[Freeipa-users] ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: server configuration missing

Hello,I'm reinstalling a replica FreeIPA server in a CA-less environment. I'm looked online and found: https://www.redhat.com/archives/freeipa-users/2016-December/msg00391.html which is similar (or exactly the problem), but theres no solid resolution. I recopied /etc/ipa/ca.crt to the new

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

On 13 December 2017 at 23:29, Timo Aaltonen via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On 28.11.2017 22:58, Peter Fern via FreeIPA-users wrote: > > On 23/11/17 05:34, David Harvey via FreeIPA-users wrote: > >> Not sure why tomcat is more resilient when launched as root,

[Freeipa-users] Re: worst nightmare come true: ipa service doesn't start anymore

Hi Flo, Rob, On 12/14/17 9:27 AM, Florence Blanc-Renaud via FreeIPA-users wrote: The files should contain multiple certificates (IPA CA and the external CA certificates). If it is not the case, please check first if there were AVC issues (if running in SElinux enforcing mode), and feel free

[Freeipa-users] DNS Reverse Zone Error

We perform monthly patching of our IPA servers on consecutive weeks. We have a realm member server that loses it's 'A' record in DNS after every monthly patching cycle on the first of our 2 IPA servers. And this member server is the ONLY machine to have such a problem. Using the DNS Admin GUI

[Freeipa-users] DNS Reverse Zone Error (UPDATE)

We perform monthly patching of our IPA servers on consecutive weeks. We have a realm member server that loses it's 'A' record in DNS after every monthly patching cycle on the first of our 2 IPA servers. And this member server is the ONLY machine to have such a problem. Using the DNS Admin GUI

[Freeipa-users] Replica setup options

I've set up a replica in an IPA domain, and was surprised that it did not have DNS configured the same way that the first IPA server does.  Of the following options that I specified on the first install, which do I need to provide to a replica in order to get identical functionality, and where

[Freeipa-users] Freeipa connecting to Redhat IPA server.

I've been having difficulties connecting a freeipa-client on Ubuntu 16.06 LTS, to a Redhat IPA server that has a trusted connection to Microsoft AD server. Ssh authentications are pretty slow, however, once I do get on, I find sudo commands often do not work for several minutes saying I am not in

[Freeipa-users] Re: worst nightmare come true: ipa service doesn't start anymore

On 12/13/2017 04:39 PM, Harald Dunkel via FreeIPA-users wrote: Hi Flo, On 12/12/17 3:59 PM, Harald Dunkel via FreeIPA-users wrote: My concern is, it looks much more restricted than the old root CA cerificate: # certutil -L -d /var/lib/pki/pki-tomcat/ca/alias Certificate Nickname