Re: [Freeipa-users] Stock with a Master in read-only mode

2014-05-21 Thread Davis Goodman
On May 21, 2014, at 2:45 , Martin Kosek wrote: > On 05/21/2014 08:36 AM, Davis Goodman wrote: >> Hi, >> >> Lately I’ve been having issues of replication between my server and my 2 >> replicas. >> >> I decided I was going to delete my 2 replicas and start over keeping my >> master intact.

Re: [Freeipa-users] Stock with a Master in read-only mode

2014-05-21 Thread Martin Kosek
On 05/21/2014 09:12 AM, Davis Goodman wrote: > > > > > On May 21, 2014, at 2:45 , Martin Kosek wrote: > >> On 05/21/2014 08:36 AM, Davis Goodman wrote: >>> Hi, >>> >>> Lately I’ve been having issues of replication between my server and my 2 >>> replicas. >>> >>> I decided I was going to dele

Re: [Freeipa-users] Stock with a Master in read-only mode

2014-05-21 Thread Davis Goodman
On May 21, 2014, at 6:54 , Martin Kosek wrote: > On 05/21/2014 09:12 AM, Davis Goodman wrote: >> >> >> >> >> On May 21, 2014, at 2:45 , Martin Kosek wrote: >> >>> On 05/21/2014 08:36 AM, Davis Goodman wrote: Hi, Lately I’ve been having issues of replication between my s

Re: [Freeipa-users] be aware of name collision problem

2014-05-21 Thread Petr Spacek
Hello, On 21.5.2014 13:31, Davis Goodman wrote: ldapsearch -D "cn=Directory Manager” -W -LLL -x -b cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int"" Please note that domain shadowing/hijacking/name collisions are *strongly* discouraged. You *should not* use domain names you d

Re: [Freeipa-users] be aware of name collision problem

2014-05-21 Thread Davis Goodman
-- On May 21, 2014, at 8:17 , Petr Spacek wrote: > Hello, > > On 21.5.2014 13:31, Davis Goodman wrote: >> ldapsearch -D "cn=Directory Manager” -W -LLL -x -b >> cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int"" > > Please note that domain shadowing/hijacking/name collisio

Re: [Freeipa-users] be aware of name collision problem

2014-05-21 Thread Petr Spacek
On 21.5.2014 15:46, Davis Goodman wrote: -- On May 21, 2014, at 8:17 , Petr Spacek mailto:pspa...@redhat.com>> wrote: Hello, On 21.5.2014 13:31, Davis Goodman wrote: ldapsearch -D "cn=Directory Manager” -W -LLL -x -b cn=ipa-ldap-delegation,cn=s4u2prox

[Freeipa-users] New replica won't accept replication

2014-05-21 Thread Bret Wortman
This occurs on our first attempt to join as a replica. I've erased this box and rebaselined it but the same thing happens. No network ports being blocked that we know of, and another replica I created at the same time installed its replica file without issue. asipa is the new replica, zsipa is

Re: [Freeipa-users] New replica won't accept replication

2014-05-21 Thread Rob Crittenden
Bret Wortman wrote: > This occurs on our first attempt to join as a replica. I've erased this > box and rebaselined it but the same thing happens. No network ports > being blocked that we know of, and another replica I created at the same > time installed its replica file without issue. > > asipa

Re: [Freeipa-users] New replica won't accept replication

2014-05-21 Thread Bret Wortman
On the new replica (asipa) I see in the access log almost 5000 entries like this: [21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT oid="2.16.840.113730.3.5.6" name="Netscape Replication Total update Entry" [21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=120 nentries=0 etime=0 And

Re: [Freeipa-users] New replica won't accept replication

2014-05-21 Thread Bret Wortman
...but it did at least look like they were talking, right? Some level of replication was happening: (before the Netscape Replication Total update Entry began running away with the logfile): [21/May/2014:10:28:52 -0400] conn=2 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [21/May/2014:10:28:53

Re: [Freeipa-users] Stock with a Master in read-only mode

2014-05-21 Thread Martin Kosek
On 05/21/2014 01:31 PM, Davis Goodman wrote: > > > > > > > On May 21, 2014, at 6:54 , Martin Kosek > wrote: > >> On 05/21/2014 09:12 AM, Davis Goodman wrote: >>> >>> >>> >>> >>> On May 21, 2014, at 2:45 , Martin Kosek >>

Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-21 Thread Dmitri Pal
On 05/19/2014 06:43 AM, Chris Whittle wrote: All I am trying to fix right now is so when the user comes to the web ui they have a valid cert. Then you need to put the IPA cert into the trusted cert store. Its location depends upon the version of the client system you are using. On May 19,

Re: [Freeipa-users] New replica won't accept replication

2014-05-21 Thread Rob Crittenden
Bret Wortman wrote: > ...but it did at least look like they were talking, right? Some level of > replication was happening: > > (before the Netscape Replication Total update Entry began running away > with the logfile): > > [21/May/2014:10:28:52 -0400] conn=2 op=2 RESULT err=0 tag=101 nentries=1

Re: [Freeipa-users] New replica won't accept replication

2014-05-21 Thread Rob Crittenden
Bret Wortman wrote: > On the new replica (asipa) I see in the access log almost 5000 entries > like this: > > [21/May/2014:10:30:58 -0400] conn=4 op=4923 EXT > oid="2.16.840.113730.3.5.6" name="Netscape Replication Total update Entry" > [21/May/2014:10:30:58 -0400] conn=4 op=4923 RESULT err=0 tag=

Re: [Freeipa-users] New replica won't accept replication

2014-05-21 Thread Bret Wortman
It takes about 2 minutes. How would you like me to turn debugging on? Bret Wortman http://bretwortman.com/ http://twitter.com/BretWortman > On May 21, 2014, at 4:26 PM, Rob Crittenden wrote: > > Bret Wortman wrote: >> On the new replica (asipa) I see in the access log almost 5000 entries >> li

Re: [Freeipa-users] New replica won't accept replication

2014-05-21 Thread Rob Crittenden
Bret Wortman wrote: > It takes about 2 minutes. How would you like me to turn debugging on? http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting I'm not sure if you should enable this on both sides of the agreement or not. If you have the ability and don't mind potentially slowing down the