Prasun Gera via FreeIPA-users
writes:
> The only thing I would be interested in knowing is if there is a
> performance penalty to mounting NFS locally. Ideally, it should be smart
> enough to know that, but I'm not sure if it is.
On my NFS server /home is a local ext4 mount and exportet. The cli
The only thing I would be interested in knowing is if there is a
performance penalty to mounting NFS locally. Ideally, it should be smart
enough to know that, but I'm not sure if it is.
On 14 Jul 2017 6:08 pm, "Petros Triantafyllidis" wrote:
> Thanks a lot for replying,
> Yes, your suggestion
Thanks a lot for replying,
Yes, your suggestion is working. Doesn't seem that elegant though,
since a partition is mounted several times. However it's practical and I
can't figure out how else it could be done.
From mount stats, the first two are from fstab mount and appears only
on NFS serve
from Journal, maybe it's kerberos issues
Jul 14 12:11:28 server02.ipa.example.com named-pkcs11[1041]: Failed to get
initial credentials (TGT) using principal 'DNS/server02.ipa.example.com' and
keytab 'FILE:/etc/named.keytab' (Cannot contact any KDC for realm
'IPA.EXAMPLE.COM')
Jul 14 12:11:
IPA Users,
I'm not sure when the last time this service was running/working, any ideas are
appreciated.
IPA Version: ipa-server-4.4.0-14.el7.centos.7.x86_64
ipa-server-upgrade
Upgrading IPA:
[1/8]: saving configuration
[2/8]: disabling listeners
[3/8]: enabling DS global lock
[4/8]: star
Copied over the dse.ldif.startOK to dse.ldif and it started. Thank You,
From: "freeipa-users"
To: "freeipa-users"
Cc: "Ludwig Krispenz"
Sent: Friday, July 14, 2017 10:35:55 AM
Subject: [Freeipa-users]Re: IPA Servers will not start - dirsrv
looks like you lost your configuration files
> On Fri, Jul 14, 2017 at 10:00:20AM -, bogusmaster--- via FreeIPA-users
> wrote:
>
> yes, but I think this is only a side effect. SSSD cannot resolve a
> global catalog server. Does
>
> dig SRV _gc._tcp.td.mydomain.com
>
> return anything when called on the IPA server?
It didn't. I've
looks like you lost your configuration files dse.ldif and its backup as well
could you check what you have in /etc/dirsrv/slapd-
you can try to copy one of the *dse.ldif* to dse.ldif and try to
restart, but that file maybe up to date.
Ludwig
On 07/14/2017 04:22 PM, email--- via FreeIPA-users
IPA-Users,
We relocated a rack recently across the states and are no longer able to start
dirsrv389.
sudo ipactl start
Starting Directory Service
Failed to start Directory Service: Command '/bin/systemctl start
dirsrv@IPA-EXAMPLE-COM.service' returned non-zero exit status 1
Thousands of
Thanks for that Jakub.
Following a review of the output I've found that this is simply a known
conflict with OTP:
https://www.freeipa.org/page/V4/OTP#kinit_Method
On Fri, Jul 14, 2017 at 9:20 AM Jakub Hrozek wrote:
> On Fri, Jul 14, 2017 at 08:10:39AM +, Callum Guy via FreeIPA-users
> wro
On Fri, Jul 14, 2017 at 10:00:20AM -, bogusmaster--- via FreeIPA-users
wrote:
> > Can you do a test on the server by calling
> >
> > id username(a)ad.domain
> >
> > and collect sssd_nss.log and sssd_your.ipa.domain.log on the server as
> > well?
> I uploaded these files to the same place
I also observed one peculiar thing when it comes to group membership of the
group which is used in my HBAC rule.
When I issue getent group ad_users on the server, I get:
ad_users:*:101025:j...@td.mydomain.com
In the FreeIPA's web UI membership looks like follows:
External member
S-1
On 07/13/2017 09:57 PM, Fraser Tweedale wrote:
OK, I think I understand.
ipa0 has been set up with a 3rd-party HTTP cert, but ipa1 has been
set up with a certificate issued by the IPA CA, which your browser
does not trust.
There are two ways forward here:
1. You can use ipa-server-certinstall
> Can you do a test on the server by calling
>
> id username(a)ad.domain
>
> and collect sssd_nss.log and sssd_your.ipa.domain.log on the server as
> well?
I uploaded these files to the same place as before - goo.gl/hiFHKE. They have
SERVER prefix in their names.
> In the id output all grou
On Fri, Jul 14, 2017 at 08:10:39AM +, Callum Guy via FreeIPA-users wrote:
> Hi Jakub,
>
> Apologies for hijacking the thread but you reminded me of a longstanding
> issue - I can't manually use kinit on my client nodes. As I operate a jump
> server that means I get a ticket on first login but
Hi Jakub,
Apologies for hijacking the thread but you reminded me of a longstanding
issue - I can't manually use kinit on my client nodes. As I operate a jump
server that means I get a ticket on first login but when i login to other
client systems the ticket gives me entry but doesn't follow me. Wh
On Thu, Jul 13, 2017 at 07:22:58PM -, bogusmaster--- via FreeIPA-users
wrote:
> I've uploaded them here: goo.gl/hiFHKE
Thanks.
[ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such
object(32), (null).
This indicates that the user cannot be found on the server. There are
two
17 matches
Mail list logo