Hello,
these are debug messages and are harmless. Apparently you have verbose/debug
messages enabled in named.conf:
arg "verbose_checks yes";
If you want to get rid of these messages, just remove the line.
What version of bind-dyndb-ldap are you using?
Sufficiently new versions sho
Hi There,
I am running Freeipa version 4.2.0
I have been noticing that frequently I get this error "ipa: ERROR: Server
is unwilling to perform: Entry permanently locked."
when I try to run any ipa commands like ipa user-find or user-status
Finally i see that my admin account has been locked and
On ke, 12 loka 2016, Robert Sturrock wrote:
Hi All.
We’re attempting to setup an IPA (4.2) service on RHEL7.2 to provide
better connectivity to our (large) organisational AD service for Linux
clients.
We have setup IPA and configured a suitable AD trust (with SID POSIX
mapping) in the hope that
On 12 October 2016 at 15:23, Robert Sturrock wrote:
> Hi All.
>
> We’re attempting to setup an IPA (4.2) service on RHEL7.2 to provide
> better connectivity to our (large) organisational AD service for Linux
> clients.
>
> We have setup IPA and configured a suitable AD trust (with SID POSIX
> map
Hi All.
We’re attempting to setup an IPA (4.2) service on RHEL7.2 to provide better
connectivity to our (large) organisational AD service for Linux clients.
We have setup IPA and configured a suitable AD trust (with SID POSIX mapping)
in the hope that users will be able to access IPA resources
If you just need to join a handful of windows machines to a freeIPA
domain, try with these instructions:
https://www.redhat.com/archives/freeipa-users/2013-September/msg00226.h
tml
Best regards
El mar, 11-10-2016 a las 17:43 -0700, Alan Latteri escribió:
> > > > > I am trying to get this to wor
Thank you, Rob.
For reference, my full log can be found here: http://pastebin.com/6VLaQjYw
But I would postulate that the interesting bit is this:
> 2016-10-11T22:10:15Z DEBUG stdout=Outgoing update query:
>
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
>
> ;; flags:; ZONE: 0, PR
I am trying to get this to work, but our Samba server is not the same machine
as out IPA server, and these instructions seem to assume that. Any ideas? All
I need is the 1 windows machine in our network to be able to access our linux
based server, using the same user/pass as that of our IPA au
Tyrell Jentink wrote:
First off... new to the list, thank you in advance for your assistance!
My server is Fedora 24 Server, running in a VirtualBox virtual machine.
I have FreeIPA Server 4.3.2-2.fc24, installed from the standard
repositories, and dnf says it's up to date. FreeIPA has a trust s
First off... new to the list, thank you in advance for your assistance!
My server is Fedora 24 Server, running in a VirtualBox virtual machine. I
have FreeIPA Server 4.3.2-2.fc24, installed from the standard repositories,
and dnf says it's up to date. FreeIPA has a trust set up with an Windows
S
Things have been working better (so far) after taking some steps I read here:
https://www.redhat.com/archives/freeipa-users/2016-January/msg00257.html
On Mon, Oct 10, 2016 at 6:48 PM, Fil Di Noto wrote:
> After an IPA server is re-initialized it immediately begins failing
> incremental updates
Ah, yes, thank you, Alexander.
I agree it would help if I followed the example better.
It would also help if I understood the example so a little description of what
each command does would be very helpful.
It looks like that ACI record does exist.
Now how would I remove these LDAP records?
On ti, 11 loka 2016, John Popowitch wrote:
It doesn't look like there are any entries.
# ldapsearch -x -b 'cn=certprofiles,cn=ca,dc=aws,dc=cappex,dc=com' -s base aci
'ldapsearch -x' is 'use simple authentication instead of SASL' -- given
that you didn't specify any identity for simple authentic
It doesn't look like there are any entries.
# ldapsearch -x -b 'cn=certprofiles,cn=ca,dc=aws,dc=cappex,dc=com' -s base aci
# extended LDIF
#
# LDAPv3
# base with scope baseObject
# filter: (objectclass=*)
# requesting: aci
#
# certprofiles, ca, aws.cappex.com
dn: cn=certprofiles,cn=ca,dc=aws,dc=
i am using bind-dyndb-ldap on fedora 24 without FreeIPA, and continue to
have my logs swamped with errors about "check failed" from settings.c
and fwd.c. i am completely up to date with every package, so the latest
versions of everything are installed.
[settings.c : 420: setting_update_from_l
I just joined this list, so if this question has been asked before (and I'll
bet it has), I apologize in advance.
A google search was unrevealing, so I'm asking here: we're running FreeIPA
Version 3.0.0 on CentOS 6.6. It looks like the password complexity
requirements are limited to setting t
Here you have example
kinit admin
ldapsearch -Y GSSAPI -b 'cn=certprofiles,cn=ca,dc=,dc=' -s
base aci
On 11.10.2016 17:48, John Popowitch wrote:
Thanks, Martin.
But I'm afraid you've gone beyond my level of LDAP knowledge.
How would I check for that ACI?
-John
*From:*Martin Basti [mail
I have this error in the log of my FreeIPA server freeipa-sea.bpt.rocks:
[11/Oct/2016:09:04:39 -0700] NSMMReplicationPlugin -
agmt="cn=masterAgreement1-seattlenfs.bpt.rocks-pki-tomcat"
(seattlenfs:389): The remote replica has a different database generation
ID than the local database. You may hav
Thanks, Martin.
But I'm afraid you've gone beyond my level of LDAP knowledge.
How would I check for that ACI?
-John
From: Martin Basti [mailto:mba...@redhat.com]
Sent: Tuesday, October 11, 2016 10:38 AM
To: John Popowitch; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FreeIPA v4.2 stopped
On 11.10.2016 17:21, John Popowitch wrote:
I agree that is weird.
Several of the other managed permissions are updated successfully and
they are very similar.
Yes, I can try to remove the permission manually.
Is there any risk in corrupting or breaking the system?
This is, I believe, one
I agree that is weird.
Several of the other managed permissions are updated successfully and they are
very similar.
Yes, I can try to remove the permission manually.
Is there any risk in corrupting or breaking the system?
This is, I believe, one of three IPA servers in a multi-master replication.
That's weird because the code is checking if a permission exists before
it tries to add a new one
Can you try to remove 'System: Modify Certificate Profile' manually from
LDAP and re-run ipa-server-upgrade?
On 11.10.2016 15:53, John Popowitch wrote:
2016-10-10T19:51:38Z DEBUG Updating man
2016-10-10T19:51:38Z DEBUG Updating managed permission: System: Modify
Certificate Profile
2016-10-10T19:51:38Z DEBUG Destroyed connection context.ldap2_82077392
2016-10-10T19:51:38Z ERROR Upgrade failed with This entry already exists
2016-10-10T19:51:38Z DEBUG Traceback (most recent call last):
On Tue, Oct 11, 2016 at 03:28:55PM +1100, Lachlan Musicman wrote:
> After further testing, I've discovered that the dev system wasn't working
> as well as I thought it was: HBAC and sshd don't seem to be playing well
> together on one server, but fine on the other?
>
> ie, I can run the same comma
Hi,
you don't specify the version you are using:
If it is 389-ds-base-1.3.4.0-33.el7_2.x86_64
the following may apply:
>>>
we have identified an issue with this version, it includes a fix for
389-ds ticket #48766, which was incomplete and resolved shortly after
the release of this version (it i
On 10.10.2016 23:30, John Popowitch wrote:
Hello FreeIPA community.
I've inherited a group of three FreeIPA v4.2 servers on CentOS 7.2.
I had to reboot one of the servers and now IPA won't run saying,
"Upgrade required: please run ipa-server-upgrade command."
But when I run ipa-server-upg
26 matches
Mail list logo