[Freeipa-users] Maximum number of sessions reached?

Hi all, I'm getting a maximum number of sessions message from FreeIPA: Failed to create session: Maximum number of sessions (8192) reached, refusing further sessions. I think it's causing this error when any server tries to enroll itself: Cannot connect to the server due to generic er

[Freeipa-users] Re: /etc/httpd/alias not getting renewed cert

Just to add, getcert seems to think they're all up to date: getcert list | grep expires expires: 2019-06-16 04:38:58 UTC expires: 2020-06-05 01:24:55 UTC expires: 2020-06-05 01:29:28 UTC expires: 2020-06-05 01:32:01 UTC expires: 2038-06-17 09:06:38 UTC expires: 2020-06-05 01:34:31 UTC expires: 202

[Freeipa-users] Re: unable to connect two replicas: Connection unsuccessful, xxxx is an IPA Server, but it might be unknown, foreign or previously deleted one.

Just solved it: replica1 could not find replica2. I checked on its DNS, it was missing all replica2 entries. I cleaned manually some DNS entries and forced the synchronization with the master --> it solved the problem. I could then connect my two replicas ! Sorry for the noise. __

[Freeipa-users] Re: unable to connect two replicas: Connection unsuccessful, xxxx is an IPA Server, but it might be unknown, foreign or previously deleted one.

[ Sorry for the multiple mails ] I just found out that the other replica (replica1) does not see at all the new replica (replica2). I tried from the web UI, ipa server-find, ipa-replica-manager list on that replica (replica1). How can I make replica1 "aware" of replica2 ? _

[Freeipa-users] Re: unable to connect two replicas: Connection unsuccessful, xxxx is an IPA Server, but it might be unknown, foreign or previously deleted one.

I just understood that the dnarange unset part is normal: "New IPA masters do not automatically get a DNA range assignment. A range assignment is done only when a user or POSIX group is added on that master." from man ipa-replica-manage ___ FreeIPA-u

[Freeipa-users] Re: unable to connect two replicas: Connection unsuccessful, xxxx is an IPA Server, but it might be unknown, foreign or previously deleted one.

Can anybody provide some suggestions about this problem ? It prevents me from updating my CS master. I tried to delete my replica2. To clean everything, agreements, RUVs on each master. Then to create the replica again: exact same problem: I can not connect it to the other replica, and it has

[Freeipa-users] Re: Add SAN attributes to certificate at sign time

On Fri, Jul 13, 2018 at 09:13:02AM -, vitenbergd--- via FreeIPA-users wrote: > Thank you very much, there are tons of valuable info in your blog > ralated to this topic. Right now we are using 4.4 version of > FreeIPA and autoconvertion of CN -> SAN DNS was not the exact > thing i wanted to ach

[Freeipa-users] Re: Add SAN attributes to certificate at sign time

Thank you very much, there are tons of valuable info in your blog ralated to this topic. Right now we are using 4.4 version of FreeIPA and autoconvertion of CN -> SAN DNS was not the exact thing i wanted to achieve (though this feature is awesome), i used SubjectAltNameExtDefault attribute to ad