But in short the only thing to do is change the CRL generator per those
instructions. It is otherwise already a full CA. If none or all of them are
generating a CRL it isn't the end of the world either way, you could just
end up with slightly different CRLs on different masters which can be
Hi,
Has anyone seen replication issues when you have more than one replica?
If I have ipa1 as the master and 2 as the replica I am OK, if I add ipa3 as a
second replica 1 to 3 works both ways, and 2 to 1 works but not 1 to 2
I removed and re-added 2 and find that 3 now no longer works
Hi,
Seems the un-install option for ipa-server hangs at un-configuring/stopping the
web server every timethe result is the master thinks it has a replication
agreement but the replica doesnt..its then not possible to re-add the
replica to the masterits starts to work but fails when
Steven Jones wrote:
Hi,
Has anyone seen replication issues when you have more than one replica?
If I have ipa1 as the master and 2 as the replica I am OK, if I add ipa3 as a
second replica 1 to 3 works both ways, and 2 to 1 works but not 1 to 2
I removed and re-added 2 and find that 3
any idea on this GSSAPI error?
[root@vuwunicoipam001 ~]# ipa-replica-manage list
vuwunicoipam002.ods.vuw.ac.nz: master
vuwunicoipam005.ods.vuw.ac.nz: master
vuwunicoipam003.ods.vuw.ac.nz: master
vuwunicoipam004.ods.vuw.ac.nz: master
vuwunicoipam001.ods.vuw.ac.nz: master
steps
==
1) Fresh replica key
2) attempt to join with the ipa-manage-replica key command this fails
3) Check the 2nd servers dirsrv is running (service dirsrv status), if not
start it with service dirsrv start
4) run ipa-replica-manage force-sync -from ipa1 on ipa2
5) Check the
Steven Jones wrote:
Hi,
Seems the un-install option for ipa-server hangs at un-configuring/stopping the
web server every timethe result is the master thinks it has a replication
agreement but the replica doesnt..its then not possible to re-add the
replica to the masterits starts
I'm setting up an experimental subnet that needs a combination of
local and remote users. The local users already have passwords
available. I'd like to rely on those passwords without requiring
them to manage it themselves.
Is it possible to pass-through passwords to an external LDAP
back-end?
On 06/13/2012 04:45 PM, Jason Riedy wrote:
I'm setting up an experimental subnet that needs a combination of
local and remote users. The local users already have passwords
available. I'd like to rely on those passwords without requiring
them to manage it themselves.
Is it possible to
Steven Jones wrote:
steps
==
1) Fresh replica key
2) attempt to join with the ipa-manage-replica key command this fails
3) Check the 2nd servers dirsrv is running (service dirsrv status), if not
start it with service dirsrv start
4) run ipa-replica-manage force-sync -from ipa1 on
because Im trying to clean out the old memory of the ex-replica first...I
have to do that before I can re-add it for some reason.
All I have is the manual so Im doing my best to repair a system that seems
unstableso I was advised to make a new replica key as the original one used
to
OK,
I have got ipa3 back in as a replica, however when I add a user to ipa1
(master) it flows to ipa2 (1st replica) but not to ipa3 (2nd replica) which I
just added
When I add a user to ipa2, it flows to ipa1 but not ipa3
When I add a user to ipa3 it doesnt flow to 1 or 2.
When I run
On Wed, 2012-06-13 at 23:06 +, Steven Jones wrote:
OK,
I have got ipa3 back in as a replica, however when I add a user to ipa1
(master) it flows to ipa2 (1st replica) but not to ipa3 (2nd replica) which I
just added
When I add a user to ipa2, it flows to ipa1 but not ipa3
Hi,
I have done a restart numerous times demonstrating that named does not survive
service ipa restart or a reboot..
I have just done it again on ipam001 (master) and created a user and that user
doesnt appear on the second replica...but does on the frst replica.
I have also service ipa
On Thu, 2012-06-14 at 01:56 +, Steven Jones wrote:
Hi,
I have done a restart numerous times demonstrating that named does not
survive service ipa restart or a reboot..
FWIW you do not need to restart all IPA component, just dirsrv.
I have just done it again on ipam001 (master) and
15 matches
Mail list logo