Hi Flo,
>Did I get it right that the login and commands fail on the replica but
>everything is working on the master?
Yes, that is correct.
>If that's the case, check on the master if the users contain an
>ipantsecurityidentifier. The users are replicated and should have the same
>content on
Hi,
On Thu, Mar 14, 2024 at 9:50 PM D S via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> I added more log info below and also applied this solution to generate
> SIDs https://access.redhat.com/solutions/7052703
> Still unable to login via web UI and every ipa command fails.
>
Di
I added more log info below and also applied this solution to generate SIDs
https://access.redhat.com/solutions/7052703
Still unable to login via web UI and every ipa command fails.
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.o
I also applied this solution: https://access.redhat.com/solutions/7052703
Since ipa config-mod --enable-sid --add-sids gave me ipa: ERROR: No valid
Negotiate header in server response
I did python3 /usr/libexec/ipa/oddjob/org.freeipa.server.config-enable-sid
--add-sids
It was successful as indica
Here are some kerberos logs:
Mar 14 07:25:49 ipa-replica01.example.com krb5kdc[3895](info): AS_REQ (6 etypes
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
camellia256-cts-cmac(26), camellia128-cts-cmac(25)}) 172.17.0.2
Good call, thank you. Got rid of
failed request, will retry: 903 (an internal error has occurred).)
However, got this instead:
>[28/30]: importing IPA certificate profiles
>Lookup failed: Preferred host ipa-slave01.flora.ltfs.tools does not provide CA.
>Lookup failed: Preferred host ipa-slave01.flo
D S via FreeIPA-users wrote:
> And another update. Tried patching the file - still the same issue.
> Note: line 863 now has ca_kdc_check(self.api instead of ca_kdc_check(ldap
> [Wed Mar 13 19:07:28.353046 2024] [:error] [pid 13823] File
> "/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.
And another update. Tried patching the file - still the same issue.
Note: line 863 now has ca_kdc_check(self.api instead of ca_kdc_check(ldap
[Wed Mar 13 19:07:28.353046 2024] [:error] [pid 13823] File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.py", line 863, in
execute
[Wed Mar 1
>Did you make any plugin changes?
Ok, you were right. I managed to fix ipa-replica-manage del command.
Apparently, after I restored original .py files I needed to delete .pyc files
as well. That fixed the error here.
As for AttributeError: 'ldap2' object has no attribute 'Object' - I applied
th
Hi Rob,
Thanks for your reply.
>what OS release are you using?
My master is running in docker container with freeipa-server:centos-7-4.6.8 and
replica is freeipa-server:almalinux-8-4.9.12.
>I'd also look in the journal for certmonger to see if it logged additional
>info about the request.
Here i
D S via FreeIPA-users wrote:
> Hello, I've encountered several issues while installing freeipa replica.
>
> I have freeipa 4.6.8 master and the replica I tried installing is 4.9.12.
Rather than focusing on the versions, what OS release are you using?
There are known crypto incompatibilities betw
11 matches
Mail list logo