[Freeipa-users] DNS reverse zone is not managed by this server

2016-12-19 Thread Maciej Drobniuch
Hi All! I get the following message while adding a new hostname. "The host was added but the DNS update failed with: DNS reverse zone in-addr.arpa. for IP address 10.0.0.165 is not managed by this server" The reverse zone is configured and working. When I am manually adding the PTR record to

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
2016-12-19 18:53 GMT+01:00 Martin Basti : > > > On 19.12.2016 17:51, Rob Verduijn wrote: > > 2016-12-19 17:06 GMT+01:00 Martin Basti : > >> >> >> On 19.12.2016 16:27, Rob Verduijn wrote: >> >> >> >> 2016-12-19 16:07 GMT+01:00 Rob Verduijn

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-19 Thread Brian J. Murrell
On Mon, 2016-12-19 at 17:26 +0100, Martin Basti wrote: > > On 19.12.2016 13:19, Brian J. Murrell wrote: > > On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote: > > > Hello, > > > > > > could you recheck with SElinux in permissive mode? > > > > Yeah, still happens even after doing: > > > > #

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

2016-12-19 Thread Jochen Hein
Alexander Bokovoy writes: > On su, 18 joulu 2016, Jochen Hein wrote: > Ok. It would probably make sense to file a ticket to FreeIPA tracker to > get these changes in FreeIPA 4.5. I'm now fighting against my privacyidea server, but if I can test something more and am sure

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Martin Basti
On 19.12.2016 17:51, Rob Verduijn wrote: 2016-12-19 17:06 GMT+01:00 Martin Basti >: On 19.12.2016 16:27, Rob Verduijn wrote: 2016-12-19 16:07 GMT+01:00 Rob Verduijn >:

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
2016-12-19 17:06 GMT+01:00 Martin Basti : > > > On 19.12.2016 16:27, Rob Verduijn wrote: > > > > 2016-12-19 16:07 GMT+01:00 Rob Verduijn : > >> >> >> >> 2016-12-19 15:52 GMT+01:00 Petr Spacek : >> >>> On 19.12.2016 14:07, Rob Verduijn

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-19 Thread Martin Basti
On 19.12.2016 13:19, Brian J. Murrell wrote: On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote: Hello, could you recheck with SElinux in permissive mode? Yeah, still happens even after doing: # setenforce 0 Cheers, b. could you please kinit as service? kinit -kt

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Martin Basti
On 19.12.2016 16:27, Rob Verduijn wrote: 2016-12-19 16:07 GMT+01:00 Rob Verduijn >: 2016-12-19 15:52 GMT+01:00 Petr Spacek >: On 19.12.2016 14:07, Rob Verduijn wrote:

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
2016-12-19 16:07 GMT+01:00 Rob Verduijn : > > > > 2016-12-19 15:52 GMT+01:00 Petr Spacek : > >> On 19.12.2016 14:07, Rob Verduijn wrote: >> > Hello, >> > >> > I'm running ipa on centos 7.3 with the latest patches applied. >> > >> > It seem to run fine

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
2016-12-19 15:52 GMT+01:00 Petr Spacek : > On 19.12.2016 14:07, Rob Verduijn wrote: > > Hello, > > > > I'm running ipa on centos 7.3 with the latest patches applied. > > > > It seem to run fine however the ipa-dnskeysyncd keeps failing to start > and > > I keep seeing this

Re: [Freeipa-users] Kerberos realm for different domain

2016-12-19 Thread Petr Spacek
On 15.12.2016 23:59, Brian Candler wrote: >> On Sun, Dec 11, 2016 at 11:31 PM, David Kupka > > wrote: >> >> >> yes you can do it. DNS domain and Kerberos realm are two different >> things. It's common and AFAIK recommended to capitalize DNS

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Petr Spacek
On 19.12.2016 14:07, Rob Verduijn wrote: > Hello, > > I'm running ipa on centos 7.3 with the latest patches applied. > > It seem to run fine however the ipa-dnskeysyncd keeps failing to start and > I keep seeing this message in my logs: > > ipa-dnskeysyncd[25663]: ipa : INFO LDAP

[Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
Hello, I'm running ipa on centos 7.3 with the latest patches applied. It seem to run fine however the ipa-dnskeysyncd keeps failing to start and I keep seeing this message in my logs: ipa-dnskeysyncd[25663]: ipa : INFO LDAP bind... python2[25663]: GSSAPI client step 1

Re: [Freeipa-users] Replica Creation Issue

2016-12-19 Thread Christian McNamara
It seems like it is indeed not running. ipactl restart is only starting one dirsrv. I recently learned this server is itself a replica of an earlier server. Is it possible it was never meant to be a CA? -- Christian McNamara Christian McNamara Chief Technology Officer South Side Hackerspace:

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-19 Thread Brian J. Murrell
On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote: > > Hello, > > could you recheck with SElinux in permissive mode? Yeah, still happens even after doing: # setenforce 0 Cheers, b. signature.asc Description: This is a digitally signed message part -- Manage your subscription for the

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

2016-12-19 Thread Martin Basti
On 17.12.2016 19:30, Brian J. Murrell wrote: On Fri, 2016-12-16 at 22:53 -0500, Brian J. Murrell wrote: Hi, After upgrading to EL 7.3 which included an upgrade of IPA from 4.2.0- 15.0.1.el7.centos.19 to 4.4.0-14.el7.centos I'm getting: 22:01:00 ipa-dnskeysyncd ipa : INFO LDAP