> Just a guess, what is your deployment size?
> We have a two ipa domains, one have 3 servers (2 hw and 1 vm, no
> issues with dirsrv yet), another currently includes 16 vm servers,
> ant dirsrv hangs and crashes periodically…
>
we have 8 IPA servers, 4 bare metal and 4 vm's. We see the crashes
Hi
Yes, it's possible to operate freeIPA and Samba as you suggest, we have
been doing so for some years now (with several freeIPA and Samba versions).
Our end users use a mix of Windows and OSX laptops / workstations. These
are not members of any kind of domain. They access our file servers via
S
On Wed, 06 May 2015, box 31978 wrote:
Hello everyone,
These days I'm testing integration between FreeIPA4 and Samba4 at file
sharing level. Everything seems to work fine except share access from a
standalone Windows client.
This is the setup (everything is up-to-date):
- ipa-server: CentOS 7.1,
> On 05/06/2015 02:15 PM, nat...@nathanpeters.com wrote:
>> Ok, I have attempted to set this up by adding the AD domain to my
>> configuration and it still isn't working.
>> I just want to confirm what I'm trying to accomplish here before I list
>> what I've done to troubleshoot this.
>>
>> We have
On 5/6/15 8:12 PM, Vaclav Adamec wrote:
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to decode
thread), if you are sure that's not any live replica server behind
this id than just try "cleanallruv.pl -w X -b "dc=" -r 9"
Vasek
On Thu, May 7, 2015 at 2:25 AM, Janelle
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to decode
thread), if you are sure that's not any live replica server behind
this id than just try "cleanallruv.pl -w X -b "dc=" -r 9"
Vasek
On Thu, May 7, 2015 at 2:25 AM, Janelle wrote:
>
> Hi again..
>
> Seems to be an o
Just a guess, what is your deployment size?
We have a two ipa domains, one have 3 servers (2 hw and 1 vm, no issues with
dirsrv yet), another currently includes 16 vm servers, ant dirsrv hangs and
crashes periodically…
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
From: David De
Hi again..
Seems to be an ongoing theme (replication). How does one remove these?
unable to decode: {replica 9} 553ef80e00010009 55402c390009
I am hoping this is a stupid question with a really simple answer that I
am simply missing?
~J
--
Manage your subscription for the Freeip
On 05/06/2015 05:11 PM, box 31978 wrote:
Hello everyone,
These days I'm testing integration between FreeIPA4 and Samba4 at file
sharing level. Everything seems to work fine except share access from
a standalone Windows client.
This is the setup (everything is up-to-date):
- ipa-server: CentO
On 05/06/2015 02:15 PM, nat...@nathanpeters.com wrote:
Ok, I have attempted to set this up by adding the AD domain to my
configuration and it still isn't working.
I just want to confirm what I'm trying to accomplish here before I list
what I've done to troubleshoot this.
We have an AD domain cal
On 05/06/2015 12:14 AM, Nathan Peters wrote:
From this link :
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory-trust.html#comp-trust-krb
The diagram in that section shows the client communicating with
FreeIPA and FreeIP
Hello everyone,
These days I'm testing integration between FreeIPA4 and Samba4 at file
sharing level. Everything seems to work fine except share access from a
standalone Windows client.
This is the setup (everything is up-to-date):
- ipa-server: CentOS 7.1, ipa-server 4.1, ipa-server-trust-ad plu
Hello Team,
We are hosting a few servers at Amazon and using their Elastic Load Balancing
service that gives us a link to a load balancer in the following format:
webserver-1234567890.us-east-1.elb.amazonaws.com
I was looking for a ways to implement a shorter alias using CNAME like:
webserver.
That's great, I got it all working, perhaps you can answer one last question,
although not sure this is going to be fixable or not.
Anyway to get rid of the realm when using id, as you can see below, kinda messy.
[root@linuxtest1 home]# su - aduser1
-sh-4.1$ id
uid=1989603105(aduser1@sbx.local
Oh I feel silly now. I had the wrong IP in DNS for the server, so
although forward and reverse lookups were working, it was sending the
update to a server that was not a DNS server.
Strangely enough, the logs did not show this attempt to notify the wrong
server, they just ignored it completely.
Ok, I have attempted to set this up by adding the AD domain to my
configuration and it still isn't working.
I just want to confirm what I'm trying to accomplish here before I list
what I've done to troubleshoot this.
We have an AD domain called corp.addomain.net. We have UPNs set so AD
users logi
On Mon, 04 May 2015, Andrew Morone wrote:
I'm having this issue. I discovered when I would randomly get locked out of
the admin account with the usual:
kinit: Clients credentials have been revoked while getting initial
credentials
The scenario would go as follows:
Sometimes I would try to issue
Kamal Perera wrote:
> Dear All,
>
>
> How is the revocation of issuing CA certificates are handled? We are
> using OCSP responders for revocation checking of certificates issued by
> the Issuing CAs. So do we have to setup another OCSP or CRL distribution
> point to let the applications to query
I'm having this issue. I discovered when I would randomly get locked out of
the admin account with the usual:
kinit: Clients credentials have been revoked while getting initial
credentials
The scenario would go as follows:
Sometimes I would try to issue "kinit admin", with the correct credentials
On 05/06/2015 12:25 AM, Martin Kosek wrote:
On 05/06/2015 07:48 AM, Christoph Kaminski wrote:
Hi
we have some undefinably problems here with IPA inside a VM (rhev/kvm). We
has often zombie processes (defunct) with certmonger and dirsrv and
segfaults (dmesg)... We have 8 IPA servers, 4 Hardware
Hi,
The goal is to have a common password to give users access to a Linux
system via PuTTY/SSH and Samba file-shares where currently for
historical reasons we have 2 passwords, which is a real PITA.
The PuTTY logins work great but I need to get the logins for the
Samba4 shares working from Win7 P
Hello!
On 5.5.2015 00:24, nat...@nathanpeters.com wrote:
> bind.x86_6432:9.9.4-20.el7.centos.pkcs11
> @mkosek-freeipa
> bind-dyndb-ldap.x86_64 6.1-1.el7.centos
This version works for me (tested on Fedora 21).
> And for reference here are the relev
dbstat:
MacBookPro-10DDB1EAF1CC-1522:~ ender$ cat FILE
Default locking region information:
139 Last allocated locker ID
0x7fff Current maximum unused locker ID
9 Number of lock modes
200 Initial number of locks allocated
0 Initial number of lockers allocated
200 I
This is looking like thread 13 prevents thread 12 run (and all the others).
Now thread 13 is likely waiting for db page? We may need output of
db_stat (db_state -N -h /var/lib/dirsrv/slapd-xxx/db/ -CA)
thanks
thierry
On 05/06/2015 11:31 AM, Łukasz Jaworski wrote:
ldapsearch hangs. Dirsrv is no
>> ldapsearch hangs. Dirsrv is not responding now.
> if the server is hanging, can you get a pstack
>>
Thread 45 (Thread 0x7fc6a562d700 (LWP 1868)):
#0 0x7fc6b2f1aae3 in select () from /lib64/libc.so.6
#1 0x7fc6b5492a99 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
#2 0x7fc6
Running FreeIPA 4.1 on Fedora 21 on Xenserver 6.2 in HVM mode. No issues.
Kind Regards,
David
2015-05-06 11:15 GMT+02:00 Alexander Frolushkin <
alexander.frolush...@megafon.ru>:
> Hello.
>
> We have periodically hanging and crashing dirsrv in our ipa servers.
>
> All of them running in VM on V
On 05/06/2015 11:10 AM, Łukasz Jaworski wrote:
Hi,
ipactl stops working after dirsrv-stop/start.
There are many changes in the changelog:
from 39399 to 44397
(…)
# 44393, changelog
dn: changenumber=44393,cn=changelog
# 44394, changelog
dn: changenumber=44394,cn=changelog
# 44395, changelog
Hello.
We have periodically hanging and crashing dirsrv in our ipa servers.
All of them running in VM on Vmware.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Christoph Kaminski
Sent: We
Hi,
ipactl stops working after dirsrv-stop/start.
There are many changes in the changelog:
from 39399 to 44397
(…)
# 44393, changelog
dn: changenumber=44393,cn=changelog
# 44394, changelog
dn: changenumber=44394,cn=changelog
# 44395, changelog
dn: changenumber=44395,cn=changelog
# 44396, chan
please reply to the mailing list
On 05/06/2015 11:00 AM, Łukasz Jaworski wrote:
Hi,
ipactl stops working after dirsrv-stop/start.
There are many changes in the changelog:
from 39399 to 44397
(…)
# 44393, changelog
dn: changenumber=44393,cn=changelog
# 44394, changelog
dn: changenumber=44394,c
Hi,
there seem to be different issues,
- I don't know what the ipactl status is looking for when it generates
the error message about no matching master,
but I don't think it is related to the retro changelog.
- the retro changelog errors for adding and deleting
-- the add failures are about a
On 6.5.2015 10:06, Petr Spacek wrote:
> General advice about views is
> 'do not use them' :-)
>
> It is much cleaner to put internal names in a sub-domain like int.example.com.
> (while example.com. is the public-facing domain) and restrict access to this
> sub-domain using ACL.
>
> In long term
On 5.5.2015 07:42, Christoph Kaminski wrote:
> Hi
>
> can someone validate this config for bind + split horizon (only the views
> part):
>
> acl internal {
> 127.0.0.1;
> 172.16.0.0/12;
> };
>
> view "internal"
> {
> match-clients {
Hi,
One of our replica hanged up morning. Error log after dirsrv restart:
[06/May/2015:09:28:15 +0200] - Retry count exceeded in delete
[06/May/2015:09:28:15 +0200] DSRetroclPlugin - delete_changerecord: could not
delete change record 38376 (rc: 51)
[06/May/2015:09:28:15 +0200] - Operation error
34 matches
Mail list logo