server 2 can syn update to server 1 but reverse fail
Any idea? error below:
Can't contact LDAP server
[26/Apr/2016:18:40:13 +0800] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=ABC,dc=com--no CoS Templates found, which should be
added before the CoS Definition.
Hello,
We currently have 7 ipa servers in multi master running:
ipa-server-3.0.0-47.el6_7.1.x86_64
389-ds-base-1.2.11.15-68.el6_7.x86_64
Tenable is showing the use of weak ciphers along with freak
vulnerabilities. I have followed
https://access.redhat.com/solutions/675183 however issues
I'm having issues migrating from an openldap directory (which has gosa
schema) to freeipa.
To migrate i'm doing (and yes, i know);
ipa migrate-ds ldap://old.server.com:389 --bind-dn
"cn=my_user,ou=people,dc=domain,dc=com" --group-objectclass=posixGroup
--user-objectclass=inetOrgPerson
On 04/26/2016 03:26 PM, Gady Notrica wrote:
Here...
[root@cd-p-ipa1 log]# ipactl status
Directory Service: STOPPED
Directory Service must be running in order to obtain status of other services
ipa: INFO: The ipactl command was successful
[root@cd-p-ipa1 log]# systemctl status
Here...
[root@cd-p-ipa1 log]# ipactl status
Directory Service: STOPPED
Directory Service must be running in order to obtain status of other services
ipa: INFO: The ipactl command was successful
[root@cd-p-ipa1 log]# systemctl status dirsrv@IPA-CANDEAL-CA.service -l
●
Ipa server: rhel7.2, ipa ping ="IPA server version 4.2.0. API version 2.156"
In order to use ldap through load balancer, I added an alternative dns name to
ipa server certificate.
ipa-getcert resubmit -i -D newname.differentdomaine.net
It all seemed well, the extra name was entered into the
Hello world,
I am having issues this morning with my primary IPA. See below the details in
the logs and command result. Basically, krb5kdc service not starting - krb5kdc:
Server error - while fetching master key.
DNS is functioning. See below dig result. I have a trust with Windows AD.
Please
This is a follow-up to
https://www.redhat.com/archives/freeipa-users/2016-January/msg00023.html
From: Jan Cholasta
Peter Pakos , freeipa-users redhat
com
My question is, what is the correct way of installing a 3rd party
certificate for HTTP/LDAP that will
On 25.4.2016 18:05, EXT Alexander Bokovoy wrote:
On Mon, 25 Apr 2016, Rob Crittenden wrote:
-8<-8<-8<-8<-8<-8<-8<-8<-8<-
-8<-8<-8<-8<-8<-8<-8<-8<-8<-
It is denied by IPA, not certmonger.
IP addresses are
On 04/26/2016 03:13 PM, Gady Notrica wrote:
Hello world,
I am having issues this morning with my primary IPA. See below the
details in the logs and command result. Basically, krb5kdc service not
starting - krb5kdc: Server error - while fetching master key.
DNS is functioning. See below dig
Hi Timo,
On 04/18/2016 02:08 PM, Timo Aaltonen wrote:
>
> The old package used to create /etc/pki/nssdb on postinst, but with 644
> permissions so I'm not sure why they have 600 here. 4.1.4 in
> experimental migrated to /etc/ipa/nssdb, and I'm about to upload 4.3.1
> to unstable this week, which
No, no changes. Lost connectivity with my VMs during the night (networking
issues in datacenter)
Reboot the server and oups, no IPA is coming up... The replica (secondary
server) is fine though.
Gady Notrica
-Original Message-
From: freeipa-users-boun...@redhat.com
On Tue, 26 Apr 2016, Tikkanen, Tuomo (Nokia - FI/Espoo) wrote:
On 25.4.2016 18:05, EXT Alexander Bokovoy wrote:
On Mon, 25 Apr 2016, Rob Crittenden wrote:
-8<-8<-8<-8<-8<-8<-8<-8<-8<-
I think I've found a deeper problem, in that I can't update these
because IPA simply won't start at all now.
I mistyped one of these -- the 2016-03-11 is actually 2018-03-11, and
2016-04-01 is actually 2036-04-01.
As for the unknowns, the first says status: CA_REJECTED and the error
says
26.04.2016, 16:52, Harald Dunkel kirjoitti:
> Hi Timo,
>
> On 04/18/2016 02:08 PM, Timo Aaltonen wrote:
>>
>> The old package used to create /etc/pki/nssdb on postinst, but with 644
>> permissions so I'm not sure why they have 600 here. 4.1.4 in
>> experimental migrated to /etc/ipa/nssdb, and I'm
On 04/26/2016 03:26 PM, Bret Wortman wrote:
> On our non-CA IPA server, this is happening, in case it's related and
> illustrative:
>
> # ipa host-del zw113.private.net
> ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The
> certificate/key database is in an old, unsupported
On 04/26/2016 06:00 PM, Bret Wortman wrote:
> # getcert list | grep expires
> expires: 2018-04-02 13:04:51 UTC
> expires: 2018-04-02 13:04:31 UTC
> expires: unknown
> expires: 2016-04-17 18:19:19 UTC
> expires: 2016-04-17 18:19:18 UTC
> expires: 2016-04-17 18:19:19
Hey world,
Any ideas?
Gady
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Gady Notrica
Sent: April 26, 2016 10:10 AM
To: Ludwig Krispenz; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc service not
I should also note that /var/log/dirsrv/slapd-PRIVATE-NET/errors ends
with a series of "csngen_new_csn - Warning: too much time skew (-2153860
secs). Current seqnum=1" errors.
On 04/26/2016 12:57 PM, Bret Wortman wrote:
I think I've found a deeper problem, in that I can't update these
Bret Wortman wrote:
I think I've found a deeper problem, in that I can't update these
because IPA simply won't start at all now.
I mistyped one of these -- the 2016-03-11 is actually 2018-03-11, and
2016-04-01 is actually 2036-04-01.
As for the unknowns, the first says status: CA_REJECTED and
On 04/26/2016 01:45 PM, Rob Crittenden wrote:
Bret Wortman wrote:
I think I've found a deeper problem, in that I can't update these
because IPA simply won't start at all now.
I mistyped one of these -- the 2016-03-11 is actually 2018-03-11, and
2016-04-01 is actually 2036-04-01.
As for the
# getcert list | grep expires
expires: 2018-04-02 13:04:51 UTC
expires: 2018-04-02 13:04:31 UTC
expires: unknown
expires: 2016-04-17 18:19:19 UTC
expires: 2016-04-17 18:19:18 UTC
expires: 2016-04-17 18:19:19 UTC
expires: 2016-04-01 20:16:39 UTC
expires: 2016-04-17
Gady Notrica wrote:
Hey world,
Any ideas?
What about the first part of Ludwig's question: Is there anything in the
389-ds error log?
rob
Gady
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Gady Notrica
Sent:
HERE..
[23/Apr/2016:11:39:51 -0400] set_krb5_creds - Could not get initial credentials
for principal [ldap/cd-p-ipa1.ipa.domain.local@IPA.DOMAIN.LOCAL] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested
realm)
[23/Apr/2016:11:39:51 -0400]
On 04/25/2016 11:33 PM, Anthony Cheng wrote:
> So I went ahead and ran the migrate-ds command; ran into issue that was
> described here:
> https://www.redhat.com/archives/freeipa-users/2015-March/msg00398.html when
> trying to change password
>
> I re-ran migrate-ds option; but I actually
On 04/22/2016 08:44 AM, Martin Basti wrote:
>
>
> On 21.04.2016 18:46, Oğuz Yarımtepe wrote:
>> Hi,
>>
>> I have a REST API that is using the ipalib and written with Falcon.
>> Below is the code or you can check it online here:
>>
26 matches
Mail list logo