On 28/10/14 06:14, Michael Lasevich wrote:
Running into same thing, but running ipa-dnsinstall does not complete:
=
Configuring DNS (named)
[1/8]: generating rndc key file
WARNING: Your system is running out of entropy, you may experience
long delays
[2/8]:
Sorry it took me so long to try this and get back to you. I tried
modifying that Python script and running it, and this is what I get:
Initializing API
Setting up NSS databases
Untracking existing Apache Server-Cert
Issuing new cert
Tracking Server-Cert
ipa: ERROR: certmonger failed starting to
OK, thanks for info.
First I used that command with | grep radius at the end prior to
adding my radiusschema.ldif.
It returned no data.
Then I added my radiusschema.ldif using the command:
# ldapmodify -ZZ -x -D cn=Directory Manager -W -H ldap://localhost
-f /usr/share/radiusschema.ldif
Hello all,
I've been digging into my problem of being unable to update from 3.3.5 to
4.1
First I add the repo from copr
Then I used to update it by issueing 'yum update' which resulted in an
update in which my local dns zone entries no longer resolved.
So i tried the instructions mentioned on
Eric McCoy wrote:
Sorry it took me so long to try this and get back to you. I tried
modifying that Python script and running it, and this is what I get:
Initializing API
Setting up NSS databases
Untracking existing Apache Server-Cert
Issuing new cert
Tracking Server-Cert
ipa: ERROR:
Rob Verduijn wrote:
Ok after some more digging :
I found some warnings (see below)
Is any of these the cause for the error ?
Rob
snip
snip
snip
2014-10-27T13:56:28Z INFO Updating existing entry:
cn=ipaConfig,cn=etc,dc=X,dc=X
snip
2014-10-27T13:56:28Z WARNING remove:
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Monday, October 27, 2014 5:32 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group
On 10/27/2014 07:38 PM, Craig White wrote:
RHEL 6.5 - new install
Yes I did generate the database on the IPA server and copied it over. I thought
that was what the instructions indicated to do:
Create NSS DB (Don't enter password. Just hit return)
ipaserver $ certutil -N -d /var/ldap
Convert the IPA certificate to PEM format:
ipaserver $ openssl x509 -in
On 10/28/2014 12:11 PM, Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal
*Sent:* Monday, October 27, 2014 5:32 PM
*To:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] getent passwd / group
On 10/27/2014
before the update its 4.5-1.fc20.x86_64.rpm from fedora 20 updates repo
after the update its 6.0-5.fc20.x86_64.rpm from copr repo
Regards
Rob
2014-10-28 17:58 GMT+01:00 Martin Basti mba...@redhat.com:
On 28/10/14 16:10, Rob Verduijn wrote:
Hello all,
I've been digging into my problem
You're right. When I deleted the puppetmaster certs and reran newcert.py,
it worked like a champ. Presumably this is how the main cert disappeared
in the first place: NSS silently overwrote it. This does mean that I won't
be able to run puppet on this server, but... Well, even when I was doing
A little history. We migrated from an OpenLDAP system to FreeIPA. The IPA
version is listed above. I have samba installed and integrated directly on
the FreeIPA box.
The problem we're having are users who were migrated can no longer can see
the samba shares. We are connecting to these shares
I have a pair of servers that were both installed on clean Fedora20
4.0.1 from pviktori copr repo and then upgraded from mkosek to 4.1
During update, secondary was done first and worked but primary run into
trouble as described
Looking under cn=keys,cn=sec,cn=dns,dc=my,dc=domain,dc=com I get one
From: Dmitri Pal [mailto:d...@redhat.com]
Sent: Tuesday, October 28, 2014 10:04 AM
To: Craig White; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group
On 10/28/2014 12:11 PM, Craig White wrote:
From: freeipa-users-boun...@redhat.commailto:freeipa-users-boun...@redhat.com
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Tuesday, October 28, 2014 1:28 PM
To: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group [SOLVED]
From: Dmitri Pal [mailto:d...@redhat.com]
RHEL 6.5 - new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64
Is it safe to install the 389 DS and admin console packages and use them?
I think it would be useful to use for things like editing ACI's, etc.
Craig White
System Administrator
O 623-201-8179 M
Eric McCoy wrote:
You're right. When I deleted the puppetmaster certs and reran
newcert.py, it worked like a champ. Presumably this is how the main
cert disappeared in the first place: NSS silently overwrote it. This
does mean that I won't be able to run puppet on this server, but...
Well,
sipazzo wrote:
Yes I did generate the database on the IPA server and copied it over. I
thought that was what the instructions indicated to do:
So NSS is not known for the greatest error messages. The error you're
seeing, SEC_ERROR_LEGACY_DATABASE, can happen for any number of reasons,
On 10/28/2014 02:45 PM, Craig White wrote:
RHEL 6.5 – new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64
Is it safe to install the 389 DS and admin console packages and use them?
In general, no, it is not supported. IPA depends on a certain tree
structure,
Rob Crittenden wrote:
sipazzo wrote:
Yes I did generate the database on the IPA server and copied it over. I
thought that was what the instructions indicated to do:
So NSS is not known for the greatest error messages. The error you're
seeing, SEC_ERROR_LEGACY_DATABASE, can happen for any
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Tuesday, October 28, 2014 3:02 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] 389 DS admin consoles
On 10/28/2014 02:45 PM, Craig White wrote:
RHEL 6.5 - new install
On 10/28/2014 05:05 PM, Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Rich Megginson
*Sent:* Tuesday, October 28, 2014 3:02 PM
*To:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] 389 DS admin consoles
On
I only have ldap defined in nsswitch.conf for passwd and group, ipnodes and
host correctly reference dns. The fact that I get an SSL initialization failed:
error -8174 (security library: bad database) when performing an ldapsearch with
the -ZZ option seems to indicate that there is something
On 10/28/2014 04:41 PM, Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Craig White
*Sent:* Tuesday, October 28, 2014 1:28 PM
*To:* d...@redhat.com; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] getent passwd /
On 10/28/2014 07:23 PM, Rich Megginson wrote:
On 10/28/2014 05:05 PM, Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Rich Megginson
*Sent:* Tuesday, October 28, 2014 3:02 PM
*To:* freeipa-users@redhat.com
*Subject:* Re:
From: Dmitri Pal [mailto:d...@redhat.com]
Sent: Tuesday, October 28, 2014 5:10 PM
To: Craig White; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group [SOLVED]
On 10/28/2014 04:41 PM, Craig White wrote:
From:
On 10/28/2014 08:15 PM, Craig White wrote:
*From:*Dmitri Pal [mailto:d...@redhat.com]
*Sent:* Tuesday, October 28, 2014 5:10 PM
*To:* Craig White; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] getent passwd / group [SOLVED]
On 10/28/2014 04:41 PM, Craig White wrote:
sipazzo wrote:
I only have ldap defined in nsswitch.conf for passwd and group, ipnodes and
host correctly reference dns. The fact that I get an SSL initialization
failed: error -8174 (security library: bad database) when performing an
ldapsearch with the -ZZ option seems to indicate that
Craig White wrote:
*From:*Dmitri Pal [mailto:d...@redhat.com]
*Sent:* Tuesday, October 28, 2014 5:10 PM
*To:* Craig White; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] getent passwd / group [SOLVED]
On 10/28/2014 04:41 PM, Craig White wrote:
I solved the problem.
I tried to add my radiusschema.ldif using LDAP admin, and it gave an
error: Line 64: dn expected, but add found.
So instructions here:
https://www.redhat.com/archives/freeipa-users/2014-February/msg00050.html are
incomplete.
When creating an ldif-file from the
30 matches
Mail list logo
