[Freeipa-users] Re: FreeIPA NFS Automount with Kerberos troubleshooting help needed

On 01/11/2018 10:46 PM, Robbie Harwood via FreeIPA-users wrote: > jcccb via FreeIPA-users writes: > >> I got an FreeIPA Server (F27) up and running on a proxmox host in a vm >> fine so far with an Centos client as an NFS-Server. I setup a second >> ubuntu

[Freeipa-users] Re: FreeIPA NFS Automount with Kerberos troubleshooting help needed

jcccb via FreeIPA-users writes: > I got an FreeIPA Server (F27) up and running on a proxmox host in a vm > fine so far with an Centos client as an NFS-Server. I setup a second > ubuntu client (17.10) with indirect mounts for home an some storage > folders.

[Freeipa-users] Re: Promote new CA master after failure?

Robbie Harwood via FreeIPA-users wrote: > Jonathan Kelley via FreeIPA-users > writes: > >> I've got ipa-server 4.5.0. This is topology with 2 servers and and lost my >> primary. I found this guide "Promote CA to Renewal and CRL Master Procedure >> in FreeIPA

[Freeipa-users] Re: Replacing externally signed CA long before expiry

Steve Dainard via FreeIPA-users wrote: > Hi Flo, > > Is there anything I can do to help troubleshoot this issue? Or is there > a bugzilla issue I can watch? Flo wasn't able to reproduce this so there is no bug unless you file one. I'd look at the CA to see what the signer is: # certutil -L -d

[Freeipa-users] Re: Error ipa-replica-install on LXC (was The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records)

Ah, that'd be wonderful- that will solve my problem as I don't need NFS on LXC. If I have some time I will try editing the gssproxy unit file and see if that's the only stopper to running a FreeIPA replica on LXC. On Thu, Jan 11, 2018 at 9:17 PM, Robbie Harwood wrote: >

[Freeipa-users] Re: Two Different Environments, Crashed First Master

Michael S. Moody wrote: > I'm not seeing anything obvious, but in both cases, slapd log files look > very similar to this. Attached. I don't see any evidence of crashing in this log though it only covers about 30 minutes. I'd check the system logs to see if that shows anything (OOM kiler for

[Freeipa-users] Re: Two Different Environments, Crashed First Master

I'm not seeing anything obvious, but in both cases, slapd log files look very similar to this. Attached. On Thu, Jan 11, 2018 at 3:30 PM, Rob Crittenden wrote: > Michael S. Moody via FreeIPA-users wrote: > > Within the last week, in two completely separate environments,

[Freeipa-users] FreeIPA NFS Automount with Kerberos troubleshooting help needed

I got an FreeIPA Server (F27) up and running on a proxmox host in a vm fine so far with an Centos client as an NFS-Server. I setup a second ubuntu client (17.10) with indirect mounts for home an some storage folders. The home automount points are working fine but the others i cant access... i

[Freeipa-users] Re: Two Different Environments, Crashed First Master

Michael S. Moody via FreeIPA-users wrote: > Within the last week, in two completely separate environments, I've had > a first master go where the Directory Server won't stay running, and as > a result, pki-tomcatd, and other services will never start. This has > happened in two completely separate

[Freeipa-users] Re: replica install fails: CA_UNREACHABLE

lejeczek via FreeIPA-users wrote: > > > On 11/01/18 17:12, Florence Blanc-Renaud wrote: >> I must admit that I'm getting lost among all the errors... Can you >> summarize your topology (for instance server A installed as first IPA >> master, then server B successfully configured as a replica,

[Freeipa-users] Re: Error ipa-replica-install on LXC (was The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records)

Alex Corcoles via FreeIPA-users writes: > Maybe this is a bug in the definition of gssproxy? Should it be a Wants= > instead of a Requires=? And anyway something else is broken with proc-fs-nfsd to boot. Thanks, --Robbie signature.asc Description: PGP

[Freeipa-users] Re: Error ipa-replica-install on LXC (was The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records)

Alex Corcoles via FreeIPA-users writes: > Maybe this is a bug in the definition of gssproxy? Should it be a Wants= > instead of a Requires=? No, it's a bug I will have fixed in 7.5. The requirement needs to be from proc-fs-nfsd on gssproxy, not the other

[Freeipa-users] Advice about topology for personal use

Hi, After some comments on: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/7A2I475DZFE235QRJRXMRXTL3DVT46IN/ I decided to file a bug: https://bugzilla.redhat.com/show_bug.cgi?id=1533228 , but the comments there made me doubt my plan to set up

[Freeipa-users] Re: Error ipa-replica-install on LXC (was The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records)

Maybe this is a bug in the definition of gssproxy? Should it be a Wants= instead of a Requires=? On Wed, Jan 10, 2018 at 9:41 PM, Robbie Harwood wrote: > Alex Corcoles via FreeIPA-users > writes: > > > Jan 10 18:47:02

[Freeipa-users] Two Different Environments, Crashed First Master

Within the last week, in two completely separate environments, I've had a first master go where the Directory Server won't stay running, and as a result, pki-tomcatd, and other services will never start. This has happened in two completely separate distinct environments. I've had to basically fix

[Freeipa-users] Re: "certmonger.py", line 317, in request_and_wait_for_cert

On 01/11/2018 06:37 PM, lejeczek via FreeIPA-users wrote: On 11/01/18 17:02, Florence Blanc-Renaud wrote: On 01/11/2018 05:16 PM, lejeczek via FreeIPA-users wrote: On 11/01/18 15:02, Rob Crittenden wrote: lejeczek via FreeIPA-users wrote: hi not an python nor ipa expert here, looking at

[Freeipa-users] Re: Replacing externally signed CA long before expiry

On 01/10/2018 07:47 PM, Steve Dainard via FreeIPA-users wrote: Hi Flo, Is there anything I can do to help troubleshoot this issue? Or is there a bugzilla issue I can watch? Thanks, Steve Hi Steve, I was not able to reproduce the behavior you are experiencing. With IPA 4.5.0-22 on rhel

[Freeipa-users] Re: replica install fails: CA_UNREACHABLE

On 11/01/18 17:12, Florence Blanc-Renaud wrote: I must admit that I'm getting lost among all the errors... Can you summarize your topology (for instance server A installed as first IPA master, then server B successfully configured as a replica, then server C where I tried to run

[Freeipa-users] Re: replica install fails: CA_UNREACHABLE

On 11/01/18 17:12, Florence Blanc-Renaud wrote: I must admit that I'm getting lost among all the errors... Can you summarize your topology (for instance server A installed as first IPA master, then server B successfully configured as a replica, then server C where I tried to run

[Freeipa-users] Re: "certmonger.py", line 317, in request_and_wait_for_cert

On 11/01/18 17:02, Florence Blanc-Renaud wrote: On 01/11/2018 05:16 PM, lejeczek via FreeIPA-users wrote: On 11/01/18 15:02, Rob Crittenden wrote: lejeczek via FreeIPA-users wrote: hi not an python nor ipa expert here, looking at certmonger.py what does such an error indicate? : ipa  

[Freeipa-users] Re: replica install - certuil - script or log?

On 11/01/18 14:26, Rob Crittenden via FreeIPA-users wrote: Ludwig Krispenz via FreeIPA-users wrote: On 01/11/2018 02:36 PM, Rob Crittenden via FreeIPA-users wrote: lejeczek via FreeIPA-users wrote: hi everyone when I see this in replica install log: .. 2018-01-11T12:46:31Z DEBUG

[Freeipa-users] Re: "certmonger.py", line 317, in request_and_wait_for_cert

On 01/11/2018 05:16 PM, lejeczek via FreeIPA-users wrote: On 11/01/18 15:02, Rob Crittenden wrote: lejeczek via FreeIPA-users wrote: hi not an python nor ipa expert here, looking at certmonger.py what does such an error indicate? : ipa : DEBUG    certmonger request is in state

[Freeipa-users] Re: "certmonger.py", line 317, in request_and_wait_for_cert

On 11/01/18 15:02, Rob Crittenden wrote: lejeczek via FreeIPA-users wrote: hi not an python nor ipa expert here, looking at certmonger.py what does such an error indicate? : ipa : DEBUG    certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1)

[Freeipa-users] Re: "certmonger.py", line 317, in request_and_wait_for_cert

lejeczek via FreeIPA-users wrote: > hi > > not an python nor ipa expert here, looking at certmonger.py > > what does such an error indicate? : > > ipa : DEBUG    certmonger request is in state > dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1) > ipa : DEBUG   

[Freeipa-users] "certmonger.py", line 317, in request_and_wait_for_cert

hi not an python nor ipa expert here, looking at certmonger.py what does such an error indicate? : ipa : DEBUG    certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1) ipa : DEBUG    certmonger request is in state

[Freeipa-users] Re: replica install - certuil - script or log?

Ludwig Krispenz via FreeIPA-users wrote: > > On 01/11/2018 02:36 PM, Rob Crittenden via FreeIPA-users wrote: >> lejeczek via FreeIPA-users wrote: >>> hi everyone >>> >>> when I see this in replica install log: >>> >>> .. >>> 2018-01-11T12:46:31Z DEBUG args=/usr/bin/certutil -d >>>

[Freeipa-users] Re: replica install - certuil - script or log?

On 01/11/2018 02:36 PM, Rob Crittenden via FreeIPA-users wrote: lejeczek via FreeIPA-users wrote: hi everyone when I see this in replica install log: .. 2018-01-11T12:46:31Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -L -n PRIVATE.xx.xx.PRIVATE.xx.xx.x

[Freeipa-users] Re: corosycnc conflict with certmonger always`

barrykfl--- via FreeIPA-users wrote: > Already set a cluster of 2 nodes can work fine > > but evey reboot corosync seem conflict with certmonger service and login > service > > and cause ssh shell login slow. and idea.? other funct of freeipa / HA > actually is working fine. > > It seem will

[Freeipa-users] Re: replica install - certuil - script or log?

lejeczek via FreeIPA-users wrote: > hi everyone > > when I see this in replica install log: > > .. > 2018-01-11T12:46:31Z DEBUG args=/usr/bin/certutil -d > /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -L -n > PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA -a -f >

[Freeipa-users] replica install - certuil - script or log?

hi everyone when I see this in replica install log: .. 2018-01-11T12:46:31Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -L -n PRIVATE.xx.xx.PRIVATE.xx.xx.x IPA CA -a -f /etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/pwdfile.txt 2018-01-11T12:46:31Z

[Freeipa-users] Re: replica install fails: CA_UNREACHABLE

On 06/01/18 19:54, lejeczek via FreeIPA-users wrote: hi I'm trying to install replica, process fails: ..   [3/5]: creating anonymous principal   [4/5]: starting the KDC   [5/5]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin   [1/2]: starting