Hey guys,
I finished installing two replicas of my master. Both installations of the
replicas completed successfully, but when I try to run the ipa-setup-ca it is
having some issues.
The errors I get are:
ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA instance
On 12/03/2024 12:27, Rob Crittenden via FreeIPA-users wrote:
I guess the newer version of Dogtag in RHEL 9 doesn't include this
"Link" attribute, but pki.cert:CertDataInfoCollection.from_json in RHEL
8 expects it to be present.
Thanks for doing the research, this is great! Any chance you can
Good call, thank you. Got rid of
failed request, will retry: 903 (an internal error has occurred).)
However, got this instead:
>[28/30]: importing IPA certificate profiles
>Lookup failed: Preferred host ipa-slave01.flora.ltfs.tools does not provide CA.
>Lookup failed: Preferred host
D S via FreeIPA-users wrote:
> And another update. Tried patching the file - still the same issue.
> Note: line 863 now has ca_kdc_check(self.api instead of ca_kdc_check(ldap
> [Wed Mar 13 19:07:28.353046 2024] [:error] [pid 13823] File
>
And another update. Tried patching the file - still the same issue.
Note: line 863 now has ca_kdc_check(self.api instead of ca_kdc_check(ldap
[Wed Mar 13 19:07:28.353046 2024] [:error] [pid 13823] File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.py", line 863, in
execute
[Wed Mar
>Did you make any plugin changes?
Ok, you were right. I managed to fix ipa-replica-manage del command.
Apparently, after I restored original .py files I needed to delete .pyc files
as well. That fixed the error here.
As for AttributeError: 'ldap2' object has no attribute 'Object' - I applied
Hi Rob,
Thanks for your reply.
>what OS release are you using?
My master is running in docker container with freeipa-server:centos-7-4.6.8 and
replica is freeipa-server:almalinux-8-4.9.12.
>I'd also look in the journal for certmonger to see if it logged additional
>info about the request.
Here
On Wed, Mar 13, 2024 at 11:39 AM Florence Blanc-Renaud wrote:
>
> Hi,
>
> On Wed, Mar 13, 2024 at 10:06 AM Ian Kumlien wrote:
>>
>> On Tue, Mar 12, 2024 at 10:36 PM Florence Blanc-Renaud
>> wrote:
>> >
>> > Hi,
>> >
>> > On Tue, Mar 12, 2024 at 12:54 PM Ian Kumlien via FreeIPA-users
>> >
On Срд, 13 сак 2024, Bo Lind via FreeIPA-users wrote:
Update!
Our organisation has four IPA servers. I tried to edit
/etc/ipa/default.conf, to point at a different one. Server two didn't
work either, but server three did!
Perhaps some of those are RHEL9?
See
D S via FreeIPA-users wrote:
> Hello, I've encountered several issues while installing freeipa replica.
>
> I have freeipa 4.6.8 master and the replica I tried installing is 4.9.12.
Rather than focusing on the versions, what OS release are you using?
There are known crypto incompatibilities
seojeong kim via FreeIPA-users wrote:
> Hello Rob
> As you said, If any group member exceed 3K then you can experience slow down
> in server response.
> But in the big size of operation environment, members( especially the number
> of hosts) exceeding 3k is not that uncommon.
> So, I wonder
Hi,
On Wed, Mar 13, 2024 at 10:06 AM Ian Kumlien wrote:
> On Tue, Mar 12, 2024 at 10:36 PM Florence Blanc-Renaud
> wrote:
> >
> > Hi,
> >
> > On Tue, Mar 12, 2024 at 12:54 PM Ian Kumlien via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
> >>
> >> Hi,
> >>
> >> So i have spent
Update!
Our organisation has four IPA servers. I tried to edit /etc/ipa/default.conf,
to point at a different one. Server two didn't work either, but server three
did!
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To
I don't get very far. Step one is non-existant, I never get the AS_REQ, even
going back several days in the log.
For step two, I get:
Mar 13 10:51:29 idm0.example.local krb5kdc[1704](info): TGS_REQ (6 etypes
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
On Аўт, 12 сак 2024, Bo Lind via FreeIPA-users wrote:
root@naughtyhost:~# ipa host-show --all --raw naughtyhost|grep -i canon
krbcanonicalname: host/naughtyhost.example.local@EXAMPLE.LOCAL
Looks like that part is in order...? Does the capitalization matter?
It does.
When you attempt to do
On Tue, Mar 12, 2024 at 10:36 PM Florence Blanc-Renaud wrote:
>
> Hi,
>
> On Tue, Mar 12, 2024 at 12:54 PM Ian Kumlien via FreeIPA-users
> wrote:
>>
>> Hi,
>>
>> So i have spent quite some time trying to get out of the swamp that is
>> centos stream 8 and back to something with a actual upgrade
Just updated the machine to newest Rocky Linux 8.9 and rebooted, problem
persists...
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of
Hello, I've encountered several issues while installing freeipa replica.
I have freeipa 4.6.8 master and the replica I tried installing is 4.9.12.
During the replica install it seems that the replica is unable to get a CA cert
from my master:
DEBUG Configuring Kerberos KDC (krb5kdc)
DEBUG
Hello Rob
As you said, If any group member exceed 3K then you can experience slow down
in server response.
But in the big size of operation environment, members( especially the number of
hosts) exceeding 3k is not that uncommon.
So, I wonder if there is any way you recommend to manage this
19 matches
Mail list logo