -h

[Freeipa-users] Re: After upgrade, only one direction replication while should be bi-directions replication

ould someone pass a document or article how to apply the fix/work >> around? Many thanks! >> >> Kathy. >> >> On Thu, Jun 2, 2022 at 12:38 PM Mark Reynolds >> wrote: >> >>> >>> On 6/2/22 1:38 PM, Rob Crittenden wrote: >>> > Kathy

[Freeipa-users] Re: After upgrade, only one direction replication while should be bi-directions replication

Many thanks! > > Kathy. > > On Thu, Jun 2, 2022 at 12:38 PM Mark Reynolds wrote: > >> >> On 6/2/22 1:38 PM, Rob Crittenden wrote: >> > Kathy Zhu via FreeIPA-users wrote: >> >> Hi Team, >> >> >> >> We upgraded our

[Freeipa-users] Re: After upgrade, only one direction replication while should be bi-directions replication

Thanks, Mark, to identify and explain the issue. Could someone pass a document or article how to apply the fix/work around? Many thanks! Kathy. On Thu, Jun 2, 2022 at 12:38 PM Mark Reynolds wrote: > > On 6/2/22 1:38 PM, Rob Crittenden wrote: > > Kathy Zhu via FreeIPA-users wrote:

[Freeipa-users] After upgrade, only one direction replication while should be bi-directions replication

Hi Team, We upgraded our Centos 7 IPA masters to the latest: CentOS Linux release 7.9.2009 (Core) *ipa*-server.x86_64 4.6.8-5.el7.centos.10 *389-ds*-base.x86_64 1.3.10.2-15.el7_9 *389-ds*-base-libs.x86_641.3.10.2-15.el7_9

[Freeipa-users] Re: How to determine if an IPA certificate is in use or not?

39 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hi Team, > > > > We have an IPA certificate expiring very soon. I do not believe that is > > in use, but I need to verify that. I checked in following two ways: > > How do you know you have a cert

[Freeipa-users] How to determine if an IPA certificate is in use or not?

Hi Team, We have an IPA certificate expiring very soon. I do not believe that is in use, but I need to verify that. I checked in following two ways: 1, Via GUI, Identity, Services, searched for the host (which is our very first IPA server), compared each cert against the serial number of the

[Freeipa-users] Re: ipa-healthcheck - RA agent description does not match 2 and Invalid Credential

al > may hold clues. > - something I'm forgetting > > I'd start with the first two. > > rob > > > Kathy Zhu via FreeIPA-users wrote: > > I just found this post about the same or similar issue: > > > > > https://lists.fedoraproject.org/archives/list/

[Freeipa-users] Re: ipa-healthcheck - RA agent description does not match 2 and Invalid Credential

I just found this post about the same or similar issue: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/DFEMDNWSCE4FDDFRDUCZYYIIOIUC3RFD/ One detail I missed - this happens on all IPA servers BUT the renewal IPA server. I will go through ^ post to see if

[Freeipa-users] ipa-healthcheck - RA agent description does not match 2 and Invalid Credential

Hi team, ipa-healthcheck has been a great tool for us. I run it weekly on all IPA servers via cron. This week ipa-healthcheck reported errors on all IPA servers. Take IPA server ipa2 as an example for the investigation: [root@ipa2 ~]# ipa-healthcheck --failures-only --output-type=human

[Freeipa-users] Re: issue with group's objectclass attributes - fixed

gt; On ti, 05 huhti 2022, Kathy Zhu via FreeIPA-users wrote: > >Never mind. This cmd did it: > > > >ipa config-mod --groupobjectclasses=oc1,oc2,...ocN > > > > > >ie. not delete, but reset. > > Ok. Any idea why you have it appeared in the groupobjectclasses i

[Freeipa-users] Re: issue with group's objectclass attributes

ll of a sudden or after > some other change? Did you have a trust that you removed? > > rob > > Kathy Zhu via FreeIPA-users wrote: > > Hi List, > > > > > > We are not able to create new groups: > > > > > > [root@hq-ipa1 ~]# ipa group-a

[Freeipa-users] Re: issue with group's objectclass attributes - fixed

ass "ipaNTGroupAttrs" >>> >>> # >>> >>> >>> Yes, there are errors like this: >>> >>> >>> [01/Apr/2022:09:17:59.735602736 -0700] - ERR - ipa_sidgen_add_post_op - >>> [file ipa_sidgen.c, line 128]: Mi

[Freeipa-users] Re: issue with group's objectclass attributes

Yes, there are errors like this: >> >> >> [01/Apr/2022:09:17:59.735602736 -0700] - ERR - ipa_sidgen_add_post_op - >> [file ipa_sidgen.c, line 128]: Missing target entry. >> >> >> What should I do to be able to create new groups? >> >> >&g

[Freeipa-users] Re: issue with group's objectclass attributes

upAttrs" > > # > > > Yes, there are errors like this: > > > [01/Apr/2022:09:17:59.735602736 -0700] - ERR - ipa_sidgen_add_post_op - > [file ipa_sidgen.c, line 128]: Missing target entry. > > > What should I do to be able to create new groups? > > >

[Freeipa-users] Re: issue with group's objectclass attributes

Bokovoy wrote: > On to, 31 maalis 2022, Kathy Zhu via FreeIPA-users wrote: > >Hi List, > > > >Here is what happened in a timely order. > > > > > >the group "it" was created a long time ago without "groupOfUniqueNames" > > objectc

[Freeipa-users] issue with group's objectclass attributes

Hi List, Here is what happened in a timely order. the group "it" was created a long time ago without "groupOfUniqueNames" objectclass. I did following to add "groupOfUniqueNames" objectclass: [root@ipa0 ~]# ipa group-show it --all | grep object objectclass: top, groupofnames,

[Freeipa-users] Re: ERR - log_result - Internal unindexed search

t;> database,cn=plugins,cn=config >>> changetype: add >>> objectClass: top >>> objectClass: nsIndex >>> cn: changenumber >>> nsSystemIndex: false >>> nsIndexType: eq >>> >>> >>> # ldapmodify -D "cn=directory manager&q

[Freeipa-users] Re: ERR - log_result - Internal unindexed search

ss: top >> objectClass: nsIndex >> cn: targetuniqueid >> nsSystemIndex: false >> nsIndexType: eq >> >> You might already have one of these indexes already present, so if you >> get an error 68 (already exists) it's ok. I think changenumber is already >> present

[Freeipa-users] Re: ERR - log_result - Internal unindexed search

t;cn=directory manager" -w - -n userroot -t > changenumber:eq -a targetuniqueid:eq > > That should do it. > > HTH, > > Mark > > On 3/28/22 1:50 PM, Kathy Zhu via FreeIPA-users wrote: > > Happy Monday, List! > > On my IPA server, top shows dirsrv using lots

[Freeipa-users] ERR - log_result - Internal unindexed search

Happy Monday, List! On my IPA server, top shows dirsrv using lots of resources, when checking, I found this: [root@ipa2 ~]# systemctl status dirsrv@EXAMPLE-COM.service -l ... Mar 28 09:29:56 ipa2.example.com ns-slapd[1945]: [28/Mar/2022:09:29:56.142846906 -0700] - NOTICE - ldbm_back_search -

[Freeipa-users] Re: parse the audit logs

Yes, Rob. access_log gives me the IP where I performed this task. Thank you. Kathy. On Thu, Jan 27, 2022 at 1:49 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Digging a bit more, if match the time stamp, *where* (IP address) > > and *who* are in /var/log/h

[Freeipa-users] Re: parse the audit logs

gt; On 1/26/22 8:51 PM, Kathy Zhu via FreeIPA-users wrote: > > Thanks both Rob and Mark for your replies! Take user creation as an > example: > > in /var/log/httpd/error_log: > > via GUI - what, when and who > via CLI - what, when and admin (since admin privilege is needed)

[Freeipa-users] Re: parse the audit logs

this event. Is it recorded? If yes, where should I look for it? Thanks. Kathy. On Wed, Jan 26, 2022 at 6:11 PM Mark Reynolds wrote: > > On 1/26/22 8:51 PM, Kathy Zhu via FreeIPA-users wrote: > > Thanks both Rob and Mark for your replies! Take user creation as an > example: > &

[Freeipa-users] Re: parse the audit logs

I can use it find out "from where". Could you help please? Thanks. Kathy. On Wed, Jan 26, 2022 at 12:10 PM Mark Reynolds wrote: > > On 1/26/22 1:02 PM, Kathy Zhu via FreeIPA-users wrote: > > Thanks Mark and Florence for your replies! > > I will check directory389 l

[Freeipa-users] Re: parse the audit logs

t certificates. >> >> Thanks! >> >> Kathy. >> >> On Fri, Jan 21, 2022 at 1:17 AM Florence Blanc-Renaud >> wrote: >> >>> Hi Kathy, >>> which log file are you referring to? 389-ds audit log in >>> /var/log/dirsrv/slapd-xxx/aud

[Freeipa-users] Re: dependency blocks to install ipa-server on Centos 7

Thank you, Rob! The following worked: yum install ipa-server.x86_64 --disablerepo=ius Many thanks. Kathy. On Thu, Jan 20, 2022 at 7:21 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hi List, > > > > When I tried to install ipa-serv

[Freeipa-users] Re: parse the audit logs

389-ds audit log in > /var/log/dirsrv/slapd-xxx/audit? > > flo > > On Thu, Jan 20, 2022 at 6:43 PM Kathy Zhu via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Hello list, >> >> I had FreeIPA audit log on. I feed audit logs to

[Freeipa-users] dependency blocks to install ipa-server on Centos 7

Hi List, When I tried to install ipa-server on Centos 7, I ran into the following: Error: Package: ipa-server-4.6.8-5.el7.centos.10.x86_64 (updates) Requires: mod_wsgi Available: mod_wsgi-3.4-18.el7.x86_64 (base) mod_wsgi = 3.4-18.el7

[Freeipa-users] parse the audit logs

Hello list, I had FreeIPA audit log on. I feed audit logs to Graylog. Since there are multiple lines of logs for each event, I could not find a suitable extractor to parse the logs. Therefore, the logs are very hard to read. Could anyone in the list share how you process the logs if you are in a

[Freeipa-users] Re: Reverse lookup Issue

t; > For my learning, I wish someone could explain why xxx.xxx format reverse > zones do not work. > > Many thanks! > > Kathy. > > On Tue, Dec 14, 2021 at 12:20 PM Rob Crittenden > wrote: > >> Kathy Zhu via FreeIPA-users wrote: >> > Hi List, >> &

[Freeipa-users] Re: Reverse lookup Issue

2021 at 12:20 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hi List, > > > > I created a PTR record "90.91" in "0.10.inaddr.arpa." zone via GUI, then > > found: > > > > 1, I can see the record via GUI > > 2, When I loo

[Freeipa-users] Reverse lookup Issue

Hi List, I created a PTR record "90.91" in "0.10.inaddr.arpa." zone via GUI, then found: 1, I can see the record via GUI 2, When I looked it up on the command line, I got "not found: 3(NXDOMAIN)". 3, Its dn is not in "ldapsearch -Y GSSAPI -b idnsname=0.10.inaddr.arpa.,cn=dns,dc=example,dc=com"

[Freeipa-users] Re: Read only service user to run "ipa dnszone-find --all" and "ipa dnsrecord-find $zone"

Thank you, Rob! Yes, we are on 4.6.8-5. I will add "System: Read DNS Entries" permission to the service user. Kathy. On Tue, Nov 16, 2021 at 12:30 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hi List, > > > > I'd like to set up a read onl

[Freeipa-users] Read only service user to run "ipa dnszone-find --all" and "ipa dnsrecord-find $zone"

Hi List, I'd like to set up a read only service user to backup my DNS zone data into text file daily. However, I checked outputs from "ipa permission-find" and all of the attributes for user setting, none including permission to DNS records. Did I miss something here? Thanks! Kathy. pa

[Freeipa-users] freeipa servers - centos and redhat

Hi List, All our current freeipa servers are running Centos OS 7. We are thinking of moving to Red Hat in order to get better support. Is it possible and safe to have some Centos ipa masters and some Red Hat ipa masters in the same domain/cluster? If yes, that could make this move very easy and

[Freeipa-users] Re: IPA/dirsrv hang

7-8.2003.0 SELinux enabled >> ipa-server.x86_644.6.8-5.el7.centos.6 >> 389-ds-base-1.3.10.2-12.el7_9.x86_64 >> 389-ds-base-libs-1.3.10.2-12.el7_9.x86_64 >> >> slapi-nis-0.56.5-3.el7_9.x86_64 >> >> >> Thanks! >> >> >> Kathy. >> >

[Freeipa-users] Re: IPA/dirsrv hang

gt; 389-ds-base-1.3.10.2-12.el7_9.x86_64 > 389-ds-base-libs-1.3.10.2-12.el7_9.x86_64 > > slapi-nis-0.56.5-3.el7_9.x86_64 > > > Thanks! > > > Kathy. > > On Tue, Sep 21, 2021 at 11:53 PM François Cami wrote: > >> Hi, >> >> On Wed, Sep 22, 2021

[Freeipa-users] Re: IPA/dirsrv hang

4.6.8-5.el7.centos.6 389-ds-base-1.3.10.2-12.el7_9.x86_64 389-ds-base-libs-1.3.10.2-12.el7_9.x86_64 slapi-nis-0.56.5-3.el7_9.x86_64 Thanks! Kathy. On Tue, Sep 21, 2021 at 11:53 PM François Cami wrote: > Hi, > > On Wed, Sep 22, 2021 at 3:18 AM Kathy Zhu via FreeIPA-users > wrote

[Freeipa-users] IPA/dirsrv hang

Hi list, one of my ipa server (dirsrv) hang this morning. "ipactl status" no output and did not return. With nsslapd-errorlog-level being set to 16384, however, very few log entries. I rebooted the server to recover. But after reboot, ipa hang again then I have to reboot it. I collected

[Freeipa-users] Re: IPA slapd parameter tuning

. On Fri, Sep 17, 2021 at 12:56 AM Thierry Bordaz wrote: > > On 9/17/21 12:26 AM, Kathy Zhu via FreeIPA-users wrote: > > Hi Mark, > > If it helps, this is the same ipa server which I posted in subject > "ipa_check_consistency > alerts and ERR - slapd_poll - Timed o

[Freeipa-users] Re: IPA slapd parameter tuning

:34:28.282650113 -0700] - ERR - trickle_threadmain - > Serious Error---Failed to trickle, err=-30973 (BDB0087 DB_RUNRECOVERY: > Fatal error, run database recovery) > > [16/Sep/2021:08:34:28.283083329 -0700] - ERR - libdb - BDB0060 PANIC: > fatal region error detected; run recovery >

[Freeipa-users] Re: IPA slapd parameter tuning

: Fatal error, run database recovery) [16/Sep/2021:08:34:28.283083329 -0700] - ERR - libdb - BDB0060 PANIC: fatal region error detected; run recovery ... Thanks! Kathy. On Thu, Sep 16, 2021 at 2:38 PM Mark Reynolds wrote: > > On 9/16/21 5:20 PM, Kathy Zhu via FreeIPA-users wrote: >

[Freeipa-users] IPA slapd parameter tuning

Hi List, One of my ipa server's database had issue and left many log entries like the following in messages and slapd errors log: *Sep 16 08*:34:28 ipa0 ns-slapd: [16/Sep/2021:08:34:28.886632992 -0700] - ERR - libdb - BDB0060 PANIC: fatal region error detected; run recovery *Sep 16 08*:34:29

[Freeipa-users] ipa_check_consistency alerts and ERR - slapd_poll - Timed out

Hi List, I use ipa_check_consistency as one of my Nagios monitors. It runs every 5 minutes on each ipa server. For example: [root@ipa0 ~]# /usr/local/sbin/ipa_check_consistency -d example.com -H ipa0 Directory Manager password:

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname Replication conflict

=12.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > > > Record name: @ > > > > > > NS record: ipa0.example.com <http://ipa0.example.com> > > <http://ipa0.example.com>., > > > ipa2.example.com <http://ipa2

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname Replication conflict

pa0 export-ipa-data]# ipa dnsrecord-find 0.0.10.in-addr.arpa. > --all > > > > dn: idnsname=0.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > Record name: @ > > > > NS record: ipa0.example.com <http://ipa0.example.com>., > > ipa2.

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname Replication conflict

f entries returned 1 [root@ipa0 export-ipa-data]# On Thu, Aug 19, 2021 at 6:08 PM Kathy Zhu wrote: > Yes, I want to delete the zone. I tried a few ways, none worked so far. > > On Thu, Aug 19, 2021 at 5:15 PM Rob Crittenden > wrote: > >> Kathy

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

Plugin,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" > attrs=ALL > > 4. Go up in the logs and find the BIND operation that took place on > > this connection: the line must contain the same *conn=* and > > *BIND dn=*: > >

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

"uid=idmuser,cn=users,cn=accounts,dc=domain,dc=com"* > > In my example ipa-healthcheck fails to find the cn=Posix IDs entry > because it is using a LDAP connection bound as uid=idmuser, who doesn't > have the required read permissi

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

gt; dnaType: uidNumber > > dnaType: gidNumber > > objectClass: top > > objectClass: extensibleObject > > > # search result > > search: 2 > > result: 0 Success > > > # numResponses: 2 > > # numEntries: 1 > > [root@ipa2 ~]# > > > > > On

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

Thanks. In my case, I can create a user or group. On Thu, Aug 19, 2021 at 4:37 PM Vinícius Ferrão wrote: > Take a look at this blog article: > > > https://rcritten.wordpress.com/2015/01/05/freeipa-and-no-dna-range/ > > Sent from my iPhone > > On 19 Aug 2021, at 20:3

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname Replication conflict

Yes, I want to delete the zone. I tried a few ways, none worked so far. On Thu, Aug 19, 2021 at 5:15 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hi List, > > > > When I run ipa-healthcheck on all of our ipa servers, they all reported > > fo

[Freeipa-users] Re: ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

dnaType: gidNumber objectClass: top objectClass: extensibleObject # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@ipa2 ~]# On Thu, Aug 19, 2021 at 5:14 PM Rob Crittenden wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hello, > >

[Freeipa-users] ipa-healthcheck - ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname Replication conflict

Hi List, When I run ipa-healthcheck on all of our ipa servers, they all reported following: [root@ipa0 ~]# ipa-healthcheck --failures-only --output-type human ERROR: ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com: Replication

[Freeipa-users] ipa-healthcheck - ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry found

Hello, ipa-healthcheck is a great tool! Really appreciate Rob to make it working for Centos. When I ran it on all of our IPA servers, one server reported: [root@ipa2 ~]# ipa-healthcheck --failures-only --output-type human CRITICAL: ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry