On 08/01/2017 03:26 AM, None via FreeIPA-users wrote:
I'm really at a loss on this one.
I have a bunch of old server images (from 2 months ago) that can run
ipa-client-install just fine. When I created a new image, though, I get
this error (from the install logs):
DEBUG flushing
On 08/01/2017 01:32 AM, Ian Harding via FreeIPA-users wrote:
On 07/31/2017 11:34 AM, Rob Crittenden wrote:
Ian Harding via FreeIPA-users wrote:
I had an unexpected restart of an IPA server that had apparently had
updates run but had not been restarted. ipactl says pki-tomcatd would
not
On 08/01/2017 12:03 PM, Rob Crittenden wrote:
Ian Harding wrote:
On 08/01/2017 07:39 AM, Florence Blanc-Renaud wrote:
On 08/01/2017 03:11 PM, Ian Harding wrote:
On 08/01/2017 01:48 AM, Florence Blanc-Renaud wrote:
On 08/01/2017 01:32 AM, Ian Harding via FreeIPA-users wrote:
On 07/31/2017
We have observed the following situationreplication agreement between server1
and server2 exists
ipa-replica-manage list server2>server1
However some of the users, hosts etc that are added on server1 are not making
it to server2.
In sssd/error logs I can see the following which looks relevant:
On 08/01/2017 03:11 PM, Ian Harding wrote:
On 08/01/2017 01:48 AM, Florence Blanc-Renaud wrote:
On 08/01/2017 01:32 AM, Ian Harding via FreeIPA-users wrote:
On 07/31/2017 11:34 AM, Rob Crittenden wrote:
Ian Harding via FreeIPA-users wrote:
I had an unexpected restart of an IPA server that
Stupid return key.
I solved this and was trying to delete the email. Sorry for the spam.
On 08/01/2017 10:28 AM, Bret Wortman via FreeIPA-users wrote:
I've got a server with multiple replication agreements that just went
toes up. The tail end of the startup output says:
Aug 01 14:21:22
On 08/01/2017 04:42 PM, pgb 205 via FreeIPA-users wrote:
ok thats great news! But I just want to make sure even if the server IS ALREADY
DOWN due to this bug we can still manually edit the database (dse.ldif) for
this value and then bring up the processes. Would that work?
yes, that should
ok thats great news! But I just want to make sure even if the server IS ALREADY
DOWN due to this bug we can still manually edit the database (dse.ldif) for
this value and then bring up the processes. Would that work?
___
FreeIPA-users mailing list --
The resolv.conf is identical on both systems, DNS is solid. SRV records are
functioning as expected.
I looked at everything and failing to find a resolution, sought advice here
on the board.
Now that these are out of sync, how would one manually initiate a sync? I
haven’t found this in
On 08/01/2017 03:11 PM, Mark Haney via FreeIPA-users wrote:
On 08/01/2017 03:26 AM, Florence Blanc-Renaud wrote:
another user hit the same problem as you (ipa-replica-install
--setup-ca fails during pkispawn and the PKI debug log shows an error
related to updateNumberRange). He managed to
On 08/01/2017 11:01 AM, Florence Blanc-Renaud wrote:
Hi,
you can connect to IPA web UI on the server to revoke the cert:
https://server.ipadomain.com/ipa/ui, then navigate to Authentication >
Certificates, click on the certificate corresponding to the replica
which failed installation
On 08/01/2017 03:50 PM, Jason B. Nance via FreeIPA-users wrote:
Hello everyone,
I'm running FreeIPA 4.4 (as shipped with current CentOS 7). I had a series of
unfortunate events which resulted in the entire cluster being offline for a
matter of a couple weeks during which the certificate in
Further update: I'm pretty sure I found out the problem.
Basically, my old server is running pyasn1==0.2.3 and the new one has
pyasn1==0.3.1. Per the pyasn1 documentation, they made a breaking change
to __init__ and a few other functions in 0.3.1, so I guess FreeIPA 4.3.1
isn't compatible with
None via FreeIPA-users wrote:
> Further update: I'm pretty sure I found out the problem.
>
> Basically, my old server is running pyasn1==0.2.3 and the new one has
> pyasn1==0.3.1. Per the pyasn1 documentation, they made a breaking change
> to __init__ and a few other functions in 0.3.1, so I
Hello everyone,
I'm running FreeIPA 4.4 (as shipped with current CentOS 7). I had a series of
unfortunate events which resulted in the entire cluster being offline for a
matter of a couple weeks during which the certificate in /etc/httpd/alias
expired. I rolled back the clocks on all of the
I've got a server with multiple replication agreements that just went
toes up. The tail end of the startup output says:
Aug 01 14:21:22 zsipa systemd[1]: dirsrv@DG-NET.service: main process
exited, code=exited, status=1/FAILURE
Aug 01 14:21:22 zsipa systemd[1]:
Aug 01 14:21:22 zsipa
Hey,
I checked the logs and found this:
conn=3295 op=3 SRCH
base="cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=services,dc=example"
scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))"
attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey
cacertificate;binary ipaKeyTrust
On 08/01/2017 03:26 AM, Florence Blanc-Renaud wrote:
another user hit the same problem as you (ipa-replica-install
--setup-ca fails during pkispawn and the PKI debug log shows an error
related to updateNumberRange). He managed to workaround the issue by
un-enrolling the failing replica and
On 08/01/2017 11:01 AM, Florence Blanc-Renaud wrote:
you can connect to IPA web UI on the server to revoke the cert:
https://server.ipadomain.com/ipa/ui, then navigate to Authentication >
Certificates, click on the certificate corresponding to the replica
which failed installation
Yes, this information helped.
In summary, I needed to create a "Service Account" that my application could
bind to.
I'm not sure why as it was able to BIND just fine using my credentials, but
that is not a question for this group.
It took some trial and error to get it to work correctly, but I
On Tue, Aug 01, 2017 at 11:20:16AM -, Igor Sever via FreeIPA-users wrote:
> I have the same error.
> I established two-way trust with AD which went fine.
> Authentication with Kerberos to AD is working.
> Since I have one test FreeIPA which is working correctly (relatively) I
> compared logs
Slight update: I tried precreating /etc/ipa/ca.crt, and when running the
install, I get the same Python error I did before:
File "/usr/sbin/ipa-client-install", line 3099, in
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 3080, in main
rval = install(options, env,
Ian Harding wrote:
> On 08/01/2017 07:39 AM, Florence Blanc-Renaud wrote:
>> On 08/01/2017 03:11 PM, Ian Harding wrote:
>>> On 08/01/2017 01:48 AM, Florence Blanc-Renaud wrote:
On 08/01/2017 01:32 AM, Ian Harding via FreeIPA-users wrote:
>
>
> On 07/31/2017 11:34 AM, Rob
23 matches
Mail list logo