[Freeipa-users] Me Again

2016-09-20 Thread Ian Harding
I used to have a lot of replicas, but like a house of cards, it all came crashing down. I was down to two, that seemed to be replicating, but last few days I've noticed that they haven't always been. freeipa-sea.bpt.rocks is where we do all our admin. seattlenfs.bpt.rocks is also up and running

Re: [Freeipa-users] login auth fails then success

2016-09-20 Thread Jakub Hrozek
On Tue, Sep 20, 2016 at 02:03:38PM +, Larry Rosen wrote: > Thanks, that explains a lot (I didn't catch the difference in auth services). > Would this be mitigated by putting sss in front of files in nsswitch.conf)? > > /etc/nsswitchconf: > passwd: files sss > shadow: files sss >

Re: [Freeipa-users] login auth fails then success

2016-09-20 Thread Larry Rosen
Thanks, that explains a lot (I didn't catch the difference in auth services). Would this be mitigated by putting sss in front of files in nsswitch.conf)? /etc/nsswitchconf: passwd: files sss shadow: files sss group: files sss Date: Sun, 18 Sep 2016 22:14:59 +0200 From: Jakub Hrozek

Re: [Freeipa-users] certificates not renewing CA_UNREACHEABLE

2016-09-20 Thread Natxo Asenjo
ok, so all certs are renewed (dogldap and http). On Tue, Sep 20, 2016 at 11:49 AM, Natxo Asenjo wrote: > > > On Mon, Sep 19, 2016 at 5:27 PM, Rob Crittenden > wrote: > >> Natxo Asenjo wrote: >> >>> hi, >>> >>> >>> On Fri, Sep 16, 2016 at 4:22 PM,

Re: [Freeipa-users] 3rd party Cert install now IPA total broken

2016-09-20 Thread Günther J . Niederwimmer
Hello. Thanks for the first help, Am Montag, 19. September 2016, 12:02:19 schrieb Florence Blanc-Renaud: > On 09/16/2016 03:06 PM, Günther J. Niederwimmer wrote: > > Hello, > > Freeipa 4.3.1 > > > > I have now install a 3rd Party Certificat from Startcom now my IPA is > > total > > broken? > >

[Freeipa-users] IPA Server is not coming backup

2016-09-20 Thread Deepak Dimri
Hi All, My IPA Server was working all fine until i tried restarting it using "ipactl restart" and now i am ended with these errors :( [root@ip-172-31-25-165 plugins]# ipactl restartStarting Directory ServiceRestarting krb5kdc ServiceRestarting kadmin ServiceStarting named ServiceJob

Re: [Freeipa-users] IPA Server is not coming backup

2016-09-20 Thread Petr Spacek
Hi, The important line is around > named-pkcs11[3511]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information Unfortunately the log is truncated so it does not show the actual error. Please see https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart I

[Freeipa-users] IPA Server is not coming backup

2016-09-20 Thread Deepak Dimri
Hi All, My IPA Server was working all fine until i tried restarting it using "ipactl restart" and now i am ended with these errors :( [root@ip-172-31-25-165 plugins]# ipactl restartStarting Directory ServiceRestarting krb5kdc ServiceRestarting kadmin ServiceStarting named ServiceJob

Re: [Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server [SOLVED]

2016-09-20 Thread Giorgos Kafataridis
On 09/19/2016 03:51 PM, Giorgos Kafataridis wrote: On 09/16/2016 06:39 PM, Petr Vobornik wrote: On 09/14/2016 07:26 PM, Giorgos Kafataridis wrote: On 09/13/2016 10:36 PM, Endi Sukma Dewata wrote: On 9/12/2016 9:35 PM, Endi Sukma Dewata wrote: On 9/9/2016 2:46 PM, Georgios Kafataridis

Re: [Freeipa-users] certificates not renewing CA_UNREACHEABLE

2016-09-20 Thread Natxo Asenjo
On Mon, Sep 19, 2016 at 5:27 PM, Rob Crittenden wrote: > Natxo Asenjo wrote: > >> hi, >> >> >> On Fri, Sep 16, 2016 at 4:22 PM, Rob Crittenden > > Ok, how about we work around the problem. > Gladly ;-) > Since it is failing on the revocation what you

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

2016-09-20 Thread Lachlan Musicman
I concede - FreeIPA is big and hard and I am new. Evidence would suggest that you know exactly what's going on under the hood. :) Thanks everyone. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 20 September 2016 at 18:10, Alexander

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

2016-09-20 Thread Alexander Bokovoy
On Tue, 20 Sep 2016, Lachlan Musicman wrote: I've actually seen that on occasion - when it's loading sometimes that happens already? For external group members -- yes, not for ID overrides. See my other answer. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

2016-09-20 Thread Alexander Bokovoy
On Tue, 20 Sep 2016, Sumit Bose wrote: On Tue, Sep 20, 2016 at 09:33:21AM +0300, Alexander Bokovoy wrote: On Tue, 20 Sep 2016, Martin Babinsky wrote: > On 09/20/2016 12:17 AM, Simpson Lachlan wrote: > > > -Original Message- > > > > > > On 09/19/2016 03:12 AM, Lachlan Musicman wrote: > >

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

2016-09-20 Thread Lachlan Musicman
I've actually seen that on occasion - when it's loading sometimes that happens already? -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 20 September 2016 at 17:49, Sumit Bose wrote: > On Tue, Sep 20, 2016 at 09:33:21AM

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

2016-09-20 Thread Martin Babinsky
On 09/20/2016 08:33 AM, Alexander Bokovoy wrote: On Tue, 20 Sep 2016, Martin Babinsky wrote: On 09/20/2016 12:17 AM, Simpson Lachlan wrote: -Original Message- On 09/19/2016 03:12 AM, Lachlan Musicman wrote: Hi Sometimes when I visit the ID Views page in the webgui, it is crushingly

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

2016-09-20 Thread Sumit Bose
On Tue, Sep 20, 2016 at 09:33:21AM +0300, Alexander Bokovoy wrote: > On Tue, 20 Sep 2016, Martin Babinsky wrote: > > On 09/20/2016 12:17 AM, Simpson Lachlan wrote: > > > > -Original Message- > > > > > > > > On 09/19/2016 03:12 AM, Lachlan Musicman wrote: > > > > > Hi > > > > > > > > > >

Re: [Freeipa-users] Fwd: Re: Increase ListenBacklog for httpd

2016-09-20 Thread Rakesh Rajasekharan
Thanks Robbie for the inputs.. the load should not have been high as I have around 4000 clients with 160 users which should be manageable However, I saw a lot of clock skew too great errors in my krb5kdc.log... however I haven't been able to verify if those were genuine... Can too many clock

Re: [Freeipa-users] Issues with FreeIPA SSH Key authentication

2016-09-20 Thread Venkataramana Kintali
Thank you Lukas. The issue , not being able to login to some servers in our setup with ssh keys, was due to incorrect permissions on /usr directory,per the following entry in /var/log/secure. *sshd[12856]: error: bad ownership or modes for AuthorizedKeysCommand path component "/usr"* After

Re: [Freeipa-users] bind crashes on rndc reload

2016-09-20 Thread Petr Spacek
On 20.9.2016 00:33, Anthony Joseph Messina wrote: > On Monday, September 19, 2016 2:16:55 PM CDT Petr Spacek wrote: >> On 12.9.2016 11:55, Anthony Joseph Messina wrote: >>> On Monday, September 12, 2016 10:31:10 AM CDT Jochen Demmer wrote: Hi, I have a major issue with my setup:

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

2016-09-20 Thread Alexander Bokovoy
On Tue, 20 Sep 2016, Martin Babinsky wrote: On 09/20/2016 12:17 AM, Simpson Lachlan wrote: -Original Message- On 09/19/2016 03:12 AM, Lachlan Musicman wrote: Hi Sometimes when I visit the ID Views page in the webgui, it is crushingly slow, and often it times out. Centos 7, ipa