On 27 October 2017 at 07:38, Rob Crittenden wrote:
> Lachlan Musicman via FreeIPA-users wrote:
>
> >
> > ipa -version
> > VERSION: 4.5.0, API_VERSION: 2.228
>
> It shouldn't be even trying port 7389 with v4.5.0. Very old versions of
> IPA used to use two separate 389-ds instances, one for the IPA
On 27 October 2017 at 10:32, Lachlan Musicman wrote:
> On 27 October 2017 at 07:38, Rob Crittenden wrote:
>
>> Lachlan Musicman via FreeIPA-users wrote:
>> >
>> > When I look at the ID Views in the interface, I get an "IPA Error 903:
>> > InternalError".
>>
>> See /var/log/httpd/error_log for de
On 27 October 2017 at 07:38, Rob Crittenden wrote:
> Lachlan Musicman via FreeIPA-users wrote:
> >
> > When I look at the ID Views in the interface, I get an "IPA Error 903:
> > InternalError".
>
> See /var/log/httpd/error_log for details, there may be a python backtrace.
>
Sure do!
[Thu Oct 26
I checked the logs that turned up after running the find command suggested
by Jochen and only a couple of them turned up anything that mention pki or
pki-tomcat:
from /var/log/audit/audit.log:
type=SERVICE_START msg=audit(1508873851.623:163448): pid=1 uid=0
auid=4294967295 ses=4294967295 subj=syst
Ok.. no worries. Thanks Simo
From: Simo Sorce via FreeIPA-users
To: FreeIPA users list
Cc: Sean Hogan , Simo Sorce
Date: 10/26/2017 02:17 PM
Subject:[Freeipa-users] Re: Port 389
On Thu, 2017-10-26 at 14:11 -0700, Sean Hogan via FreeIPA-users wrote:
>
On Thu, 2017-10-26 at 14:11 -0700, Sean Hogan via FreeIPA-users wrote:
> Hello IPA,
>
> Hopefully a quick question.
>
> RHEL 7.3 IPA 4.4
>
> I have been digging around RHEL docs
> https://access.redhat.com/solutions/357673 for firewall ports and it
> says
> 389 is required for replication of
Hello IPA,
Hopefully a quick question.
RHEL 7.3 IPA 4.4
I have been digging around RHEL docs
https://access.redhat.com/solutions/357673 for firewall ports and it says
389 is required for replication of IPA servers and clients to IPA servers.
FreeIPA docs say this:
SSL/startTLS When possi
On Thu, Oct 26, 2017 at 9:17 AM Rob Crittenden wrote:
> Nicholas Hinds wrote:
> > I tried running `sudo service named-pkcs11 stop` before the yum update,
> > but FreeIPA still returned NXDOMAIN responses temporarily.
>
> You want the service named.
>
That service does not exist in my FreeIPA inst
I tried running `sudo service named-pkcs11 stop` before the yum update, but
FreeIPA still returned NXDOMAIN responses temporarily.
It seems like these responses occur about 10 seconds after the last log
entry in /var/log/ipaupgrade.log ("The ipa-server-upgrade command was
successful"). Based on th
Lachlan Musicman via FreeIPA-users wrote:
> When I first installed our replica, it worked just fine - I could add a
> user and see it on the master server. And vice versa.
>
> I recently went back to take a look and make sure everything was working
> - and it's not.
>
> ipactl status shows everyt
Kristian Petersen via FreeIPA-users
writes:
> The dirsrv log just shows a bunch of the following:
> [13/Oct/2017:14:32:07.132312021 -0600] - ERR - slapi_ldap_bind - Error:
> could not bind id [cn=Replication Manager cloneAgreement1-ipa
> 2.chem.byu.edu-pki-tomcat,ou=csusers,cn=config] authenticat
The dirsrv log just shows a bunch of the following:
[13/Oct/2017:14:32:07.132312021 -0600] - ERR - slapi_ldap_bind - Error:
could not bind id [cn=Replication Manager cloneAgreement1-ipa
2.chem.byu.edu-pki-tomcat,ou=csusers,cn=config] authentication mechanism
[SIMPLE]: error 32 (No such object)
Tha
Kristian Petersen via FreeIPA-users
writes:
> When I recently updated one of my IPA servers (it reports
> 4.5.0-21.el7_4.1.2 in yum), the result was that it could not start back up
> because pki-tomcatd kept failing. I was able to get it running for now by
> ignoring the failure of that one serv
When I recently updated one of my IPA servers (it reports
4.5.0-21.el7_4.1.2 in yum), the result was that it could not start back up
because pki-tomcatd kept failing. I was able to get it running for now by
ignoring the failure of that one service, but I haven't been able to to
determine the cause
On 10/26/2017 04:58 PM, Kristian Petersen via FreeIPA-users wrote:
I am having problems with the server that currently is my main CA and
was considering trying to switch that function to a different server. I
have tried some of the stuff I found online but the CA role can't be
enabled on anoth
Nicholas Hinds wrote:
> I tried running `sudo service named-pkcs11 stop` before the yum update,
> but FreeIPA still returned NXDOMAIN responses temporarily.
You want the service named.
> It seems like these responses occur about 10 seconds after the last log
> entry in /var/log/ipaupgrade.log ("T
Miguel Angel Coa M. wrote:
> Rob,
> My idea about A/D group is centralize the users for the winsync because
> some are in one OU and others in others (but i see this isn't possible)
>
> eg.
>
> Example2.com <-- Domain root
> Builtin <-- Default
> .
> .
> Users <-- Default users -> bas
I am having problems with the server that currently is my main CA and was
considering trying to switch that function to a different server. I have
tried some of the stuff I found online but the CA role can't be enabled on
another server because it is broken on the one that has it right now.
Hence
18 matches
Mail list logo