Re: [Freeipa-users] How to promote 2.2.0 replica(installed with --setup-ca) to primary master?

2012-06-13 Thread James Hogarth
But in short the only thing to do is change the CRL generator per those instructions. It is otherwise already a full CA. If none or all of them are generating a CRL it isn't the end of the world either way, you could just end up with slightly different CRLs on different masters which can be

[Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Steven Jones
Hi, Has anyone seen replication issues when you have more than one replica? If I have ipa1 as the master and 2 as the replica I am OK, if I add ipa3 as a second replica 1 to 3 works both ways, and 2 to 1 works but not 1 to 2 I removed and re-added 2 and find that 3 now no longer works

[Freeipa-users] Removing a replica fails everytime

2012-06-13 Thread Steven Jones
Hi, Seems the un-install option for ipa-server hangs at un-configuring/stopping the web server every timethe result is the master thinks it has a replication agreement but the replica doesnt..its then not possible to re-add the replica to the masterits starts to work but fails when

Re: [Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Rob Crittenden
Steven Jones wrote: Hi, Has anyone seen replication issues when you have more than one replica? If I have ipa1 as the master and 2 as the replica I am OK, if I add ipa3 as a second replica 1 to 3 works both ways, and 2 to 1 works but not 1 to 2 I removed and re-added 2 and find that 3

Re: [Freeipa-users] Removing a replica fails everytime

2012-06-13 Thread Steven Jones
any idea on this GSSAPI error? [root@vuwunicoipam001 ~]# ipa-replica-manage list vuwunicoipam002.ods.vuw.ac.nz: master vuwunicoipam005.ods.vuw.ac.nz: master vuwunicoipam003.ods.vuw.ac.nz: master vuwunicoipam004.ods.vuw.ac.nz: master vuwunicoipam001.ods.vuw.ac.nz: master

Re: [Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Steven Jones
steps == 1) Fresh replica key 2) attempt to join with the ipa-manage-replica key command this fails 3) Check the 2nd servers dirsrv is running (service dirsrv status), if not start it with service dirsrv start 4) run ipa-replica-manage force-sync -from ipa1 on ipa2 5) Check the

Re: [Freeipa-users] Removing a replica fails everytime

2012-06-13 Thread Rob Crittenden
Steven Jones wrote: Hi, Seems the un-install option for ipa-server hangs at un-configuring/stopping the web server every timethe result is the master thinks it has a replication agreement but the replica doesnt..its then not possible to re-add the replica to the masterits starts

[Freeipa-users] Password pass-through to an existing LDAP server?

2012-06-13 Thread Jason Riedy
I'm setting up an experimental subnet that needs a combination of local and remote users. The local users already have passwords available. I'd like to rely on those passwords without requiring them to manage it themselves. Is it possible to pass-through passwords to an external LDAP back-end?

Re: [Freeipa-users] Password pass-through to an existing LDAP server?

2012-06-13 Thread Dmitri Pal
On 06/13/2012 04:45 PM, Jason Riedy wrote: I'm setting up an experimental subnet that needs a combination of local and remote users. The local users already have passwords available. I'd like to rely on those passwords without requiring them to manage it themselves. Is it possible to

Re: [Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Rob Crittenden
Steven Jones wrote: steps == 1) Fresh replica key 2) attempt to join with the ipa-manage-replica key command this fails 3) Check the 2nd servers dirsrv is running (service dirsrv status), if not start it with service dirsrv start 4) run ipa-replica-manage force-sync -from ipa1 on

Re: [Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Steven Jones
because Im trying to clean out the old memory of the ex-replica first...I have to do that before I can re-add it for some reason. All I have is the manual so Im doing my best to repair a system that seems unstableso I was advised to make a new replica key as the original one used to

Re: [Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Steven Jones
OK, I have got ipa3 back in as a replica, however when I add a user to ipa1 (master) it flows to ipa2 (1st replica) but not to ipa3 (2nd replica) which I just added When I add a user to ipa2, it flows to ipa1 but not ipa3 When I add a user to ipa3 it doesnt flow to 1 or 2. When I run

Re: [Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Simo Sorce
On Wed, 2012-06-13 at 23:06 +, Steven Jones wrote: OK, I have got ipa3 back in as a replica, however when I add a user to ipa1 (master) it flows to ipa2 (1st replica) but not to ipa3 (2nd replica) which I just added When I add a user to ipa2, it flows to ipa1 but not ipa3

Re: [Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Steven Jones
Hi, I have done a restart numerous times demonstrating that named does not survive service ipa restart or a reboot.. I have just done it again on ipam001 (master) and created a user and that user doesnt appear on the second replica...but does on the frst replica. I have also service ipa

Re: [Freeipa-users] Replication problems with having more than one replica?

2012-06-13 Thread Simo Sorce
On Thu, 2012-06-14 at 01:56 +, Steven Jones wrote: Hi, I have done a restart numerous times demonstrating that named does not survive service ipa restart or a reboot.. FWIW you do not need to restart all IPA component, just dirsrv. I have just done it again on ipam001 (master) and