Hi all,
Yesterday my fedora 24 box received an update for sssd to 1.14.1-2.fc24.
Then after the reboot the nfs-idmap service told me it couldn't start
because it could not find method sss.
So I filed a bug report and tried switching the method nsswitch.
But now all files on my kerberos nfs4 sha
On 9/9/2016 2:46 PM, Georgios Kafataridis wrote:
I've tried that but still the same result.
[root@ipa-server /]# ldapsearch -D "cn=directory manager" -W -p 389 -h
localhost -b "uid=admin,ou=people,o=ipaca"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (obje
Natxo Asenjo wrote:
hi,
I can reproduce this everytime. Restarting httpd fixes it for a while,
but then ik stops working:
$ ipa cert-show 1
ipa: ERROR: cannot connect to
'https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial':
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is
Hi,
I am experiencing a very slow response from freeipa.. the new passwords
that I am resetting are never working for the users and its takes a lot of
time for an existing user to login around 25 secs.
doing a kinit admin itself is very slowKRB5_TRACE=/dev/stderr kinit admin
[11298] 1473702491.60
So, does anyone understand something more than me from the logs ? Can I
search for something that can help me solve it ?
On 9/9/2016 11:26 μμ, Georgios Kafataridis wrote:
These are fresh logs from a last attempt to create a replica
Centos 7
/var/log/pki/pki-tomcat/ca/debug
[09/Sep/2016:22:
Hello
I have an question
I have an FreeIPA 3.0 server(CentOS 6) with some clients servers(CentOS 6).
I wants enable root a two servers this servers, because they are backup
servers.
I add theses lines in /etc/ssh/sshd_config of a client server.
AllowUsers root@192.168.20.2
AllowU
On (12/09/16 21:47), Lachlan Musicman wrote:
>SELinux is disabled, updated to 1.14.1 today.
>
>This is the first crash in weeks, so we aren't that phased, although we'd
>love to know it wont happen again
BTW Did it really crashed? Do you have a coredump
We fixed few bad bugs(regressions) in 1.14.1
can anyone provide some insight on this please.. I have been trying to
debug a hang issues for past few weeks.. and finally foudn that it starts
with this issue when I see a lot of connections in SYN_RECV state.
as it is happening now
netstat shows around 14-16 connectiosn in SYNC_RECV
If I coul
Thank you, Martin. '--allow-zone-overlap' may indeed fix one of the
challenges. I will give it a try.
Another check that is not a blocker but undesirable is the reverse zone
lookup. The installer does a check and some turkey upstream of my
infrastructure has a zone for 192.168.101.0 in a public DN
On Mon, Sep 12, 2016 at 6:01 AM, Rob Crittenden wrote:
> Richard Harmonson wrote:
>
>> Is there an option to disable the various DNS checks using
>> ipa-server-install with FreeIPA 4.3.2? Is there plans to do provide the
>> option in future releases? Reviewing the ipa-server-install man page, I
>
- On Sep 12, 2016, at 2:54 PM, Rob Crittenden rcrit...@redhat.com wrote:
> Troels Hansen wrote:
>> Not sure if this should actually go here?
>>
>> ipa-client (and ipa-server) RPM requires ntp.
>> Shouldn't it be sufficient to require any tools that provides ntp
>> functionality (at least ntp a
siology.io wrote:
Hello there.
My setup is that i have five ipa servers. 2 in one location (alder,
auth-syd2), 2 in anouther location (auth-wlg, auth-wlg2), and one in yet
anouther location (waffle) which is reached over a long,
mostly-but-possibly-notably-not-entirely reliable vpn connection.
Richard Harmonson wrote:
Is there an option to disable the various DNS checks using
ipa-server-install with FreeIPA 4.3.2? Is there plans to do provide the
option in future releases? Reviewing the ipa-server-install man page, I
am not seeing it.
I want to compliment the team for placing safeguar
Troels Hansen wrote:
Not sure if this should actually go here?
ipa-client (and ipa-server) RPM requires ntp.
Shouldn't it be sufficient to require any tools that provides ntp
functionality (at least ntp and chrony exists in RHEL) ?
AFAIU there is no way to dynamically prefer one package or ano
Sorry for this half written email..
- On Sep 12, 2016, at 2:00 PM, Troels Hansen wrote:
> ipa-client (and ipa-server) RPM requires ntp.
> Shouldn't it be sufficient to req
> --
> Med venlig hilsen
> Troels Hansen
> Systemkonsulent
> Casalogic A/S
> T (+45) 70 20 10 63
> M (+45)
Not sure if this should actually go here?
ipa-client (and ipa-server) RPM requires ntp.
Shouldn't it be sufficient to require any tools that provides ntp functionality
(at least ntp and chrony exists in RHEL) ?
--
Med venlig hilsen
Troels Hansen
Systemkonsulent
Casalogic A/S
T (+
ipa-client (and ipa-server) RPM requires ntp.
Shouldn't it be sufficient to req
--
Med venlig hilsen
Troels Hansen
Systemkonsulent
Casalogic A/S
T (+45) 70 20 10 63
M (+45) 22 43 71 57
Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
meget mere.
--
SELinux is disabled, updated to 1.14.1 today.
This is the first crash in weeks, so we aren't that phased, although we'd
love to know it wont happen again - the servers are part of a cluster that
executes automated tasks as the data comes off genome sequencing machines -
clinical medical analyses t
Yes. I had to restart the browser.
Now everything is working again.
Thank you.
On Mon, Sep 12, 2016 at 12:07 PM, Alexander Bokovoy
wrote:
> On Mon, 12 Sep 2016, Fujisan wrote:
>
>> Here is what i get when restarting ipa:
>>
>> # systemctl restart ipa
>>
> []
>
> Sep 12 11:32:59 myserver ipa
On (12/09/16 11:09), Lachlan Musicman wrote:
>We saw another sssd crash on the weekend (well, Friday night).
>
>Centos 7, sssd 1.14.0 from COPR
>
Please upgrade to 1.14.1 from copr.
>Everything has worked fine for over a month until Friday.
>
>According to the log sssd_nss on the host in question:
On Mon, 12 Sep 2016, Fujisan wrote:
Here is what i get when restarting ipa:
# systemctl restart ipa
[]
Sep 12 11:32:59 myserver ipactl: ipa: INFO: The ipactl command was
successful
Sep 12 11:32:59 myserver ipactl: Starting Directory Service
Sep 12 11:32:59 myserver ipactl: Starting krb5kd
On Monday, September 12, 2016 10:31:10 AM CDT Jochen Demmer wrote:
> Hi,
>
> I have a major issue with my setup:
> Fedora 24
> freeipa-common-4.3.2-2.fc24.noarch
> freeipa-admintools-4.3.2-2.fc24.noarch
> freeipa-server-dns-4.3.2-2.fc24.noarch
> freeipa-client-common-4.3.2-2.fc24.noarch
> freeipa-
On Mon, 12 Sep 2016, Fujisan wrote:
Ok I installed the missing package and restarted ipa but it is still not
woking.
We need logs.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.o
Ok I installed the missing package and restarted ipa but it is still not
woking.
On Mon, Sep 12, 2016 at 11:13 AM, Fujisan wrote:
> No it is missing!
>
> On Mon, Sep 12, 2016 at 10:55 AM, Alexander Bokovoy
> wrote:
>
>> On Mon, 12 Sep 2016, Fujisan wrote:
>>
>>> Hello,
>>>
>>> This morning I no
No it is missing!
On Mon, Sep 12, 2016 at 10:55 AM, Alexander Bokovoy
wrote:
> On Mon, 12 Sep 2016, Fujisan wrote:
>
>> Hello,
>>
>> This morning I noticed I could not reload the Freeipa web ui. Its was
>> working well friday but something must have happend over the weekend.
>>
> Do you have pki
On Mon, 12 Sep 2016, Fujisan wrote:
Hello,
This morning I noticed I could not reload the Freeipa web ui. Its was
working well friday but something must have happend over the weekend.
Do you have pki-symkey installed?
/usr/share/pki/server/common/lib/symkey.jar points to
/usr/lib/java/symkey.ja
On 11.09.2016 20:15, Richard Harmonson wrote:
Is there an option to disable the various DNS checks using
ipa-server-install with FreeIPA 4.3.2? Is there plans to do provide
the option in future releases? Reviewing the ipa-server-install man
page, I am not seeing it.
I want to compliment the
Hi,
I have a major issue with my setup:
Fedora 24
freeipa-common-4.3.2-2.fc24.noarch
freeipa-admintools-4.3.2-2.fc24.noarch
freeipa-server-dns-4.3.2-2.fc24.noarch
freeipa-client-common-4.3.2-2.fc24.noarch
freeipa-server-4.3.2-2.fc24.x86_64
freeipa-server-common-4.3.2-2.fc24.noarch
freeipa-client-4
On 08.09.2016 06:49, Deepak Dimri wrote:
Thanks Martin for your reply.
It would be cool if i can have IPA client to resolve IPA server
without specifying nameserver in resolv.conf
How do i configure zone delegation? is there any document i can refer?
http://www.zytrax.com/books/dns/ch9/de
On Mon, Sep 12, 2016 at 11:09:05AM +1000, Lachlan Musicman wrote:
> (Fri Sep 9 20:41:13 2016) [sssd[nss]] [sbus_client_init] (0x0020):
> check_file failed for [/var/lib/sss/pipes/private/
> sbus-dp_unix.petermac.org.au].
It looks like the domain process died and never recovered. What is in
/var/l
Hello there.
My setup is that i have five ipa servers. 2 in one location (alder,
auth-syd2), 2 in anouther location (auth-wlg, auth-wlg2), and one in yet
anouther location (waffle) which is reached over a long,
mostly-but-possibly-notably-not-entirely reliable vpn connection.
I'm having an issue
hi,
I can reproduce this everytime. Restarting httpd fixes it for a while, but
then ik stops working:
$ ipa cert-show 1
ipa: ERROR: cannot connect to '
https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial':
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
unsupporte
32 matches
Mail list logo