Hello
I just joined this list so please excuse if this question has been asked
Is anyone out there binding mac clients (10.7.x) to IPA?
I have tried it with some success. The mac-client can join the IPA domain and
the Kerberos domain but no user from the domain can log in to the mac-computer.
On 03/14/2012 03:59 PM, Rich Megginson wrote:
On 03/14/2012 03:51 PM, Jimmy Caldwell wrote:
Is this a normal thing to occur during upgrade?
Unfortunately, in this particular case, yes.
If it was just a fluke
I can revert to the snapshot from just before the upgrade and try
again.
I think you
On 03/14/2012 03:51 PM, Jimmy Caldwell wrote:
Is this a normal thing to occur during upgrade?
Unfortunately, in this particular case, yes.
If it was just a fluke
I can revert to the snapshot from just before the upgrade and try
again.
I think you will run into the same exact problem.
Sent fr
Is this a normal thing to occur during upgrade? If it was just a fluke
I can revert to the snapshot from just before the upgrade and try
again.
Sent from my mobile device
On Mar 14, 2012, at 17:44, Rich Megginson wrote:
> On 03/14/2012 03:26 PM, Jimmy wrote:
>> http://fpaste.org/nSWh/
> Thanks.
On 03/14/2012 03:26 PM, Jimmy wrote:
http://fpaste.org/nSWh/
Thanks. Looks like you are going to have to export your database to
ldif, re-import it, and then re-initialize all of your replicas.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating
http://fpaste.org/nSWh/
Here ya go
Jimmy
On Wed, Mar 14, 2012 at 5:11 PM, Rich Megginson wrote:
> On 03/14/2012 03:13 PM, Jimmy wrote:
>>
>> bdb/4.8/libback-ldbm/newidl/rdn-format-2/dn-4514
>> bdb/4.8/libback-ldbm/newidl/rdn-format-2/dn-4514
>
> It appears that the entryrdn upgrade didn't work.
On 03/14/2012 03:13 PM, Jimmy wrote:
bdb/4.8/libback-ldbm/newidl/rdn-format-2/dn-4514
bdb/4.8/libback-ldbm/newidl/rdn-format-2/dn-4514
It appears that the entryrdn upgrade didn't work. Can you sanitize your
/var/log/dirsrv/slapd-DOMAIN/errors file and post it to fpaste.org?
On Wed, Mar 14, 20
bdb/4.8/libback-ldbm/newidl/rdn-format-2/dn-4514
bdb/4.8/libback-ldbm/newidl/rdn-format-2/dn-4514
On Wed, Mar 14, 2012 at 5:06 PM, Rich Megginson wrote:
> On 03/14/2012 03:05 PM, Jimmy wrote:
>>
>> This doesn't appear to be very good. If I drop the `grep` I see the
>> data I would expect to see.
On 03/14/2012 03:05 PM, Jimmy wrote:
This doesn't appear to be very good. If I drop the `grep` I see the
data I would expect to see.
dbscan -f /var/lib/dirsrv/slapd-YOUR-DOMAIN/db/userRoot/entryrdn.db4|grep cn=etc
22:cn=etc
ID: 22; RDN: "cn=etc"; NRDN: "cn=etc"
ID: 22; RDN: "cn=etc"; NRDN:
This doesn't appear to be very good. If I drop the `grep` I see the
data I would expect to see.
dbscan -f /var/lib/dirsrv/slapd-YOUR-DOMAIN/db/userRoot/entryrdn.db4|grep cn=etc
22:cn=etc
ID: 22; RDN: "cn=etc"; NRDN: "cn=etc"
ID: 22; RDN: "cn=etc"; NRDN: "cn=etc"
C22:cn=etc
C22:cn=etc
C22:cn=et
On 03/14/2012 02:49 PM, Jimmy wrote:
rpm -qi 389-ds-base
Name: 389-ds-base
Version : 1.2.10.3
Release : 1.fc15
Architecture: x86_64
Install Date: Wed 04 Jan 2012 12:06:20 AM UTC
Group : System Environment/Daemons
Size: 4816676
License : GPLv2 with exceptions
Si
On 03/08/2012 01:40 PM, Sylvain Angers wrote:
Does anyone was successful to hook their HP ilo, RHEV manager to IPA?
I've connected IPA to the RHEV manager, yes. It works fine. However it
seem to require lookup up dns srv records to find the IPA servers, so I
don't think it works unless you
rpm -qi 389-ds-base
Name: 389-ds-base
Version : 1.2.10.3
Release : 1.fc15
Architecture: x86_64
Install Date: Wed 04 Jan 2012 12:06:20 AM UTC
Group : System Environment/Daemons
Size: 4816676
License : GPLv2 with exceptions
Signature : RSA/SHA256, Wed 07 Mar 2012
On 03/14/2012 02:45 PM, Jimmy wrote:
In response to the last to suggestions, here's what I see:
hostname
ipa.abc.xyz
/etc/hosts:
192.168.201.102 ipa.abc.xyz ipa
ldapsearch -x -b cn=masters,cn=ipa,cn=etc,dc=abc,dc=xyz
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=
In response to the last to suggestions, here's what I see:
hostname
ipa.abc.xyz
/etc/hosts:
192.168.201.102 ipa.abc.xyz ipa
ldapsearch -x -b cn=masters,cn=ipa,cn=etc,dc=abc,dc=xyz
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
On Wed, Mar 14, 2012 at 1:30 PM, Jimmy wrote:
> Ok, I upgraded and that didn't go so well, now IPA doesn't start:
>
>>service ipa start
> Starting Directory Service
> Starting dirsrv:
> XX... [ OK ]
> PKI-IPA...
Jimmy wrote:
Ok, I upgraded and that didn't go so well, now IPA doesn't start:
service ipa start
Starting Directory Service
Starting dirsrv:
XX... [ OK ]
PKI-IPA... [ OK ]
Failed to read d
Ok, I upgraded and that didn't go so well, now IPA doesn't start:
>service ipa start
Starting Directory Service
Starting dirsrv:
XX... [ OK ]
PKI-IPA... [ OK ]
Failed to read data from Directory
On Wed, Mar 14, 2012 at 12:41 PM, Jimmy wrote:
> Good call Stephen. the /etc/httpd/conf.d/ipa-pki-proxy.conf is
> missing. I'm not sure how that is missing. Was there a separate step
> for the IPA install that took care of the CA? It's been 6 months since
> I installed so I don't remember right of
Good call Stephen. the /etc/httpd/conf.d/ipa-pki-proxy.conf is
missing. I'm not sure how that is missing. Was there a separate step
for the IPA install that took care of the CA? It's been 6 months since
I installed so I don't remember right off.
On Wed, Mar 14, 2012 at 3:30 PM, Stephen Ingram wro
On Wed, Mar 14, 2012 at 12:22 PM, Jimmy wrote:
> I set the date back and ran the command and this is what I see in the
> httpd log. The ca directory does not exist, I verified it as missing.
> Any idea why this is? Did I miss something in the install of IPA?
>
> [Sun Jan 01 00:20:46 2012] [error]
I set the date back and ran the command and this is what I see in the
httpd log. The ca directory does not exist, I verified it as missing.
Any idea why this is? Did I miss something in the install of IPA?
[Sun Jan 01 00:20:46 2012] [error] ipa: INFO: sslget
'https://XX:443/ca/agent/ca/display
Jimmy wrote:
I can set the date to before 3/12(the cert expiry date) and things
start just fine. The apache logs don't seem to hold much info other
than "the cert is expired." CA logs have even less info.
I did find a similar issue on the mailing list -
http://comments.gmane.org/gmane.linux.redh
I can set the date to before 3/12(the cert expiry date) and things
start just fine. The apache logs don't seem to hold much info other
than "the cert is expired." CA logs have even less info.
I did find a similar issue on the mailing list -
http://comments.gmane.org/gmane.linux.redhat.freeipa.user
Jimmy wrote:
I changed the system date and it's functional now. I ran the command `
certutil -L -d /etc/httpd/alias -n Server-Cert` and see the expired
cert. Looking at `ipa-getcert list` I see this--
Request ID '20110913154233':
status: CA_UNREACHABLE
ca-error: Server failed r
I changed the system date and it's functional now. I ran the command `
certutil -L -d /etc/httpd/alias -n Server-Cert` and see the expired
cert. Looking at `ipa-getcert list` I see this--
Request ID '20110913154233':
status: CA_UNREACHABLE
ca-error: Server failed request, will retr
My IPA server just stopped working with this error. I'm looking in to
it, but if anyone knows what the issue is right off I'd appreciate any
pointers you have.
(when trying to do service ipa start)
Starting dirsrv:
PDH-CSP...[14/Mar/2012:17:24:34 +] - SSL alert:
CERT_VerifyCertificateNow:
27 matches
Mail list logo
