On 10/18/2016 11:22 PM, Bertrand Rétif wrote:
Hello,
I had an issue with pki-tomcat.
I had serveral certificate that was expired and pki-tomcat did not start
anymore.
I set the dateon the server before certificate expiration and then
pki-tomcat starts properly.
Then I try to resubmit the certif
Hi all,
I have a DNS question on how/why my IPA DNS servers are trying to hit
the root DNS internet servers. My IPA servers are in private networks only
serving DNS for the private domains they manage but recently the network
team
indicated they see my ipa IPs trying to hit the outside world.
Hello,
I had an issue with pki-tomcat.
I had serveral certificate that was expired and pki-tomcat did not start
anymore.
I set the dateon the server before certificate expiration and then pki-tomcat
starts properly.
Then I try to resubmit the certificate, but I get below error:
"Profile ca
We had one of our replicas fail today with the following errors:
[18/Oct/2016:13:40:47 -0400] agmt="cn=meTosrv-m14-32.cbls.ccr.buffalo.edu"
(srv-m14-32:389) - Can't locate CSN 58065ef300010003 in the changelog (DB
rc=-30988). If replication stops, the consumer may need to be reinitialized.
On ti, 18 loka 2016, Brian Candler wrote:
On 17/10/2016 15:52, Alexander Bokovoy wrote:
If you set ID range for corresponding AD domain in IPA to be
'ipa-ad-trust-posix' and make sure all users that need to logon to IPA
have POSIX attributes, then it should work.
I think most of this is describ
Hi,
I'm seeing lots of error messages like this in the DS logs.
[18/Oct/2016:17:00:37 +] attrlist_replace - attr_replace
(nsslapd-referral, ldap://
ipa-primary.example.net:389/dc%3Dexample%2Cdc%3Dnet) failed.
[18/Oct/2016:17:00:37 +] attrlist_replace - attr_replace
(nsslapd-referral, ldap
On 18.10.2016 17:02, Martin Babinsky wrote:
On 10/18/2016 04:59 PM, Deepak Dimri wrote:
Hi Martin, Before running ipa-replica-install do i need to run
ipa-server-install script on the replica?
I am installing ipa-server-install script on the replica and then If i
install ipa-replica-install
On 10/18/2016 04:59 PM, Deepak Dimri wrote:
Hi Martin, Before running ipa-replica-install do i need to run
ipa-server-install script on the replica?
I am installing ipa-server-install script on the replica and then If i
install ipa-replica-install without uninstalling ipa server then i get
bel
Hi Martin, Before running ipa-replica-install do i need to run
ipa-server-install script on the replica?
I am installing ipa-server-install script on the replica and then If i install
ipa-replica-install without uninstalling ipa server then i get below errors:
[root@ip-172-31-23-230 ipa]# ip
On 18.10.2016 13:52, Deepak Dimri wrote:
Thanks Martin, I had to run ipa-server-install --uninstall -U to get
rid of IPA client error message on the replica server and then re run
ipa-replica-install script to run it ok. But it does not look clean
through - as i understand we do need to run
On 17/10/2016 15:52, Alexander Bokovoy wrote:
If you set ID range for corresponding AD domain in IPA to be
'ipa-ad-trust-posix' and make sure all users that need to logon to IPA
have POSIX attributes, then it should work.
I think most of this is described in the Windows Integration Guide for
RHE
Thanks Martin, I had to run ipa-server-install --uninstall -U to get rid of IPA
client error message on the replica server and then re run ipa-replica-install
script to run it ok. But it does not look clean through - as i understand we do
need to run ipa-server-install script ( same as master) o
Hi Martin,
Indeed strange as another master where I did the upgrade on went fine.
It is/was a master with CA and Externally Signed CA, which was
perfectly sychned to the other master.
I finally uninstalled the ipa server and did a new replica install on
it with dns and CA and all went smooth and
13 matches
Mail list logo
