[Freeipa-users] dirsrv replicas crashing with FD errors

2019-01-09 Thread None via FreeIPA-users
I recently reinstalled a couple of our freeipa replicas and they're both falling over with the same error. They run for a few minutes - as little as one, or up to an hour, and then fall over with thousands of errors like this: > ERR - accept_and_configure - PR_Accept() failed, Netscape Portable

[Freeipa-users] Re: is anyone running Debian as freeipa-client

2019-01-09 Thread Eric Engstrom via FreeIPA-users
> one option would be to only build freeipa-client, but that'd leave > anyone using the server out in the cold. Since some of us are running the server on different distros, what do you see as the blockers to getting freeipa-client into debian, presumably without -server? And, in the interest

[Freeipa-users] Re: FreeIPA for the maximally paranoid and overworked?

2019-01-09 Thread Charles Hedrick via FreeIPA-users
Rob mentioned issues with restoring data for one entry. We run on VMs, and periodically take snapshots. We can copy a snapshot to a new VM. Since the hostname is critical, edit /etc/hosts and add an entry for the new IP address giving it the original hostname. That way the system will think

[Freeipa-users] Re: FreeIPA for the maximally paranoid and overworked?

2019-01-09 Thread K. M. Peterson via FreeIPA-users
Rob, Thanks for your response, it was very helpful! A monitoring tool would be great, I should say that I am sleeping better because I'm getting to the point where I can at least back-out things when there's that kind of failure. It sounds like the level of caution that I've applied to this is

[Freeipa-users] Re: system time

2019-01-09 Thread Charles Hedrick via FreeIPA-users
In Linux, time is always in UTC internally. The time zone controls how time it shown to users. Changing the time zone thus has no effect on the internal operations of the servers. It just changes log files and user displays. If you actually reset the time on the server to local time, Kerberos

[Freeipa-users] Re: ipa-replica-manage --force replica.server fails

2019-01-09 Thread K. M. Peterson via FreeIPA-users
I located every entry in LDAP that referenced the failed server and removed each of them. I know that the entries in the etc ipa masters hierarchies wouldn't go until I'd removed several of the others, which know included the custodia entries. I think there weren't any topology entries by that

[Freeipa-users] Re: uid/gid mapping from windows to IPA

2019-01-09 Thread Charles Hedrick via FreeIPA-users
I forgot to note that you use “nfsadmin” to enable to mapping. nfsadmin mapping config addomain=krb1.cs.rutgers.edu nfsadmin mapping config adlookup=yes In this case I’m pointing to your KDC. I believe it will work if you use your domain name, as long as you have the appropriate DNS entries.

[Freeipa-users] uid/gid mapping from windows to IPA

2019-01-09 Thread Charles Hedrick via FreeIPA-users
We’re in the process of setting up Windows machines to authenticate against IPA and use home directories from our NFS servers with Kerberized NFS. The process is not easy, but possible. One thing I’ve found frustrating is that documentation on Windows NFS is terrible. In particular, when you

[Freeipa-users] Re: ipa-server Upgrade to 4.6.4 warning: %posttrans(bind-32:9.9.4-72.el7.x86_64)

2019-01-09 Thread François Cami via FreeIPA-users
On Wed, Jan 9, 2019 at 4:07 PM Rob Crittenden via FreeIPA-users wrote: > Christopher Lamb via FreeIPA-users wrote: > > Hi > > > > I have just upgraded our ipa-server from 4.2 to 4.6.4 via yum update on > > OEL 7.2. > > > > At the very last step of the yum update I got the following warning: > > >

[Freeipa-users] Re: ipa-server Upgrade to 4.6.4 warning: %posttrans(bind-32:9.9.4-72.el7.x86_64)

2019-01-09 Thread Rob Crittenden via FreeIPA-users
Christopher Lamb via FreeIPA-users wrote: > Hi >   > I have just upgraded our ipa-server from 4.2 to 4.6.4 via yum update on > OEL 7.2. >   > At the very last step of the yum update I got the following warning: >   > OSError: No such file or directory > ValueError: SELinux policy is not managed or

[Freeipa-users] Re: Recommendation for adding client with 2 NICs (laptop with LAN & WLAN)

2019-01-09 Thread 74cmonty via FreeIPA-users
Well, could you please share your recommendation for this request, means how would you add / maintain a laptop with 2 NICs? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

[Freeipa-users] Re: system time

2019-01-09 Thread Md. Khairul Hasan via FreeIPA-users
Hi Rob, Thanks for your response . In my server following service are running . Do you have any idea what's service depends on system time . dirsrv@BANGLALINK-NET.service = 389 Directory Server BANGLALINK-NET. httpd.service = The Apache HTTP Server ipa-custodia.service

[Freeipa-users] Re: pki tomcat issue: Unable to communicate with CMS 500

2019-01-09 Thread Florence Blanc-Renaud via FreeIPA-users
On 1/8/19 10:45 PM, Stijn De Weirdt via FreeIPA-users wrote: hi all, we are running centos76 with ipa-server-4.6.4-10.el7 (one master and one replica; the upgrade went fine on both) and we have a problem with pki tomcat. (we are not sure since when this occurs, but it might be from after the