Re: [Freeipa-users] IPA replica directory server hung

2013-12-19 Thread Joe Mou
Thanks for the speedy reply. I am running on Fedora 19. $ rpm -q 389-ds-base 389-ds-base-1.3.1.16-1.fc19.x86_64 $ rpm -q nss nss-3.15.3-1.fc19.x86_64 On Wed, Dec 18, 2013 at 2:54 PM, Rich Megginson wrote: > On 12/18/2013 12:43 PM, Joe Mou wrote: > > I have a broken IPA replica that appears to

Re: [Freeipa-users] freeipa client wont install on host where a ipa server guest is already installed.

2013-12-19 Thread Lukas Slebodnik
On (18/12/13 20:40), Joshua Nager wrote: >Does this mean I should be able to login with the credentials supplied by >the ipa-server? If so, I can not. >The host box does not recognize any user accounts in the ipa domain at all. > >Any help is much appreciated as I would love to get this working. >

Re: [Freeipa-users] IPA replica directory server hung

2013-12-19 Thread Rich Megginson
On 12/19/2013 02:19 AM, Joe Mou wrote: Thanks for the speedy reply. I am running on Fedora 19. $ rpm -q 389-ds-base 389-ds-base-1.3.1.16-1.fc19.x86_64 $ rpm -q nss nss-3.15.3-1.fc19.x86_64 Not sure what's going on, but let's see if we can get it "unstuck". It seems there is a conflict between

Re: [Freeipa-users] IPA replica directory server hung

2013-12-19 Thread Joe Mou
Here are the results of that command: $ ldapsearch -xLLL -D "cn=directory manager" -W -b dc=the,dc=flatiron,dc=com '(objectclass=ldapsubentry)' Enter LDAP Password: dn: cn=Password Policy,cn=accounts,dc=the,dc=flatiron,dc=com cn: Password Policy cosspecifier: memberOf cosAttribute: krbPwdPolicyRef

[Freeipa-users] Full certificate renewal

2013-12-19 Thread Andrea Bontempi
What I want to do is a bit borderline :-) The scenario is: FreeIPA 3.0.0 (external-ca) with all certificates expired (also Root CA) Certmonger can't proceed to automatically renew the certificates. We can't release a certificate valid in the past (so we can't set the date in the past) What i

Re: [Freeipa-users] IPA replica directory server hung

2013-12-19 Thread Rich Megginson
On 12/19/2013 09:19 AM, Joe Mou wrote: Here are the results of that command: $ ldapsearch -xLLL -D "cn=directory manager" -W -b dc=the,dc=flatiron,dc=com '(objectclass=ldapsubentry)' Enter LDAP Password: dn: cn=Password Policy,cn=accounts,dc=the,dc=flatiron,dc=com cn: Password Policy cosspecif

Re: [Freeipa-users] IPA replica directory server hung

2013-12-19 Thread Joe Mou
On Thu, Dec 19, 2013 at 10:01 AM, Rich Megginson wrote: > On 12/19/2013 09:19 AM, Joe Mou wrote: > > Here are the results of that command: > > $ ldapsearch -xLLL -D "cn=directory manager" -W -b > dc=the,dc=flatiron,dc=com '(objectclass=ldapsubentry)' > Enter LDAP Password: > dn: cn=Password Pol

Re: [Freeipa-users] IPA replica directory server hung

2013-12-19 Thread Rich Megginson
On 12/19/2013 03:17 PM, Joe Mou wrote: On Thu, Dec 19, 2013 at 10:01 AM, Rich Megginson > wrote: On 12/19/2013 09:19 AM, Joe Mou wrote: Here are the results of that command: $ ldapsearch -xLLL -D "cn=directory manager" -W -b dc=the,dc=flatiron,dc=com

Re: [Freeipa-users] IPA replica directory server hung

2013-12-19 Thread Joe Mou
Thanks for your help Rich. The ticket is https://fedorahosted.org/389/ticket/47649 On Thu, Dec 19, 2013 at 2:43 PM, Rich Megginson wrote: > On 12/19/2013 03:17 PM, Joe Mou wrote: > > On Thu, Dec 19, 2013 at 10:01 AM, Rich Megginson wrote: > >> On 12/19/2013 09:19 AM, Joe Mou wrote: >> >> H