David Copperfield wrote:
Hi Rich and all,
For the latest IPA version 2.1.3-9 on red hat 6.2, the CA RUV records
clearance seems a must. Before clearance the annoying messages are
filling /var/log/dirsrv/slapd-PKI-IPA/errors on master file, while after
clearance the entries are gone.
Sorry to declare success too quick, :( In fact, it is worse now, the IPA master
fail after performing the above steps including the RUV cleaning. I've only
one working replica and I'm afraid to do anything on it.
On The IPA master, after I ran 'service ipa restart' it reported OK, but 'ipa
Try: ipactl stop then ipactl start
Doesn't look like dirsrv is running on 389 and 636
~
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA
Could that be because of removing ghost entries in CA database?
Another possible place could be the deleting/clearing option itself. One
annoying thing that I've found is:
I cleared the RUV records from IPA servers one by one, then I restart IPA
services on the servers one by one again,
Whew, glad to hear you got through it!
The 389 ds crew is working on making the cleanruv into an internal automated
process. I empathize completely.
The gssapi errors are generally benign. They come up because ldap starts before
the kdc.
Keeping your head in the cloud
