Re: [Freeipa-users] Failed to remove host
On 11/26/2014 08:33 AM, Vaclav Adamec wrote: Hi, I'm encounter strange behavior, I run host removing from web UI and it failed with error Some entries were not deleted : host not found but it's still showing in list. Via cmd: ipa host-find -- 1 host matched -- Host name: Principal name: host/@ Password: True Member of host-groups: all Indirect Member of netgroup: Indirect Member of HBAC rule: Keytab: True Number of entries returned 1 ipa host-del ipa: ERROR: : host not found can you please advice ? Thanks a lot Vasek freeipa-server-4.1.0-1.fc20.x86_64 ipa-client-3.0.0-42.el6.centos.x86_64 Vasku, I suspect there was a replication conflict and this particular host has modified DN. You can verify with # ipa host-find --all --raw | grep dn: If this is the case, you can find some hints how to remove replication conflicts here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#repl-conflicts HTH, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Failed to remove host
Thanks, that's it. Not very clear how to fix it (example with uid converted to host issue is not working) but at least I known what's wrong Vasek On Wed, Nov 26, 2014 at 8:58 AM, Martin Kosek mko...@redhat.com wrote: On 11/26/2014 08:33 AM, Vaclav Adamec wrote: Hi, I'm encounter strange behavior, I run host removing from web UI and it failed with error Some entries were not deleted : host not found but it's still showing in list. Via cmd: ipa host-find -- 1 host matched -- Host name: Principal name: host/@ Password: True Member of host-groups: all Indirect Member of netgroup: Indirect Member of HBAC rule: Keytab: True Number of entries returned 1 ipa host-del ipa: ERROR: : host not found can you please advice ? Thanks a lot Vasek freeipa-server-4.1.0-1.fc20.x86_64 ipa-client-3.0.0-42.el6.centos.x86_64 Vasku, I suspect there was a replication conflict and this particular host has modified DN. You can verify with # ipa host-find --all --raw | grep dn: If this is the case, you can find some hints how to remove replication conflicts here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#repl-conflicts HTH, Martin -- -- May the fox be with you ... /\ (~( ) ) /\_/\ (_=---_(@ @) ( \ / /|/\|\ V -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] Failed to remove host
Hi, I'm encounter strange behavior, I run host removing from web UI and it failed with error Some entries were not deleted : host not found but it's still showing in list. Via cmd: ipa host-find -- 1 host matched -- Host name: Principal name: host/@ Password: True Member of host-groups: all Indirect Member of netgroup: Indirect Member of HBAC rule: Keytab: True Number of entries returned 1 ipa host-del ipa: ERROR: : host not found can you please advice ? Thanks a lot Vasek freeipa-server-4.1.0-1.fc20.x86_64 ipa-client-3.0.0-42.el6.centos.x86_64 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] Failed to remove host (Some entries were not deleted)
Hi, I've got an issue where I can't seem to remove a host from my freeipa install. It gives me an error: Certificate operation cannot be completed: EXCEPTION (Certificate serial number 0xfff0006 not found) I thought it might be a replica issue, so I forced sync and also tried re-initializing the replica but no luck. Any suggestions? Thanks, Andrew ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Failed to remove host (Some entries were not deleted)
Andrew Lau wrote: Hi, I've got an issue where I can't seem to remove a host from my freeipa install. It gives me an error: Certificate operation cannot be completed: EXCEPTION (Certificate serial number 0xfff0006 not found) I thought it might be a replica issue, so I forced sync and also tried re-initializing the replica but no luck. Any suggestions? Deleting a host does a number of additional things: - revokes the certificate for the host if it exists - deletes the services for that host, revoking their certificates as needed So in this case the host has a certificate associated with it and revocation is failing because the CA doesn't have a record of this certificate. If you can be sure that the certificate is not in the IPA CA you can clear the value with: # ipa host-mod --certificate= test.example.com This passes an empty value to --certificate which results in removing the value. Then you should be able to delete the host. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Failed to remove host (Some entries were not deleted)
On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden rcrit...@redhat.comwrote: Andrew Lau wrote: Hi, I've got an issue where I can't seem to remove a host from my freeipa install. It gives me an error: Certificate operation cannot be completed: EXCEPTION (Certificate serial number 0xfff0006 not found) I thought it might be a replica issue, so I forced sync and also tried re-initializing the replica but no luck. Any suggestions? Deleting a host does a number of additional things: - revokes the certificate for the host if it exists - deletes the services for that host, revoking their certificates as needed So in this case the host has a certificate associated with it and revocation is failing because the CA doesn't have a record of this certificate. If you can be sure that the certificate is not in the IPA CA you can clear the value with: # ipa host-mod --certificate= test.example.com This passes an empty value to --certificate which results in removing the value. Then you should be able to delete the host. rob Thanks that worked. Andrew. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users