Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Rich Megginson
On 07/22/2015 03:39 AM, Torsten Harenberg wrote: Dear Alexander, dear Sumit, thank you very much indeed for the quick replies. Am 22.07.15 um 11:21 schrieb Sumit Bose: Looks like there are issues getting the needed data from the local LDAP server. The message below about the master key points

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-22 Thread Alexandre Ellert
Le 22 juil. 2015 à 17:09, Alexander Bokovoy aboko...@redhat.com a écrit : On Wed, 22 Jul 2015, Alexandre Ellert wrote: Le 20 juil. 2015 à 17:17, Alexander Bokovoy aboko...@redhat.com a écrit : On Mon, 20 Jul 2015, Alexandre Ellert wrote: Can you please show output from fgrep -r 'dc'

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-22 Thread Alexander Bokovoy
On Wed, 22 Jul 2015, Alexandre Ellert wrote: # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv from both servers? Server 1: # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-22 Thread Alexander Bokovoy
On Wed, 22 Jul 2015, Alexandre Ellert wrote: Le 20 juil. 2015 à 17:17, Alexander Bokovoy aboko...@redhat.com a écrit : On Mon, 20 Jul 2015, Alexandre Ellert wrote: Can you please show output from fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema # fgrep -r 'dc'

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-22 Thread Alexandre Ellert
Le 22 juil. 2015 à 17:43, Alexander Bokovoy aboko...@redhat.com a écrit : On Wed, 22 Jul 2015, Alexandre Ellert wrote: Le 22 juil. 2015 à 17:09, Alexander Bokovoy aboko...@redhat.com a écrit : On Wed, 22 Jul 2015, Alexandre Ellert wrote: Le 20 juil. 2015 à 17:17, Alexander Bokovoy

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-22 Thread Alexander Bokovoy
On Wed, 22 Jul 2015, Alexandre Ellert wrote: Le 22 juil. 2015 à 17:09, Alexander Bokovoy aboko...@redhat.com a écrit : On Wed, 22 Jul 2015, Alexandre Ellert wrote: Le 20 juil. 2015 à 17:17, Alexander Bokovoy aboko...@redhat.com a écrit : On Mon, 20 Jul 2015, Alexandre Ellert wrote: Can

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-22 Thread Alexander Bokovoy
On Wed, 22 Jul 2015, Alexandre Ellert wrote: Le 22 juil. 2015 à 18:08, Alexander Bokovoy aboko...@redhat.com a écrit : On Wed, 22 Jul 2015, Alexandre Ellert wrote: # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv from both servers? Server 1: # fgrep -r 0.9.2342.19200300.100.1.25

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Torsten Harenberg
Dear Rich, Am 22.07.2015 um 17:03 schrieb Rich Megginson: It might be helpful to do a # debuginfo-install 389-ds-base ipa-server slapi-nis and follow the directions at http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs to get a full stack trace thanks for the hint. Did that.

[Freeipa-users] Samba Failing to start (Causing FreeIPA to not start!)

2015-07-22 Thread William Graboyes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi All, I have been messing around with AD trust installs mainly around doing ntlm_auth for a radius server. However, as I was unable to see some of the needed resources, I thought maybe IPA may need a kick. So I ran the following command

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Torsten Harenberg
Hi Rich, Am 22.07.2015 um 19:25 schrieb Rich Megginson: No, probably not. I think it is either BIND or sssd. from that I would say sssd: [root@ipa ~]# netstat -p Aktive Internetverbindungen (ohne Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-22 Thread Alexandre Ellert
Le 22 juil. 2015 à 18:40, Alexander Bokovoy aboko...@redhat.com a écrit : On Wed, 22 Jul 2015, Alexandre Ellert wrote: Le 22 juil. 2015 à 18:08, Alexander Bokovoy aboko...@redhat.com a écrit : On Wed, 22 Jul 2015, Alexandre Ellert wrote: # fgrep -r 0.9.2342.19200300.100.1.25

[Freeipa-users] Unable to install ipa-server-trust-ad

2015-07-22 Thread Carlos Raúl Laguna
Hello everyone, i am using fedora 22 server with copr repos enabled for freeipa 4.2, according with the documentation i execute sudo dnf install -y *ipa-server *ipa-server-trust-ad bind bind-dyndb-ldap however the following error occurs Error: package freeipa-server-trust-ad-4.1.4-2.fc22.x86_64

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Jakub Hrozek
On Wed, Jul 22, 2015 at 11:25:12AM -0600, Rich Megginson wrote: /lib64/libpthread.so.0 #1 0x7fb8544f5440 in PR_WaitCondVar () from /lib64/libnspr4.so #2 0x7fb8565f19a5 in ps_send_results () #3 0x7fb8544facab in _pt_root () from /lib64/libnspr4.so #4 0x7fb853e9b52a in

Re: [Freeipa-users] Samba Failing to start (Causing FreeIPA to not start!)

2015-07-22 Thread Dave Sirrine
Bill, Can you let us know what version of FreeIPA you're using? The most likely due to the occurrence of NT_STATUS_INVALID_PARAMETER which is most likely a time skew issue between AD and IPA. Can you verify this? Thanks! -- Dave - Original Message - From: William Graboyes

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Torsten Harenberg
Am 22.07.2015 um 21:49 schrieb Rich Megginson: but strage: there is no bind binary: Then I'm not sure what's going on. currently there is a java process on ldaps: [root@ipa ~]# netstat -p -n | grep 636 tcp6 0 0 132.195.124.12:636 132.195.124.12:36546 VERBUNDEN 800/ns-slapd

Re: [Freeipa-users] Samba Failing to start (Causing FreeIPA to not start!)

2015-07-22 Thread William Graboyes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Dave, There is no actual AD at this time. Thanks :) On 7/22/15 12:22 PM, Dave Sirrine wrote: Bill, Can you let us know what version of FreeIPA you're using? The most likely due to the occurrence of NT_STATUS_INVALID_PARAMETER which is

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Rich Megginson
On 07/22/2015 01:47 PM, Torsten Harenberg wrote: Am 22.07.2015 um 21:32 schrieb Rich Megginson: On 07/22/2015 01:17 PM, Jakub Hrozek wrote: On Wed, Jul 22, 2015 at 11:25:12AM -0600, Rich Megginson wrote: /lib64/libpthread.so.0 #1 0x7fb8544f5440 in PR_WaitCondVar () from

Re: [Freeipa-users] Samba Failing to start (Causing FreeIPA to not start!)

2015-07-22 Thread Sumit Bose
On Wed, Jul 22, 2015 at 11:14:51AM -0700, William Graboyes wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi All, I have been messing around with AD trust installs mainly around doing ntlm_auth for a radius server. However, as I was unable to see some of the needed resources, I

Re: [Freeipa-users] Samba Failing to start (Causing FreeIPA to not start!)

2015-07-22 Thread Alexander Bokovoy
On Wed, 22 Jul 2015, William Graboyes wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi All, I have been messing around with AD trust installs mainly around doing ntlm_auth for a radius server. However, as I was unable to see some of the needed resources, I thought maybe IPA may need

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Rich Megginson
On 07/22/2015 11:03 AM, Torsten Harenberg wrote: Dear Rich, Am 22.07.2015 um 17:03 schrieb Rich Megginson: It might be helpful to do a # debuginfo-install 389-ds-base ipa-server slapi-nis and follow the directions at http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs to get a full

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Rich Megginson
On 07/22/2015 01:17 PM, Jakub Hrozek wrote: On Wed, Jul 22, 2015 at 11:25:12AM -0600, Rich Megginson wrote: /lib64/libpthread.so.0 #1 0x7fb8544f5440 in PR_WaitCondVar () from /lib64/libnspr4.so #2 0x7fb8565f19a5 in ps_send_results () #3 0x7fb8544facab in _pt_root () from

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Rich Megginson
On 07/22/2015 02:09 PM, Torsten Harenberg wrote: Am 22.07.2015 um 21:49 schrieb Rich Megginson: but strage: there is no bind binary: Then I'm not sure what's going on. currently there is a java process on ldaps: [root@ipa ~]# netstat -p -n | grep 636 tcp6 0 0 132.195.124.12:636

Re: [Freeipa-users] Samba Failing to start (Causing FreeIPA to not start!)

2015-07-22 Thread William Graboyes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Alexander, Thank you for the pointers, However it seems that I am still not getting the ipaNTSecurityIdentifier returned. Even after re-running the ipa-adtrust-install --add-sids (which I believe it gave me the option for on initial install,

[Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Torsten Harenberg
Dear community, we just moved our infrastructure (about 200 node cluster plus about 30 workstations) from NIS to FreeIPA (version 4.1.4 on FC 21). We have two IPA servers (called ipa and ipa2 both paravirtualized on Xen4). Approx once a day, the Kerberos service on the primary server suddenly

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Alexander Bokovoy
On Wed, 22 Jul 2015, Torsten Harenberg wrote: Dear community, we just moved our infrastructure (about 200 node cluster plus about 30 workstations) from NIS to FreeIPA (version 4.1.4 on FC 21). We have two IPA servers (called ipa and ipa2 both paravirtualized on Xen4). Approx once a day, the

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Torsten Harenberg
Dear Alexander, dear Sumit, thank you very much indeed for the quick replies. Am 22.07.15 um 11:21 schrieb Sumit Bose: Looks like there are issues getting the needed data from the local LDAP server. The message below about the master key points into the same direction. Can you check the 389ds

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Sumit Bose
On Wed, Jul 22, 2015 at 11:39:25AM +0200, Torsten Harenberg wrote: Dear Alexander, dear Sumit, thank you very much indeed for the quick replies. Am 22.07.15 um 11:21 schrieb Sumit Bose: Looks like there are issues getting the needed data from the local LDAP server. The message below

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Sumit Bose
On Wed, Jul 22, 2015 at 11:06:53AM +0200, Torsten Harenberg wrote: Dear community, we just moved our infrastructure (about 200 node cluster plus about 30 workstations) from NIS to FreeIPA (version 4.1.4 on FC 21). We have two IPA servers (called ipa and ipa2 both paravirtualized on Xen4).

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Alexander Bokovoy
On Wed, 22 Jul 2015, Torsten Harenberg wrote: Dear Alexander, dear Sumit, thank you very much indeed for the quick replies. Am 22.07.15 um 11:21 schrieb Sumit Bose: Looks like there are issues getting the needed data from the local LDAP server. The message below about the master key points

Re: [Freeipa-users] dnssec support in 4.1

2015-07-22 Thread Andrew E. Bruno
On Wed, Jul 22, 2015 at 04:48:33PM +0300, Alexander Bokovoy wrote: On Wed, 22 Jul 2015, Andrew E. Bruno wrote: Apologies if this has been answered before but we're interested in dnssec support in FreeIPA. Running Centos 7.1.1503, ipa-server 4.1.0-18 and following the docs here:

[Freeipa-users] dnssec support in 4.1

2015-07-22 Thread Andrew E. Bruno
Apologies if this has been answered before but we're interested in dnssec support in FreeIPA. Running Centos 7.1.1503, ipa-server 4.1.0-18 and following the docs here: https://www.freeipa.org/page/Howto/DNSSEC and http://www.freeipa.org/page/Releases/4.1.0#DNSSEC_Support # ipa-dns-install

Re: [Freeipa-users] dnssec support in 4.1

2015-07-22 Thread Alexander Bokovoy
On Wed, 22 Jul 2015, Andrew E. Bruno wrote: Apologies if this has been answered before but we're interested in dnssec support in FreeIPA. Running Centos 7.1.1503, ipa-server 4.1.0-18 and following the docs here: https://www.freeipa.org/page/Howto/DNSSEC and

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Torsten Harenberg
Am 22.07.2015 um 21:32 schrieb Rich Megginson: On 07/22/2015 01:17 PM, Jakub Hrozek wrote: On Wed, Jul 22, 2015 at 11:25:12AM -0600, Rich Megginson wrote: /lib64/libpthread.so.0 #1 0x7fb8544f5440 in PR_WaitCondVar () from /lib64/libnspr4.so #2 0x7fb8565f19a5 in ps_send_results ()

[Freeipa-users] LDAP to Free IPA Migration SSSD migration : example configuration of sssd.conf file?

2015-07-22 Thread Matt Koch
Hello, I’m looking for an example sssd.conf migrationconfiguration that will allow for the user to seamlessly authenticate to LDAP or freeIPA prior to installation of the freeipa client. This would be during migration to generate kerberos hashes for each user while still providing legacy LDAP

Re: [Freeipa-users] Kerberos hanging approx. once a day

2015-07-22 Thread Torsten Harenberg
Good morning, Am 22.07.15 um 19:25 schrieb Rich Megginson: On 07/22/2015 11:03 AM, Torsten Harenberg wrote: Dear Rich, Am 22.07.2015 um 17:03 schrieb Rich Megginson: It might be helpful to do a # debuginfo-install 389-ds-base ipa-server slapi-nis and follow the directions at

Re: [Freeipa-users] Failed to start pki-tomcatd Service

2015-07-22 Thread Alexandre Ellert
Le 20 juil. 2015 à 17:17, Alexander Bokovoy aboko...@redhat.com a écrit : On Mon, 20 Jul 2015, Alexandre Ellert wrote: Can you please show output from fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema # fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema This is original 'dc'