Hi,
We have a deployment of FreeIPA using 3 nodes (Master with more 2 replicas).
Recently, the master node had a problem with the process 'ns-slapd'
consuming 100% of CPU. During this problem, DNS service wasn't working, IPA
admin UI encountered timeout, SSH keys to access the hosts are not being
On (14/09/16 08:37), Jose Alvarez R. wrote:
>Hi Jakub
>
>Thanks for your response. It's an option, but my backups servers I will not
>add to the FreeIPA server.
>
>Then, I cannot use the option HBAC, because I want my backup server can
>connect with root to some client server of my FreeIPA
Here is what I found :
In the catalina.out :
###
May 27, 2016 10:51:35 AM org.apache.catalina.core.StandardWrapperValve
invoke
SEVERE: Servlet.service() for servlet caDisplayBySerial-agent threw
exception
java.io.IOException: CS server is not ready to serve.
at
I tried also the following commands :
###
# ipa cert-show 1
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (Not Found)
# service ipa status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service:
On 09/13/2016 10:36 PM, Endi Sukma Dewata wrote:
On 9/12/2016 9:35 PM, Endi Sukma Dewata wrote:
On 9/9/2016 2:46 PM, Georgios Kafataridis wrote:
I've tried that but still the same result.
[root@ipa-server /]# ldapsearch -D "cn=directory manager" -W -p 389 -h
localhost -b
Sorry Martin,
This is not the first time I forgot to add back freeipa users.
I have problems with gmail, again sorry.
Indeed I figured out that I had to restart the ipa server.
So I tried to restart ipa server.
But it was not working yet.
So I thought it was maybe due to the configuration I
Ok. Thank you very much for the information.
Jeff
From: Giger, Justean [mailto:jgi...@verizon.com]
Sent: Wednesday, September 14, 2016 11:18 AM
To: Armstrong, Jeffrey ; freeipa-users@redhat.com
Subject: Re: [E] [Freeipa-users] Migration Question
*External E-Mail*
Please keep freeipa-users in CC, I'm quite lost here
ca-error: Server failed request, will retry: -504 (libcurl failed to
execute the HTTP POST transaction. Peer certificate cannot be
authenticated with known CA certificates).
I'm not sure what this does mean, but if this is caused by
did you restart IPA when you moved time? Is there are more detailed
error description in output of getcert list?
On 14.09.2016 18:45, bahan w wrote:
I set the date-time when the certificates were valid :
###
# date -s '2016-05-27 10:00:00'
Fri May 27 10:00:00 CEST 2016
# date
Fri May 27
I set the date-time when the certificates were valid :
###
# date -s '2016-05-27 10:00:00'
Fri May 27 10:00:00 CEST 2016
# date
Fri May 27 10:00:02 CEST 2016
###
Then I try to renew them :
###
# getcert resubmit -i 20140528063919
Resubmitting "20140528063919" to "IPA".
# getcert resubmit -i
Please keep freeipa-users in CC, there si no sensitive information in
getcert list output (you sanitized it)
Folowing certificates are expired, please try to to resubmit them. I'm
also worried about this error message: ca-error: Error setting up ccache
for local "host" service using
Then you have to start services manually, I don't know if the same steps
will work with IPA 3.0.0, I don't remember, but you can try :)
On 14.09.2016 18:18, bahan w wrote:
Oh I forgot to add that my version of ipa is quite old :
###
# rpm -qa | grep ipa-server
ipa-server-3.0.0-25.el6.x86_64
Oh I forgot to add that my version of ipa is quite old :
###
# rpm -qa | grep ipa-server
ipa-server-3.0.0-25.el6.x86_64
###
When I try the command you gave me I got the following error :
###
# ipactl start --force
Usage: ipactl start|stop|restart|status
ipactl: error: no such option: --force
On 14.09.2016 17:59, bahan w wrote:
Hello !
I send you this mail because I cannot restart my test IPA server.
When I try to start it with service ipa start, I got the following
error message :
###
# service ipa start
Starting Directory Service
Starting dirsrv:
...[14/Sep/2016:17:57:23
Hello !
I send you this mail because I cannot restart my test IPA server.
When I try to start it with service ipa start, I got the following error
message :
###
# service ipa start
Starting Directory Service
Starting dirsrv:
...[14/Sep/2016:17:57:23 +0200] - SSL alert:
We did the same and have had zero issues. In fact, one overzealous colleague
moved one out of our 5 IDM servers to Oracle while all the others were still on
Red Hat and things still worked. I have not tried to get support for IDM with
Oracle though so not sure how that goes.
From:
Hi Jakub
Thanks for your response. It's an option, but my backups servers I will not
add to the FreeIPA server.
Then, I cannot use the option HBAC, because I want my backup server can
connect with root to some client server of my FreeIPA Server.
If I'm doing something wrong, please let me know
Hi
My company is migrating from RedHat Linux to Oracle Linux. I warned them that
IdM could be a problem. Does anyone know If IPA works after the migration?
Jeff Armstrong
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
This may be resolved already, but just in case it's helpful:
On 09/13/2016 11:26 AM, Rob Crittenden wrote:
Natxo Asenjo wrote:
hi,
On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden > wrote:
Natxo Asenjo wrote:
hi,
I can
Hi,
On 09/13/2016 07:37 PM, Rakesh Rajasekharan wrote:
Hi All,
Have finally made some progress with this.. after changing the
checkpoint interval to 180, my hangs have gone down now..
However, I faced a similar hang yesterday... users were not able to
login.. , though this time the ns-slapd
hi,
On Tue, Sep 13, 2016 at 9:36 PM, Endi Sukma Dewata
wrote:
> On 9/12/2016 9:35 PM, Endi Sukma Dewata wrote:
>
>> On 9/9/2016 2:46 PM, Georgios Kafataridis wrote:
>>
>>> I've tried that but still the same result.
>>>
>>> [root@ipa-server /]# ldapsearch -D "cn=directory
21 matches
Mail list logo