Hello,
My existing FreeIPA 3.0 (CentOS 6) setup is as follows:
Kerberos Realm: test.com
I have several DNS zones
test.com
dev.test.com
stage.test.com
qa.test.com
prod.test.com
mgmt.test.com
ipa01.mgmt.test.com - FreeIPA 3.0 Master
ipa02.mgmt.test.com - FreeIPA 3.0 Replica
The FreeIPA servers ac
The error is telling you that a DNS entry already exists for the hostname
you want the CNAME. A DNS record can only have one record type. Meaning
is you have 1.2.3.4 points to test.example.com you cannot have
test.example.com also be a CNAME for foo.example.com.
*Mike Plemmons | Senior DevOps
I am trying to get FreeIPA LDAP to work when behind a load balancer and
using SSL and I do not understand how I am supposed to get the server to
use a certificate I created that has a SAN created.
FreeIPA 4.4.0 on CentOS 7
Here is what I have:
ipa-master.dev.crosschx.com - master
ipa-replica.dev.
main
> service and this creates a signed SAN cert that you can upload later to
> your LB.
>
> In simple words the service is assigned to all hosts but those hosts have
> also a service added(this is a hack).
>
> Hope that makes sense and helps solving your problem.
>
I have a three node IPA cluster.
ipa11.mgmt - was a master over 6 months ago
ipa13.mgmt - current master
ipa12.mgmt
ipa13 has agreements with ipa11 and ipa12. ipa11 and ipa12 do not have
agreements between each other.
It appears that either ipa12.mgmt lost some level of its replication
agreemen
neer | CROSSCHX*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com
On Wed, May 3, 2017 at 5:28 PM, Michael Plemmons <
michael.plemm...@crosschx.com> wrote:
> I have a three node IPA cluster.
>
> ipa11.mgmt - was a master over 6 months ago
> ipa13.mgmt - current master
> ipa12.m
Engineer | CROSSCHX*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com
On Wed, May 3, 2017 at 10:16 PM, Michael Plemmons <
michael.plemm...@crosschx.com> wrote:
> I realized that I was not very clear in my statement about testing with
> ldapsearch. I had initially run it without log
9560051000
*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com
On Wed, May 3, 2017 at 10:52 PM, Michael Plemmons <
michael.plemm...@crosschx.com> wrote:
> I ran another test. I started IPA with the ignore service failure
I just realized that I sent the reply directly to Rob and not to the list.
My response is inline
*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com
On Thu, May 4, 2017 at 9:39 AM, Michael Plemmons <
michael.plemm...@crosschx.com>
>From the server running Qradar can you ping the IPA server? Are you able
to telnet to port 389 or 636 of the IPA server. The error says it can't
contact the LDAP server which usually means you have not gotten to the
point of authentication yet.
*Mike Plemmons | Senior DevOps Engineer | CROS
>
>
>
> Sean Hogan
>
>
>
>
>
>
>
> [image: Inactive hide details for Michael Plemmons ---05/08/2017 01:21:17
> PM--->From the server running Qradar can you ping the IPA ser]Michael
> Plemmons ---05/08/2017 01:21:17 PM--->From the server running Qradar c
I am currently running 4.4.0 on a three node cluster. My domain level is
currently 0 on all three nodes. Is there a reason to keep the domain level
at 0? I do not plan on adding any older versions of IPA into the cluster.
Is there anything I need to worry about if I elevate the domain level to 1
...@crosschx.com
www.crosschx.com
On Thu, May 11, 2017 at 4:13 AM, Martin Bašti wrote:
>
>
> On 10.05.2017 22:42, Michael Plemmons wrote:
>
> I am currently running 4.4.0 on a three node cluster. My domain level is
> currently 0 on all three nodes. Is there a reason to keep the domain level
mike.plemm...@crosschx.com
www.crosschx.com
On Thu, May 11, 2017 at 8:35 AM, Michael Plemmons <
michael.plemm...@crosschx.com> wrote:
> Thank you for the reply. Is there a specific order I should perform the
> DL upgrade? Should I upgrade the master first then the replicas? Do
*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com
On Thu, May 18, 2017 at 8:02 AM, Florence Blanc-Renaud
wrote:
> On 05/15/2017 08:33 PM, Michael Plemmons wrote:
>
>> I have done more searching in my logs and I see the foll
, May 18, 2017 at 10:28 AM, Florence Blanc-Renaud
wrote:
> On 05/18/2017 03:49 PM, Michael Plemmons wrote:
>
>>
>>
>>
>>
>> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX
>> *
>> 614.427.2411
>> mike.plemm...@crosschx.com <mai
16 matches
Mail list logo