Re: [Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server

On 9/9/2016 2:46 PM, Georgios Kafataridis wrote: I've tried that but still the same result. [root@ipa-server /]# ldapsearch -D "cn=directory manager" -W -p 389 -h localhost -b "uid=admin,ou=people,o=ipaca" Enter LDAP Password: # extended LDIF # # LDAPv3 # base

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

Natxo Asenjo wrote: hi, I can reproduce this everytime. Restarting httpd fixes it for a while, but then ik stops working: $ ipa cert-show 1 ipa: ERROR: cannot connect to 'https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial': (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is

[Freeipa-users] Freeipa 4.2.0 slow response

Hi, I am experiencing a very slow response from freeipa.. the new passwords that I am resetting are never working for the users and its takes a lot of time for an existing user to login around 25 secs. doing a kinit admin itself is very slowKRB5_TRACE=/dev/stderr kinit admin [11298]

Re: [Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server

So, does anyone understand something more than me from the logs ? Can I search for something that can help me solve it ? On 9/9/2016 11:26 μμ, Georgios Kafataridis wrote: These are fresh logs from a last attempt to create a replica Centos 7 /var/log/pki/pki-tomcat/ca/debug

[Freeipa-users] About AllowGroups with sshd

Hello I have an question I have an FreeIPA 3.0 server(CentOS 6) with some clients servers(CentOS 6). I wants enable root a two servers this servers, because they are backup servers. I add theses lines in /etc/ssh/sshd_config of a client server. AllowUsers root@192.168.20.2

Re: [Freeipa-users] sssd stops after nss crashes

On (12/09/16 21:47), Lachlan Musicman wrote: >SELinux is disabled, updated to 1.14.1 today. > >This is the first crash in weeks, so we aren't that phased, although we'd >love to know it wont happen again BTW Did it really crashed? Do you have a coredump We fixed few bad bugs(regressions) in

Re: [Freeipa-users] Increase ListenBacklog for httpd

can anyone provide some insight on this please.. I have been trying to debug a hang issues for past few weeks.. and finally foudn that it starts with this issue when I see a lot of connections in SYN_RECV state. as it is happening now netstat shows around 14-16 connectiosn in SYNC_RECV If I

Re: [Freeipa-users] Disable DNS checks using ipa-server-intall with FreeIPA 4.3.2 on Fedora 24?

Thank you, Martin. '--allow-zone-overlap' may indeed fix one of the challenges. I will give it a try. Another check that is not a blocker but undesirable is the reverse zone lookup. The installer does a check and some turkey upstream of my infrastructure has a zone for 192.168.101.0 in a public

Re: [Freeipa-users] Disable DNS checks using ipa-server-intall with FreeIPA 4.3.2 on Fedora 24?

On Mon, Sep 12, 2016 at 6:01 AM, Rob Crittenden wrote: > Richard Harmonson wrote: > >> Is there an option to disable the various DNS checks using >> ipa-server-install with FreeIPA 4.3.2? Is there plans to do provide the >> option in future releases? Reviewing the

Re: [Freeipa-users] ipa-client requires ntp

- On Sep 12, 2016, at 2:54 PM, Rob Crittenden rcrit...@redhat.com wrote: > Troels Hansen wrote: >> Not sure if this should actually go here? >> >> ipa-client (and ipa-server) RPM requires ntp. >> Shouldn't it be sufficient to require any tools that provides ntp >> functionality (at least ntp

Re: [Freeipa-users] ipa-client requires ntp

Sorry for this half written email.. - On Sep 12, 2016, at 2:00 PM, Troels Hansen wrote: > ipa-client (and ipa-server) RPM requires ntp. > Shouldn't it be sufficient to req > -- > Med venlig hilsen > Troels Hansen > Systemkonsulent > Casalogic A/S > T (+45) 70

[Freeipa-users] ipa-client requires ntp

Not sure if this should actually go here? ipa-client (and ipa-server) RPM requires ntp. Shouldn't it be sufficient to require any tools that provides ntp functionality (at least ntp and chrony exists in RHEL) ? -- Med venlig hilsen Troels Hansen Systemkonsulent Casalogic A/S T

[Freeipa-users] ipa-client requires ntp

ipa-client (and ipa-server) RPM requires ntp. Shouldn't it be sufficient to req -- Med venlig hilsen Troels Hansen Systemkonsulent Casalogic A/S T (+45) 70 20 10 63 M (+45) 22 43 71 57 Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere. --

Re: [Freeipa-users] sssd stops after nss crashes

SELinux is disabled, updated to 1.14.1 today. This is the first crash in weeks, so we aren't that phased, although we'd love to know it wont happen again - the servers are part of a cluster that executes automated tasks as the data comes off genome sequencing machines - clinical medical analyses

Re: [Freeipa-users] The Web UI is not loading

Yes. I had to restart the browser. Now everything is working again. Thank you. On Mon, Sep 12, 2016 at 12:07 PM, Alexander Bokovoy wrote: > On Mon, 12 Sep 2016, Fujisan wrote: > >> Here is what i get when restarting ipa: >> >> # systemctl restart ipa >> > [] > > Sep 12

Re: [Freeipa-users] sssd stops after nss crashes

On (12/09/16 11:09), Lachlan Musicman wrote: >We saw another sssd crash on the weekend (well, Friday night). > >Centos 7, sssd 1.14.0 from COPR > Please upgrade to 1.14.1 from copr. >Everything has worked fine for over a month until Friday. > >According to the log sssd_nss on the host in

Re: [Freeipa-users] The Web UI is not loading

On Mon, 12 Sep 2016, Fujisan wrote: Here is what i get when restarting ipa: # systemctl restart ipa [] Sep 12 11:32:59 myserver ipactl: ipa: INFO: The ipactl command was successful Sep 12 11:32:59 myserver ipactl: Starting Directory Service Sep 12 11:32:59 myserver ipactl: Starting

Re: [Freeipa-users] bind crashes on rndc reload

On Monday, September 12, 2016 10:31:10 AM CDT Jochen Demmer wrote: > Hi, > > I have a major issue with my setup: > Fedora 24 > freeipa-common-4.3.2-2.fc24.noarch > freeipa-admintools-4.3.2-2.fc24.noarch > freeipa-server-dns-4.3.2-2.fc24.noarch > freeipa-client-common-4.3.2-2.fc24.noarch >

Re: [Freeipa-users] The Web UI is not loading

On Mon, 12 Sep 2016, Fujisan wrote: Ok I installed the missing package and restarted ipa but it is still not woking. We need logs. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to

Re: [Freeipa-users] The Web UI is not loading

Ok I installed the missing package and restarted ipa but it is still not woking. On Mon, Sep 12, 2016 at 11:13 AM, Fujisan wrote: > No it is missing! > > On Mon, Sep 12, 2016 at 10:55 AM, Alexander Bokovoy > wrote: > >> On Mon, 12 Sep 2016, Fujisan

Re: [Freeipa-users] The Web UI is not loading

No it is missing! On Mon, Sep 12, 2016 at 10:55 AM, Alexander Bokovoy wrote: > On Mon, 12 Sep 2016, Fujisan wrote: > >> Hello, >> >> This morning I noticed I could not reload the Freeipa web ui. Its was >> working well friday but something must have happend over the

Re: [Freeipa-users] The Web UI is not loading

On Mon, 12 Sep 2016, Fujisan wrote: Hello, This morning I noticed I could not reload the Freeipa web ui. Its was working well friday but something must have happend over the weekend. Do you have pki-symkey installed? /usr/share/pki/server/common/lib/symkey.jar points to

Re: [Freeipa-users] Disable DNS checks using ipa-server-intall with FreeIPA 4.3.2 on Fedora 24?

On 11.09.2016 20:15, Richard Harmonson wrote: Is there an option to disable the various DNS checks using ipa-server-install with FreeIPA 4.3.2? Is there plans to do provide the option in future releases? Reviewing the ipa-server-install man page, I am not seeing it. I want to compliment

[Freeipa-users] bind crashes on rndc reload

Hi, I have a major issue with my setup: Fedora 24 freeipa-common-4.3.2-2.fc24.noarch freeipa-admintools-4.3.2-2.fc24.noarch freeipa-server-dns-4.3.2-2.fc24.noarch freeipa-client-common-4.3.2-2.fc24.noarch freeipa-server-4.3.2-2.fc24.x86_64 freeipa-server-common-4.3.2-2.fc24.noarch

Re: [Freeipa-users] General query regarding nameserver enrtry

On 08.09.2016 06:49, Deepak Dimri wrote: Thanks Martin for your reply. It would be cool if i can have IPA client to resolve IPA server without specifying nameserver in resolv.conf How do i configure zone delegation? is there any document i can refer?

Re: [Freeipa-users] sssd stops after nss crashes

On Mon, Sep 12, 2016 at 11:09:05AM +1000, Lachlan Musicman wrote: > (Fri Sep 9 20:41:13 2016) [sssd[nss]] [sbus_client_init] (0x0020): > check_file failed for [/var/lib/sss/pipes/private/ > sbus-dp_unix.petermac.org.au]. It looks like the domain process died and never recovered. What is in

[Freeipa-users] problems with ipa server no longer responding to ldap

Hello there. My setup is that i have five ipa servers. 2 in one location (alder, auth-syd2), 2 in anouther location (auth-wlg, auth-wlg2), and one in yet anouther location (waffle) which is reached over a long, mostly-but-possibly-notably-not-entirely reliable vpn connection. I'm having an issue