I am running my set up on AWS cloud, and entropy is low at around 180 .
I plan to increase it bu installing haveged . But, would low entropy by any
chance cause this issue of intermittent hang .
Also, the hang is mostly observed when registering around 20 clients
On Fri, Aug 19, 2016 at
On 08/18/2016 04:16 PM, Deepak Dimri wrote:
> Hi All,
> While trying to automate IPA client registration programatically, i seems
> made my admin password out of sync between KDC and
This looks confusing, admin password and /etc/krb5.keytab do not look related.
On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
> I am migrating to freeipa from openldap and have around 4000 clients
> I had openned a another thread on that, but chose to start a new one here
> as its a separate issue
> I was able to change the nssslapd-maxdescriptors adding an
On 18.8.2016 23:36, Diogenes S. Jesus wrote:
> Thanks Petr.
> It seems like the only way to do it right now is to dump the keytab and
> copy it to slave KDCs, as I couldn't find a way to have MIT Kerberos to use
> the master key stored in the LDAP directly.
That is expected. If you want, just
On Fri, Aug 19, 2016 at 10:20:48AM +, Christophe TREFOIS wrote:
> We have a 3 way replica against one master. So there is only agreements
> between 1 and 2 and 1 and 3.
> Since recently sometimes the master does not allow me to login anymore,
> whereas I can login fine to 2 and
Managed to fix it: had to stop dirsrv@IPA-RDMEDIA-COM and put the server's
hostname on the line with nsslapd-localhost
Then run ipa-replica-manage re-initialize --from
On 19 August 2016 at 12:14, Tiemen Ruiten wrote:
> I see lots of messages
The web UI, and also services that are connected to FreeIPA via LDAP gave me an
invalid credentials error.
I have this 2-3 times in the past days.
I can not see anything in error log or any other log for the times i tried to
I have no idea what could go wrong….
I did actually use a local dse.ldif in the end, but I forgot to stop dirsrv
while replacing it, so maybe the nsslapd-localhost line got updated by the
On 19 August 2016 at 15:59, Petr Spacek wrote:
> On 19.8.2016 15:26, Tiemen Ruiten wrote:
> > Managed to fix
On 08/18/2016 05:28 PM, John Desantis wrote:
unfortunately this is not enough to determine what is going on. The
intersting generated/used csn is only logged in the
corresponding RESULT message and these are only the replication connections,
it would be necessary to see the
yes there seems to be something thats worrying.. I have faced this today as
There are few hosts around 280 odd left and when i try adding them to IPA ,
the slowness begins..
all the ipa commands like ipa user-find.. etc becomes very slow in
the SYNC_RECV are not many though
On 19.8.2016 15:26, Tiemen Ruiten wrote:
> Managed to fix it: had to stop dirsrv@IPA-RDMEDIA-COM and put the server's
> hostname on the line with nsslapd-localhost
Uh, this is quite brutal. There might be some other server-specific options.
If you can dig up older dse.ldif from the same server,
I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors, looks
definitely like an issue with dirsrv.
On 19 August 2016 at 11:43, Tiemen Ruiten wrote:
> I see I didn't use the right terminology: all four of my FreeIPA servers
> are masters.
> On 19 August 2016
I need some help getting one of my replica's to work. Assistance would be
After the iSCSI volumes of two replicas of were briefly unavailable, on one
of them DNS and LDAP stopped working and replication seems to have stopped.
The ipa service failed with a message that an
I see I didn't use the right terminology: all four of my FreeIPA servers
On 19 August 2016 at 11:36, Tiemen Ruiten wrote:
> I need some help getting one of my replica's to work. Assistance would be
> much appreciated.
> After the iSCSI volumes of
We have a 3 way replica against one master. So there is only agreements between
1 and 2 and 1 and 3.
Since recently sometimes the master does not allow me to login anymore, whereas
I can login fine to 2 and 3. After a few minutes everything comes back to
normal and it works.
=== SSSD 1.14.1 ===
The SSSD team is proud to announce the release of version 1.14.1 of
the System Security Services Daemon.
As always, the source is available from https://fedorahosted.org/sssd
RPM packages will be made available for Fedora shortly.
== Feedback ==
On 19.8.2016 16:13, Tiemen Ruiten wrote:
> I did actually use a local dse.ldif in the end, but I forgot to stop dirsrv
> while replacing it, so maybe the nsslapd-localhost line got updated by the
> running dirsrv?
Yes, that is possible. dirsrv can write to dse.ldif at run-time.
> On 19 August
> you still only grep the replication connection, but before being replicated
> the entry has to be added by some client connection, can you get all
> references to the entry ?
> the log snippet you provide shows also csns with tag=103, which indicate a
> MOD, are these MODs for the added
Mail list logo