Re: [Freeipa-users] Very slow enrolment process

On 22.8.2016 03:42, William Muriithi wrote: > Hello, > > I have systems that were previously using openLDAP and plan to migrate > them to freeIPA. I have a problem I have been struggling with since > Thursday. The client take 10 to 15 minutes to finish the enrolment > process. > > I can't find

Re: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu 16.04.1 install

On 08/16/2016 10:51 PM, Alexander Bokovoy wrote: > On Tue, 16 Aug 2016, David Kowis wrote: >> On 08/15/2016 09:27 PM, David Kowis wrote: >>> On 08/15/2016 08:05 PM, Rob Crittenden wrote: David Kowis wrote: > On 08/15/2016 04:33 AM, Petr Spacek wrote: >> This is weird as LDAP SASL &

Re: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu 16.04.1 install

On Fri, 19 Aug 2016, David Kowis wrote: On 08/16/2016 10:51 PM, Alexander Bokovoy wrote: On Tue, 16 Aug 2016, David Kowis wrote: On 08/15/2016 09:27 PM, David Kowis wrote: On 08/15/2016 08:05 PM, Rob Crittenden wrote: David Kowis wrote: On 08/15/2016 04:33 AM, Petr Spacek wrote: This is

Re: [Freeipa-users] ipa-cert-agent, Object Signing Cert certificate renewal

Please keep responses on the list. realstarhealer wrote: Hi Rob, setting back the date and restarting did not help, in fact it can't, because certmonger is not tracking these two by default. Regarding the ipa-ca-agent Cert: I followed CVE-2015-5284 slightly to create a new valid ipa-ca-agent

Re: [Freeipa-users] Very slow enrolment process

Petr Spacek wrote: On 22.8.2016 03:42, William Muriithi wrote: Hello, I have systems that were previously using openLDAP and plan to migrate them to freeIPA. I have a problem I have been struggling with since Thursday. The client take 10 to 15 minutes to finish the enrolment process. I

Re: [Freeipa-users] ipa-cert-agent, Object Signing Cert certificate renewal

realstarhealer wrote: Hi, It seemes I confused you. I just used the CVE Tutorial as a hint on generally how to create a new Cert for ipa-ca-agent (for uid admin). There is nothing wrong with my IPA RA (ipaCert), as it is monitored via certmonger and has been renewed recently. So returning to

Re: [Freeipa-users] replica_generate_next_csn messages in dirsrv error logs

Ludwig, > I looked into the logs, I think the messages are harmless, just an effect of > csn adjustment due to time difference on the two machines. I had said that > the replication protocol will try to adjust the csn generator, but looks > like you have long lasting replication connections and

Re: [Freeipa-users] Freeipa 4.2.0 hangs intermittently

On 19.8.2016 19:32, Rakesh Rajasekharan wrote: > I am running my set up on AWS cloud, and entropy is low at around 180 . > > I plan to increase it bu installing haveged . But, would low entropy by any > chance cause this issue of intermittent hang . > Also, the hang is mostly observed when

Re: [Freeipa-users] replica_generate_next_csn messages in dirsrv error logs

Thanks, I looked into the logs, I think the messages are harmless, just an effect of csn adjustment due to time difference on the two machines. I had said that the replication protocol will try to adjust the csn generator, but looks like you have long lasting replication connections and the

[Freeipa-users] Unknown Error - error (pop-up) window

Hi all, IPA version: ipa-server-4.2.0-15.0.1.el7_2.18.x86_64 Kernel: 3.8.13-118.10.2.el7uek.x86_64 I start seeing pop-up window titled "Unknown Error" with message "error" and buttons Retry and Cancel. It happens when selecting almost anything on the Web interface, from Identity to IPA

[Freeipa-users] IPA Error 4301: CertificateOperationError

Hello, There is the error on ver 4.2 while viewing certs: "IPA Error 4301: CertificateOperationError", next it read " Certificate operation cannot be completed: Unable to communicate with CMS ([Errno 113] No route to host)". I suspect you'll be asking for below two commands, here are results.

[Freeipa-users] Update NON-ipa Bind slave server from IPA-DNS edit/update

Hi Guys, What is the way to notify or update a Bind slave which is not an IPA server ? Do I need to manuallu add an also-notify to the /etc/bind.conf on the IPA master or is there a different way how to accomplish this ? I hope this is possible and anyone can explain me how. Thanks! Matt --

Re: [Freeipa-users] Error in selinux child: libsemanage can't parse spaces in AD user names

On 18 July 2016 at 18:26, Jakub Hrozek wrote: > On Mon, Jul 18, 2016 at 09:33:35AM +1000, Lachlan Musicman wrote: > > Ok, I've just spoken with my colleague that has been involved in the IPA > > roll out, and he said he thought that override_space wasn't compatible > with > >

Re: [Freeipa-users] IPA Error 4301: CertificateOperationError

On Mon, Aug 22, 2016 at 11:52:46PM +, Z D wrote: > Hello, > > There is the error on ver 4.2 while viewing certs: "IPA Error > 4301: CertificateOperationError", next it read " Certificate > operation cannot be completed: Unable to communicate with CMS > ([Errno 113] No route to host)". > > I