In case anyone is having the same issue, I was able to work around this.
I found that if I first installed a Fedora 23 Freeipa 4.2.3 replica, it did not
complain about the missing attribute. I assume it added it during the 4.2.3
installations because after I had replaced all CentOS 7 domain con
After some amount of work, I was able to get my system back to a state where it
seems to be replicating ok, but not with FreeIPA 4.2.0. Because this was a
production system with several hundred users and computers attached to it, a
wipe of the domain was not an option so I decided to chance tha
Hi
I have setup a multi-master IPA server.
I was wondering for IPA Client, which URL should we add in to ?
Should we setup a DNS entry with round robin ? But then if single Master
fails, the queries will still reach to it.
What is the ideal way to implement in such scenarios ?
Any help will be
Hey Zeal,
When you join a FreeIPA client to a domain, as long as you put the address of
at least one of the FreeIPA servers (if they are serving DNS) in the
/etc/resolv.conf file, they will use DNS to find FreeIPA servers. Specifically
they look for _SRV records. I think they naturally prefer
After a bunch more troubleshooting I finally have logs that are error free on
all 4 servers :-)
I couldn't find anything really useful on Google about this particular error :
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipadc.mydomain.net:389/o%3Dipaca) failed
So I am going to wri
Thanks Nathan.
Actually, the FreeIPA servers are not serving DNS. For this way, we will
have to do it some other way ?
On Sun, Jan 17, 2016 at 5:16 PM, Nathan Peters <
nathan.pet...@globalrelay.net> wrote:
> Hey Zeal,
>
>
>
> When you join a FreeIPA client to a domain, as long as you put the
> On 16 Jan 2016, at 02:21, Jeff Hallyburton
> wrote:
>
> Having finished setting up an ipa server and replica, we're trying to test
> failover to ensure that HA works as expected. We've been able to verify the
> replication agreements and auto-discovery are working, and both servers are
>
Hi,
Try commenting out the proxy command in /etc/ssh/ssh_config
The sssd proxy of ssh is buggy as can be.
~J
> On Jan 17, 2016, at 05:24, Jakub Hrozek wrote:
>
>
>> On 16 Jan 2016, at 02:21, Jeff Hallyburton
>> wrote:
>>
>> Having finished setting up an ipa server and replica, we're tryin
I have no idea how to troubleshoot this. I am trying to run
ipa-adtrust-install on FreeIPA 4.3.0 Fedora 23 domain.
Samba4-command and all other samba4 packages necessary are installed.
It fails at step 3 for apparently no reason. Googling reveals pretty much
nothing about what a talloc magic
Janelle,
The proxy suggestion was spot on. After that things seem to work normally.
Thanks!
Jeff
Jeff Hallyburton
Strategic Systems Engineer
Bloomip Inc.
Web: http://www.bloomip.com
Engineering Support: supp...@bloomip.com
Billing Support: bill...@bloomip.com
Customer Support Portal: https:/
Hi,
I have FreeIPA 4.2 (CA-ful) install on Centos 7.2 with 3rd party SSL
certificates installed for HTTP/LDAP.
When I run "ipa-certupdate" I can see that the 3rd party root
certificates are being removed from databases (/etc/httpd/alias,
/etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re
> -Original Message-
> From: Alexander Bokovoy [mailto:aboko...@redhat.com]
> >This is from the smb log:
> >
> >It's hard to tell why they won't start, but it looks a little like
> >Kerberos won't start because there aren't any values in LDAP, and LDAP
> >won't start because Kerberos isn't
2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a primary
hostname for localhost
2016-01-18T03:00:07Z DEBUG Primary hostname for localhost:
dc2-ipa-dev-van.mydomain.net
2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net
2016-01-18T03:00:07Z DEBUG Check if d
This is another issue I'm not sure how to debug or solve in 4.3.0. A failed
replica installation left a replica with stuff in the tree, but not configured
properly on the localhost. I did ipa-server-install -uninstall as suggested by
the installation program and it deleted the local copy of th
> -Original Message-
>
> My syntax was all wrong. (Does anyone know how can I clear out bad syntax from
> the systemctld output?)
>
> Anyway, I have a running dirsrv, but SMB still fails, and it's failing on
> winbind first
> (see notes below). It looks like it's because there's no Kerbe
On Mon, 18 Jan 2016, Simpson Lachlan wrote:
None of the above is revealing an issue.
Follow http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes
to enable crashdumps for ns-slapd to see what happens in reality (check
systemd-enabled systems' recipes).
Here is where things got inter
On Mon, 18 Jan 2016, Nathan Peters wrote:
I have no idea how to troubleshoot this. I am trying to run
ipa-adtrust-install on FreeIPA 4.3.0 Fedora 23 domain.
Samba4-command and all other samba4 packages necessary are installed.
It fails at step 3 for apparently no reason. Googling reveals pre
17 matches
Mail list logo
