, 2015-02-04 at 09:19 -0500, Ade Lee wrote:
From the snippet of log below, it looks like the replica CA is trying to
contact the master CA to obtain the security domain information and is
failing to get a valid response.
The message about spaces and parsing is basically the replica saying
-users@redhat.com
Subject: Re: [Freeipa-users] CA Replication Installation Failing
-Original Message-
From: Ade Lee [mailto:a...@redhat.com]
Sent: Wednesday, 10 December 2014 5:05 AM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] CA
On Tue, 2014-12-09 at 23:52 +0100, chymian wrote:
Am Dienstag, 9. Dezember 2014, 09:49:04 schrieb Ade Lee:
On Tue, 2014-12-09 at 13:54 +0100, chymian wrote:
hey people,
after a successful install of ipa 4.0.5-2 on jessie, the named
services started flawless during setup. see
On Tue, 2014-12-09 at 13:54 +0100, chymian wrote:
hey people,
after a successful install of ipa 4.0.5-2 on jessie, the named services
started flawless during setup. see attached log, Installation summary (line
3107)
but after reboot, it refuses to start. (did this install a couple times,
On Tue, 2014-12-09 at 07:48 +, Les Stott wrote:
__
From: freeipa-users-boun...@redhat.com
[freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal
[d...@redhat.com]
Sent: Tuesday, December 09, 2014 3:49 PM
To:
On Wed, 2014-09-24 at 16:24 -0400, Rob Crittenden wrote:
Dmitri Pal wrote:
On 09/24/2014 03:29 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 09/24/2014 02:07 PM, swartz wrote:
On 9/24/2014 9:05 AM, Ade Lee wrote:
Forwarding to a couple of colleagues of mine who will be taking
point
On Wed, 2014-09-24 at 16:33 -0400, Ade Lee wrote:
On Wed, 2014-09-24 at 16:24 -0400, Rob Crittenden wrote:
Dmitri Pal wrote:
On 09/24/2014 03:29 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 09/24/2014 02:07 PM, swartz wrote:
On 9/24/2014 9:05 AM, Ade Lee wrote:
Forwarding
On Mon, 2014-09-22 at 10:50 +0200, Martin Kosek wrote:
On 09/20/2014 01:02 AM, swartz wrote:
Hello,
Encountered same issue as described here:
https://www.redhat.com/archives/freeipa-users/2013-July/msg00133.html
https://www.redhat.com/archives/freeipa-users/2014-August/msg00224.html
On Mon, 2014-09-22 at 10:43 -0400, Ade Lee wrote:
On Mon, 2014-09-22 at 10:50 +0200, Martin Kosek wrote:
On 09/20/2014 01:02 AM, swartz wrote:
Hello,
Encountered same issue as described here:
https://www.redhat.com/archives/freeipa-users/2013-July/msg00133.html
https
On Mon, 2014-09-22 at 13:39 -0600, swartz wrote:
On 9/22/2014 9:14 AM, Ade Lee wrote:
Another question - what is the output of ls -l /etc/pki-ca/CS.cfg ?
ls -l /etc/pki-ca/CS.cfg
-rw-r-. 1 pkiuser pkiuser 49196 Sep 19 11:29 /etc/pki-ca/CS.cfg
In very rare cases, I've seen cases where
Thanks for sticking in there with the debugging.
Let us know if you run into any issues with the re-install.
I will open a Dogtag ticket to look into the multiple certs issue for
Dogtag.
Ade
On Tue, 2014-08-05 at 21:30 -0700, Erinn Looney-Triggs wrote:
Ok I am throwing up the white flag on
On Tue, 2014-08-05 at 09:08 +0200, Martin Kosek wrote:
On 08/05/2014 12:03 AM, Erinn Looney-Triggs wrote:
On 08/04/2014 01:51 PM, Ade Lee wrote:
OK - I suspect you may be running into an issue with serial number
generation. Each time we install a clone, we end up allocating a new
range
On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
Ok, well I tried deleting it using certutil it deletes both, I
tried using keytool to see if it would work any better, no dice
there. I'll try the rename, but at this point I am not holding my
breath on that, it seems all
On Mon, 2014-07-28 at 08:26 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 08:04 AM, Ade Lee wrote:
On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 07:17 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 07/27/2014 12:02 AM, Erinn
On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the journal.
When investigating the cacert.p12 file that is bundled up for
the replica's I see two caSigningCert's. One is the older one,
before I renewed
On Wed, 2014-05-28 at 10:37 +0100, Scott Ryan wrote:
I am trying to get freeIPA up and running on a minimal CentOS6.5 installation.
i have forward and reverse DNS setup on an external DNS server - no
SELinux no iptables (for troubleshooting)
but keep running into the following problem
Bret,
What version is the Dogtag instance on that server? (rpm -q pki-ca)
We have seen cases when the CS.cfg has zero length - and have modified
code to:
1) not write to CS.cfg on startup
2) backup the CS.cfg on upgrades.
Under normal operations, unless you are configuring the Dogtag instance
As a partial answer to this, work has been ongoing to fully support ECC
in Dogtag. Attached is a most likely out-of-date wiki page detailing
ECC support in Dogtag.
https://pki.fedoraproject.org/wiki/ECC_in_Dogtag
If I recall correctly, we are somewhere around phase 3.
Ade
On Fri, 2013-09-20
Ian,
Sorry for the late response. Just saw this email.
I'm surprised that you were able to update your machine to F19. We
explicitly put in spec file logic to do a pre-trans check to see if you
had dogtag 9 system instances before updating to f19. This was to
prevent people from getting into
a clean start) and
everything came up perfectly fine.
-Patrick
On 2013/20/03 12:54, Ade Lee wrote:
Patrick,
Can you provide some log files? Looks like pkisilent is trying to get
to the first configuration panel on the CA and is getting a 302.
I would need to see the logs under
Patrick,
Can you provide some log files? Looks like pkisilent is trying to get
to the first configuration panel on the CA and is getting a 302.
I would need to see the logs under /var/log/pki-ca for the replica
subsystem.
Thanks,
Ade Lee
On Wed, 2013-03-20 at 12:04 -0400, Patrick Hemmer
Can you confirm that using a password without % or ( in it resolves the
issue?
On Thu, 2013-01-24 at 16:32 -0500, Rob Crittenden wrote:
小龙 陈 wrote:
Hi everyone,
I have been having trouble getting FreeIPA set up on Fedora 18.
ipa-server-install
keeps failing at the [2/20]: configuring
...@redhat.com
To: george he george_...@yahoo.com
Cc: Ade Lee a...@redhat.com; freeipa-users@redhat.com
freeipa-users@redhat.com
Sent: Wednesday, September 5, 2012 8:40 AM
Subject: Re: [Freeipa-users] ipa host-del
george he wrote
1.5.0.0-29.1.el6
java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.48.1.11.3.el6_2
java_cup.x86_64 1:0.10k-5.el6
Thanks for your help.
George
__
From: Ade Lee a...@redhat.com
On Tue, 2012-04-24 at 11:28 -0400, Rob Crittenden wrote:
Dan Scott wrote:
On Tue, Apr 24, 2012 at 02:58, Ondrej Hamadaoham...@redhat.com wrote:
On 04/20/2012 09:35 PM, Dan Scott wrote:
On Fri, Apr 20, 2012 at 15:26, Dmitri Pald...@redhat.comwrote:
On 04/20/2012 12:15 PM, Dan
in the same way.
Dan
On Wed, Feb 29, 2012 at 16:28, Ade Lee a...@redhat.com wrote:
Its a little strange that its showing up as an error -- it shouldn't if
they are already set and they are of the right context.
That said, its not really an error - and should not be a problem unless
its
Thats a pretty strange error. The ports there are supposed to be
reserved for pki_ca_port_t.
Can you do the following for each of the ports?
semanage port -l |grep 9443
Its probably best to completely remove the replica. You could try use
dogtag specific commands to uninstall and install the
with selinux in permissive mode and see if it
makes a difference.
Ade
On Wed, 2012-02-29 at 16:18 -0500, Dan Scott wrote:
On Wed, Feb 29, 2012 at 16:03, Ade Lee a...@redhat.com wrote:
Thats a pretty strange error. The ports there are supposed to be
reserved for pki_ca_port_t.
Can you do
Cross-posting to freeipa-users.
In addition, Adam determined that the following dirctives need to be
enabled in /etc/httpd/conf.d/nss.conf :
NSSRenegotiation on
NSSRequireSafeNegotiation on
Ade
---BeginMessage---
Hi,
With recent changes, Dogtag instances in IPA now reside behind an Apache
Siggi,
The fix for this has already been checked into the dogtag code. We'll
have a new build out (for pki-ca) probably sometime next week.
Ade
On Fri, 2011-08-19 at 12:57 -0400, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I've just updated to FreeIPA 2.1.0. I disabled SELinux on
Hi,
The replica installation is failing when the replica attempts to contact
the CA on the master to log into the security domain. According to your
log, this is https://ipa01.ix.test.com:9445
Can the master be resolved and reached from the replica? Can port 9445
be reached (as well as ports
31 matches
Mail list logo