Running FreeIPA 4.1 on Fedora 21 on Xenserver 6.2 in HVM mode. No issues.
Kind Regards,
David
2015-05-06 11:15 GMT+02:00 Alexander Frolushkin
alexander.frolush...@megafon.ru:
Hello.
We have periodically hanging and crashing dirsrv in our ipa servers.
All of them running in VM on Vmware.
ldapsearch hangs. Dirsrv is not responding now.
if the server is hanging, can you get a pstack
Thread 45 (Thread 0x7fc6a562d700 (LWP 1868)):
#0 0x7fc6b2f1aae3 in select () from /lib64/libc.so.6
#1 0x7fc6b5492a99 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
#2
This is looking like thread 13 prevents thread 12 run (and all the others).
Now thread 13 is likely waiting for db page? We may need output of
db_stat (db_state -N -h /var/lib/dirsrv/slapd-xxx/db/ -CA)
thanks
thierry
On 05/06/2015 11:31 AM, Łukasz Jaworski wrote:
ldapsearch hangs. Dirsrv is
On 6.5.2015 10:06, Petr Spacek wrote:
General advice about views is
'do not use them' :-)
It is much cleaner to put internal names in a sub-domain like int.example.com.
(while example.com. is the public-facing domain) and restrict access to this
sub-domain using ACL.
In long term it will
Hi,
ipactl stops working after dirsrv-stop/start.
There are many changes in the changelog:
from 39399 to 44397
(…)
# 44393, changelog
dn: changenumber=44393,cn=changelog
# 44394, changelog
dn: changenumber=44394,cn=changelog
# 44395, changelog
dn: changenumber=44395,cn=changelog
# 44396,
Hello.
We have periodically hanging and crashing dirsrv in our ipa servers.
All of them running in VM on Vmware.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Christoph Kaminski
Sent:
On 05/06/2015 11:10 AM, Łukasz Jaworski wrote:
Hi,
ipactl stops working after dirsrv-stop/start.
There are many changes in the changelog:
from 39399 to 44397
(…)
# 44393, changelog
dn: changenumber=44393,cn=changelog
# 44394, changelog
dn: changenumber=44394,cn=changelog
# 44395, changelog
dbstat:
MacBookPro-10DDB1EAF1CC-1522:~ ender$ cat FILE
Default locking region information:
139 Last allocated locker ID
0x7fff Current maximum unused locker ID
9 Number of lock modes
200 Initial number of locks allocated
0 Initial number of lockers allocated
200
please reply to the mailing list
On 05/06/2015 11:00 AM, Łukasz Jaworski wrote:
Hi,
ipactl stops working after dirsrv-stop/start.
There are many changes in the changelog:
from 39399 to 44397
(…)
# 44393, changelog
dn: changenumber=44393,cn=changelog
# 44394, changelog
dn:
On 05/06/2015 08:24 AM, Kamal Perera wrote:
Dear All,
How is the revocation of issuing CA certificates are handled? We are using
OCSP responders for revocation checking of certificates issued by the
Issuing CAs. So do we have to setup another OCSP or CRL distribution point
to let the
On Tue, May 05, 2015 at 09:14:52PM -0700, Nathan Peters wrote:
From this link :
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory-trust.html#comp-trust-krb
The diagram in that section shows the client communicating with
On 05/05/2015 04:49 PM, Mark Reynolds wrote:
On 05/05/2015 07:49 AM, Ludwig Krispenz wrote:
On 05/05/2015 01:27 PM, Martin Kosek wrote:
On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
Hi,
I tried migrate to newest version IPA, but result is quite unstable and
removing old replicas ends
Hi,
One of our replica hanged up morning. Error log after dirsrv restart:
[06/May/2015:09:28:15 +0200] - Retry count exceeded in delete
[06/May/2015:09:28:15 +0200] DSRetroclPlugin - delete_changerecord: could not
delete change record 38376 (rc: 51)
[06/May/2015:09:28:15 +0200] - Operation error
This tool cannot clear undecoded RUVs, I had sucess only with cleanallruv.pl
script. Btw anybody know about some IDM training in Europe (RedHat/FreeIPA)
?
Vasek
On Wed, May 6, 2015 at 8:22 AM, Martin Kosek mko...@redhat.com wrote:
On 05/05/2015 04:49 PM, Mark Reynolds wrote:
On
Dear All,
How is the revocation of issuing CA certificates are handled? We are using
OCSP responders for revocation checking of certificates issued by the
Issuing CAs. So do we have to setup another OCSP or CRL distribution point
to let the applications to query for the revocation of issuing CA
let's keep the info on the list, more peple more ideas
Original Message
Subject:Re: [Freeipa-users] IPA RUV unable to decode
Date: Tue, 5 May 2015 18:32:15 +0200
From: Vaclav Adamec vaclav.ada...@suchy-zleb.cz
To: Ludwig Krispenz lkris...@redhat.com
master:
On 05/06/2015 07:48 AM, Christoph Kaminski wrote:
Hi
we have some undefinably problems here with IPA inside a VM (rhev/kvm). We
has often zombie processes (defunct) with certmonger and dirsrv and
segfaults (dmesg)... We have 8 IPA servers, 4 Hardware and 4 VM's with
same Install
Thanks I will check.
On Tue, Apr 28, 2015 at 12:26 PM, Niranjan M.R mrniran...@redhat.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/28/2015 11:20 AM, Kamal Perera wrote:
Dear All,
I'm in the process of regaining one of the old CA systems which was not
being used for a
Hello!
On 5.5.2015 00:24, nat...@nathanpeters.com wrote:
bind.x86_6432:9.9.4-20.el7.centos.pkcs11
@mkosek-freeipa
bind-dyndb-ldap.x86_64 6.1-1.el7.centos
This version works for me (tested on Fedora 21).
And for reference here are the relevant
Kamal Perera wrote:
Dear All,
How is the revocation of issuing CA certificates are handled? We are
using OCSP responders for revocation checking of certificates issued by
the Issuing CAs. So do we have to setup another OCSP or CRL distribution
point to let the applications to query for
I'm having this issue. I discovered when I would randomly get locked out of
the admin account with the usual:
kinit: Clients credentials have been revoked while getting initial
credentials
The scenario would go as follows:
Sometimes I would try to issue kinit admin, with the correct credentials
On Mon, 04 May 2015, Andrew Morone wrote:
I'm having this issue. I discovered when I would randomly get locked out of
the admin account with the usual:
kinit: Clients credentials have been revoked while getting initial
credentials
The scenario would go as follows:
Sometimes I would try to
Hi,
The goal is to have a common password to give users access to a Linux
system via PuTTY/SSH and Samba file-shares where currently for
historical reasons we have 2 passwords, which is a real PITA.
The PuTTY logins work great but I need to get the logins for the
Samba4 shares working from Win7
On 05/06/2015 12:25 AM, Martin Kosek wrote:
On 05/06/2015 07:48 AM, Christoph Kaminski wrote:
Hi
we have some undefinably problems here with IPA inside a VM (rhev/kvm). We
has often zombie processes (defunct) with certmonger and dirsrv and
segfaults (dmesg)... We have 8 IPA servers, 4 Hardware
Hello Team,
We are hosting a few servers at Amazon and using their Elastic Load Balancing
service that gives us a link to a load balancer in the following format:
webserver-1234567890.us-east-1.elb.amazonaws.com
I was looking for a ways to implement a shorter alias using CNAME like:
Ok, I have attempted to set this up by adding the AD domain to my
configuration and it still isn't working.
I just want to confirm what I'm trying to accomplish here before I list
what I've done to troubleshoot this.
We have an AD domain called corp.addomain.net. We have UPNs set so AD
users
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to decode
thread), if you are sure that's not any live replica server behind
this id than just try cleanallruv.pl -w X -b dc= -r 9
Vasek
On Thu, May 7, 2015 at 2:25 AM, Janelle janellenicol...@gmail.com wrote:
Hi again..
Just a guess, what is your deployment size?
We have a two ipa domains, one have 3 servers (2 hw and 1 vm, no issues with
dirsrv yet), another currently includes 16 vm servers, ant dirsrv hangs and
crashes periodically…
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
From: David
On 5/6/15 8:12 PM, Vaclav Adamec wrote:
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to decode
thread), if you are sure that's not any live replica server behind
this id than just try cleanallruv.pl -w X -b dc= -r 9
Vasek
On Thu, May 7, 2015 at 2:25 AM, Janelle
On 05/06/2015 02:15 PM, nat...@nathanpeters.com wrote:
Ok, I have attempted to set this up by adding the AD domain to my
configuration and it still isn't working.
I just want to confirm what I'm trying to accomplish here before I list
what I've done to troubleshoot this.
We have an AD domain
Hi again..
Seems to be an ongoing theme (replication). How does one remove these?
unable to decode: {replica 9} 553ef80e00010009 55402c390009
I am hoping this is a stupid question with a really simple answer that I
am simply missing?
~J
--
Manage your subscription for the
Hi
Yes, it's possible to operate freeIPA and Samba as you suggest, we have
been doing so for some years now (with several freeIPA and Samba versions).
Our end users use a mix of Windows and OSX laptops / workstations. These
are not members of any kind of domain. They access our file servers via
32 matches
Mail list logo