date:20171226

[Freeipa-users] Failed to read service file. Hostname does not match any master server in LDAP

2017-12-26 Thread pgb205 via FreeIPA-users

Hello everyone. 
Periodically and seemingly at random our replicas crash with the above error. 
Dirsrv shows as stopped and restarting doesn't help.Someone suggested earlier 
that this is due to problems with topology plugin but I don't think that the 
cause as we are still ondomainlevel=0.
I'm not sure if it's a problem with 389ds or with some other part of freeipa. 
The only other clue I can think of is that often we see inconsistenciesbetween 
replicas. IE a user that is supposed to be present everywhere goes missing on 
just one of the many replicas. 
I'm quite at a loss on how to troubleshoot this further. I hope that someone 
can assist.
ipactl startStarting Directory ServiceFailed to read data from service file: 
Failed to get list of services to probe status!Configured hostname 
'server.pop.domain.local' does not match any master server in LDAP:No master 
found because of error: no such entryShutting down

cat errors[26/Dec/2017:21:15:56.234793153 +] SSL alert: Sending pin request 
to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the 
password.[26/Dec/2017:21:15:56.236060353 +] SSL alert: Security 
Initialization: Enabling default cipher set.[26/Dec/2017:21:15:56.236362922 
+] SSL alert: Configured NSS Ciphers[26/Dec/2017:21:15:56.236652729 +] 
SSL alert:   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 
enabled[26/Dec/2017:21:15:56.236921632 +] SSL alert:   
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.237114079 
+] SSL alert:   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 
enabled[26/Dec/2017:21:15:56.237317678 +] SSL alert:   
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled[26/Dec/2017:21:15:56.237526365 
+] SSL alert:   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 
enabled[26/Dec/2017:21:15:56.237746660 +] SSL alert:   
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.237908539 
+] SSL alert:   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 
enabled[26/Dec/2017:21:15:56.238087338 +] SSL alert:   
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled[26/Dec/2017:21:15:56.238306056 
+] SSL alert:   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 
enabled[26/Dec/2017:21:15:56.238517868 +] SSL alert:   
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.238724920 +] 
SSL alert:   TLS_DHE_DSS_WITH_AES_256_CBC_SHA: 
enabled[26/Dec/2017:21:15:56.238889982 +] SSL alert:   
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled[26/Dec/2017:21:15:56.239048124 
+] SSL alert:   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 
enabled[26/Dec/2017:21:15:56.239233534 +] SSL alert:   
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled[26/Dec/2017:21:15:56.239402097 +] 
SSL alert:   TLS_DHE_DSS_WITH_AES_128_CBC_SHA: 
enabled[26/Dec/2017:21:15:56.239767245 +] SSL alert:   
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled[26/Dec/2017:21:15:56.239997083 
+] SSL alert:   TLS_RSA_WITH_AES_256_GCM_SHA384: 
enabled[26/Dec/2017:21:15:56.240177269 +] SSL alert:   
TLS_RSA_WITH_AES_256_CBC_SHA: enabled[26/Dec/2017:21:15:56.240376177 +] SSL 
alert:   TLS_RSA_WITH_AES_256_CBC_SHA256: 
enabled[26/Dec/2017:21:15:56.240585031 +] SSL alert:   
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled[26/Dec/2017:21:15:56.240745192 +] 
SSL alert:   TLS_RSA_WITH_AES_128_CBC_SHA: 
enabled[26/Dec/2017:21:15:56.240897126 +] SSL alert:   
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled[26/Dec/2017:21:15:56.241075071 +] 
SSL alert:   TLS_AES_128_GCM_SHA256: enabled[26/Dec/2017:21:15:56.241245788 
+] SSL alert:   TLS_CHACHA20_POLY1305_SHA256: 
enabled[26/Dec/2017:21:15:56.241456256 +] SSL alert:   
TLS_AES_256_GCM_SHA384: enabled[26/Dec/2017:21:15:56.241617090 +] SSL 
alert:   TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: 
enabled[26/Dec/2017:21:15:56.241766851 +] SSL alert:   
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 
enabled[26/Dec/2017:21:15:56.241947040 +] SSL alert:   
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 
enabled[26/Dec/2017:21:15:56.249524586 +] SSL Initialization - Configured 
SSL version range: min: TLS1.0, max: TLS1.2[26/Dec/2017:21:15:56.249909319 
+] 389-Directory/1.3.5.10 B2017.102.203 starting 
up[26/Dec/2017:21:15:56.261829771 +] default_mr_indexer_create: warning - 
plugin [caseIgnoreIA5Match] does not handle 
caseExactIA5Match[26/Dec/2017:21:15:56.269563770 +] WARNING: changelog: 
entry cache size 2097152 B is less than db size 149151744 B; We recommend to 
increase the entry cache size 
nsslapd-cachememsize.[26/Dec/2017:21:15:56.300878069 +] 
schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 
seconds after the server startup![26/Dec/2017:21:15:56.399266161 +] 
NSACLPlugin - The ACL target cn=automember rebuild 
membership,cn=tasks,cn=config does not exist[26/Dec/2017:21:15:56.406444789 
+] dna-plugin - dna_parse_config_entry: Unable to locate shared

[Freeipa-users] Re: ipa-client-install error on Cloudlinux

2017-12-26 Thread Andrew Radygin via FreeIPA-users

Support ot Cloudliunx replied - there is different minor version of ipa-client 
package from Centos 7 main upstream, and it has bug. 
Promise to update package in they repo during the nearest week.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: api scripts

2017-12-26 Thread Andrew Meyer via FreeIPA-users

Jens,I'm not familiar w/ Python.  How do I pass the url, user and realm to it?  
Do I do something like this - './freeipaclient.py url=myurl user=username' ?
Thank you! 

On Thursday, December 21, 2017 2:40 PM, Andrew Meyer via FreeIPA-users 
 wrote:
 

 Does this script prompt you to enter the data needed or do I need to hard code 
it? 

On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users 
 wrote:
 

 Thank you 

On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users 
 wrote:
 

 Hi Andrew,

On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
> Does anyone have any examples or could share what they have written?
>
> I am trying to write a script and not sure what components I need. 
I've been working on a python client for a bit. It will probably be made
public when I'm done.
But at the moment I'm just adding methods as I need them.
You can find what I'm allowed to share at the moment at
https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9

feedback greatly appreciated.

Regards,
Jens Timmerman
>
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   ___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   ___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   ___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Failed to read service file. Hostname does not match any master server in LDAP

[Freeipa-users] Re: ipa-client-install error on Cloudlinux

[Freeipa-users] Re: api scripts

3 matches

Site Navigation

Mail list logo

Footer information