[Freeipa-users] httpd broken

2017-01-14 Thread Gady Notrica 
Hey guys,

After updating my IPA and http packages, httpd and samba are not starting. 
Something weird happening to the python code.

Any idea?

httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: 
disabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─ipa.conf
Active: failed (Result: exit-code) since Sat 2017-01-14 23:44:50 EST; 33s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 3445 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy (code=exited, 
status=1/FAILURE)

Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: File 
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1643, in 
__wait_for_connection
Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: 
wait_for_open_socket(lurl.hostport, timeout)
Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: File 
"/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1286, in 
wait_for_open_socket
Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: raise e
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Windows Server can't use FreeIPA's DNS server

2017-01-14 Thread Fil Di Noto 
Sounds more like a client problem (firewall, hosts file, network
settings/routes)

Other clients are able to resolve against the IPA server? You are seeing
the response come back on a packet capture taken from the windows server?

If yes to both of those, maybe the windows server thinks the IPA server is
not who it says it is. Is the IPA server hostname/domain name the same as a
previous windows host? If so that is probably not good.

On Sat, Jan 14, 2017 at 12:01 PM, Raul Dias  wrote:

> Hello,
>
> I am migrating a network to FreeIPA. LDAP, NFS, no Active Directory.
>
> A Windows Server 2008 R2, cannot use FreeIPAs bind to resolve DNS query.
> This server works fine with my old bind server, google's dns server
> (8.8.8.8), but not FreeIPA's.
> Using wireshark, I can see the the response gets to this host, but is
> simply ignored.  Clocks are in sync.
>
> Not sure if the problem is in the FreeIPA's side, probably not.
>
> Any ideas?
> -rsd
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Windows Server can't use FreeIPA's DNS server

2017-01-14 Thread Raul Dias 

Hello,

I am migrating a network to FreeIPA. LDAP, NFS, no Active Directory.

A Windows Server 2008 R2, cannot use FreeIPAs bind to resolve DNS query.
This server works fine with my old bind server, google's dns server 
(8.8.8.8), but not FreeIPA's.
Using wireshark, I can see the the response gets to this host, but is 
simply ignored.  Clocks are in sync.


Not sure if the problem is in the FreeIPA's side, probably not.

Any ideas?

-rsd
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] where is ipa cache?

2017-01-14 Thread Matrix 
it should be. 

you mean 'sss_cache -E' ? i have also tried to use to invalidate everything. 
sudo did not trigger any packets between client and server. 

Matrix




-- Original --
From:  "Fraser Tweedale";;
Date:  Sat, Jan 14, 2017 07:29 PM
To:  "Matrix"; 
Cc:  "freeipa-users"; 
Subject:  Re: [Freeipa-users] where is ipa cache?



On Sat, Jan 14, 2017 at 07:03:00PM +0800, Matrix wrote:
> Hi, all
> 
> 
> I have removed everything in /var/lib/sss/db. but sudo works fine. 
> 
> 
> I have also tried to capture sudo search packets with tcpdump. I found that 
> there is no packets transferred between ipa client and server. I am wondering 
> where is ipa cache? in memory?
> 
I think it is in memory.  Run `sss-cache -E' to dump the cache.

> 
> Best Regards
> 
> 
> Matrix

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] where is ipa cache?

2017-01-14 Thread Fraser Tweedale 
On Sat, Jan 14, 2017 at 07:03:00PM +0800, Matrix wrote:
> Hi, all
> 
> 
> I have removed everything in /var/lib/sss/db. but sudo works fine. 
> 
> 
> I have also tried to capture sudo search packets with tcpdump. I found that 
> there is no packets transferred between ipa client and server. I am wondering 
> where is ipa cache? in memory?
> 
I think it is in memory.  Run `sss-cache -E' to dump the cache.

> 
> Best Regards
> 
> 
> Matrix

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] where is ipa cache?

2017-01-14 Thread Matrix 
Hi, all


I have removed everything in /var/lib/sss/db. but sudo works fine. 


I have also tried to capture sudo search packets with tcpdump. I found that 
there is no packets transferred between ipa client and server. I am wondering 
where is ipa cache? in memory?


Best Regards


Matrix-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project