I still think there is something wrong here.
You say that the DNSSEC reply is "just warning", but when I get that warning, a
subsequent trust-add fails every time. When I don't get the warning, the
trust-add works.
Therefore, the warning cannot just be ignored. Why is that?
I have tried the fol
Hi All,
As you might be interested, today we re-attempted to create a replica.
Apparently, exactly the same problem was reported to Red Hat Bugzilla ten days
ago: https://bugzilla.redhat.com/show_bug.cgi?id=1432016
Our replica install also fails on the following point:
[...]
Done configuring d
On Mon, Apr 24, 2017 at 02:24:34PM +0200, Harald Dunkel wrote:
> Hi folks,
>
> some colleagues have to enter their password 3 times (or even
> more) to authenticate. krb5_child.log shows
>
> (Mon Apr 3 10:45:20 2017) [[sssd[krb5_child[5116 [switch_creds]
> (0x0200): Switch user to [657][100
Hi folks,
some colleagues have to enter their password 3 times (or even
more) to authenticate. krb5_child.log shows
(Mon Apr 3 10:45:20 2017) [[sssd[krb5_child[5116 [switch_creds] (0x0200):
Switch user to [657][100].
(Mon Apr 3 10:45:20 2017) [[sssd[krb5_child[5116 [switch_creds] (0x02
We had problems with one idm replica complaining about different ldap database
versions and at the same time errors on starting pki-tomcat. I decided to
delete the ipa server and reinstall.
The ipa server delete went without problems, but the reinstall
ipa-replica-install --setup-ca --setup