[Freeipa-users] Re: ipa-replica-manage: unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000

2018-03-12 Thread thierry bordaz via FreeIPA-users
Hi Harald, What version of DS are you running ? We have a reproducer (not systematic) for versions before https://bugzilla.redhat.com/show_bug.cgi?id=1516309 but we have not reproduced it since then, you may need to upgrade. best regards thierry On 03/12/2018 05:10 PM, Ludwig Krispenz

[Freeipa-users] Re: Using different distros

2018-03-12 Thread Andrew Meyer via FreeIPA-users
Thanks for the response, I don't think we will be issuing SSL certs from FreeIPA to systems in AWS running Amazon Linux 2. On Monday, March 12, 2018 10:54 AM, Rob Crittenden via FreeIPA-users wrote: Andrew Meyer via FreeIPA-users wrote: > I have

[Freeipa-users] Re: ipa-replica-manage: unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000

2018-03-12 Thread Ludwig Krispenz via FreeIPA-users
Hi, to get rid of this ruv entry with replicaid 7 you could try to run the cleanallruv task directly. On any server (and onöy on one) run ldapmodify . -D "cn=directory manager" |dn: cn=clean 7, cn=cleanallruv, cn=tasks, cn=config changetype: add objectclass: extensibleObject

[Freeipa-users] Re: Using different distros

2018-03-12 Thread Rob Crittenden via FreeIPA-users
Andrew Meyer via FreeIPA-users wrote: > I have emailed in previously fro issues w/ Amazon Linux 2 as a replica > server but I am wondering If I can use Amazon Linux 2 as a client > machine to FreeIPA.  Will I run into the same issues with SSL (NSS vs > OpenSSL) that I did with the replica? Hard

[Freeipa-users] Re: What does migration mode actually do?

2018-03-12 Thread Rob Crittenden via FreeIPA-users
Florence Blanc-Renaud via FreeIPA-users wrote: > On 03/09/2018 10:26 AM, Roderick Johnstone via FreeIPA-users wrote: >> On 09/03/2018 09:13, Florence Blanc-Renaud wrote: >>> On 03/09/2018 09:41 AM, Roderick Johnstone via FreeIPA-users wrote: Hi I'm using migration mode (ipa

[Freeipa-users] Re: [SSSD-users] Re: nss_getpwnam: name 't...@my.dom@localdomain' does not map into domain 'nix.my.dom'

2018-03-12 Thread Rob Crittenden via FreeIPA-users
TomK wrote: > On 3/7/2018 1:11 PM, Rob Crittenden wrote: > Hey Rob, > > When starting idmapd or stopping it, logs on the LDAP server don't > change.  But UID and GID's change to nfsnobody when I set Nobody-User > and Nobody-Group to nfsnobody in /etc/idmapd.conf . I don't know that merely

[Freeipa-users] Using different distros

2018-03-12 Thread Andrew Meyer via FreeIPA-users
I have emailed in previously fro issues w/ Amazon Linux 2 as a replica server but I am wondering If I can use Amazon Linux 2 as a client machine to FreeIPA.  Will I run into the same issues with SSL (NSS vs OpenSSL) that I did with the replica? Thank