[Freeipa-users] Failed to read service file. Hostname does not match any master server in LDAP
Hello everyone. Periodically and seemingly at random our replicas crash with the above error. Dirsrv shows as stopped and restarting doesn't help.Someone suggested earlier that this is due to problems with topology plugin but I don't think that the cause as we are still ondomainlevel=0. I'm not sure if it's a problem with 389ds or with some other part of freeipa. The only other clue I can think of is that often we see inconsistenciesbetween replicas. IE a user that is supposed to be present everywhere goes missing on just one of the many replicas. I'm quite at a loss on how to troubleshoot this further. I hope that someone can assist. ipactl startStarting Directory ServiceFailed to read data from service file: Failed to get list of services to probe status!Configured hostname 'server.pop.domain.local' does not match any master server in LDAP:No master found because of error: no such entryShutting down cat errors[26/Dec/2017:21:15:56.234793153 +] SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password.[26/Dec/2017:21:15:56.236060353 +] SSL alert: Security Initialization: Enabling default cipher set.[26/Dec/2017:21:15:56.236362922 +] SSL alert: Configured NSS Ciphers[26/Dec/2017:21:15:56.236652729 +] SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled[26/Dec/2017:21:15:56.236921632 +] SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.237114079 +] SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled[26/Dec/2017:21:15:56.237317678 +] SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled[26/Dec/2017:21:15:56.237526365 +] SSL alert: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled[26/Dec/2017:21:15:56.237746660 +] SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.237908539 +] SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled[26/Dec/2017:21:15:56.238087338 +] SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled[26/Dec/2017:21:15:56.238306056 +] SSL alert: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled[26/Dec/2017:21:15:56.238517868 +] SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.238724920 +] SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.238889982 +] SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled[26/Dec/2017:21:15:56.239048124 +] SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled[26/Dec/2017:21:15:56.239233534 +] SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled[26/Dec/2017:21:15:56.239402097 +] SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled[26/Dec/2017:21:15:56.239767245 +] SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled[26/Dec/2017:21:15:56.239997083 +] SSL alert: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled[26/Dec/2017:21:15:56.240177269 +] SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.240376177 +] SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled[26/Dec/2017:21:15:56.240585031 +] SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled[26/Dec/2017:21:15:56.240745192 +] SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled[26/Dec/2017:21:15:56.240897126 +] SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled[26/Dec/2017:21:15:56.241075071 +] SSL alert: TLS_AES_128_GCM_SHA256: enabled[26/Dec/2017:21:15:56.241245788 +] SSL alert: TLS_CHACHA20_POLY1305_SHA256: enabled[26/Dec/2017:21:15:56.241456256 +] SSL alert: TLS_AES_256_GCM_SHA384: enabled[26/Dec/2017:21:15:56.241617090 +] SSL alert: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled[26/Dec/2017:21:15:56.241766851 +] SSL alert: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled[26/Dec/2017:21:15:56.241947040 +] SSL alert: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled[26/Dec/2017:21:15:56.249524586 +] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2[26/Dec/2017:21:15:56.249909319 +] 389-Directory/1.3.5.10 B2017.102.203 starting up[26/Dec/2017:21:15:56.261829771 +] default_mr_indexer_create: warning - plugin [caseIgnoreIA5Match] does not handle caseExactIA5Match[26/Dec/2017:21:15:56.269563770 +] WARNING: changelog: entry cache size 2097152 B is less than db size 149151744 B; We recommend to increase the entry cache size nsslapd-cachememsize.[26/Dec/2017:21:15:56.300878069 +] schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup![26/Dec/2017:21:15:56.399266161 +] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist[26/Dec/2017:21:15:56.406444789 +] dna-plugin - dna_parse_config_entry: Unable to locate shared
[Freeipa-users] Re: ipa-client-install error on Cloudlinux
Support ot Cloudliunx replied - there is different minor version of ipa-client package from Centos 7 main upstream, and it has bug. Promise to update package in they repo during the nearest week. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Jens,I'm not familiar w/ Python. How do I pass the url, user and realm to it? Do I do something like this - './freeipaclient.py url=myurl user=username' ? Thank you! On Thursday, December 21, 2017 2:40 PM, Andrew Meyer via FreeIPA-userswrote: Does this script prompt you to enter the data needed or do I need to hard code it? On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users wrote: Thank you On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users wrote: Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org