I can have the update on below LDAP error ? On Wed, Mar 11, 2020 at 6:34 PM Faraz Younus <fara...@gmail.com> wrote:
> I have added freeipa users list as well to this thread > > On Wed, Mar 11, 2020 at 6:31 PM Rob Crittenden <rcrit...@redhat.com> > wrote: > >> Faraz Younus wrote: >> > Thanks pasted the text instead of screenshots. >> >> This will work. Can you post this to the freeipa-users list? >> >> rob >> >> > >> > First failed then successful but after that LDAP broken. >> > >> > palib.install.certmonger: DEBUG: certmonger request is in state >> > dbus.String(u'CA_UNREACHABLE', variant_level=1) >> > >> > ipapython.admintool: DEBUG: File >> > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in >> > execute >> > >> > return_value = self.run() >> > >> > File >> > "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py", >> > line 62, in run >> > >> > run_with_args(api) >> > >> > File >> > "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py", >> > line 112, in run_with_args >> > >> > update_server(certs) >> > >> > File >> > "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py", >> > line 192, in update_server >> > >> > "please check the request manually" % request_id) >> > >> > >> > ipapython.admintool: DEBUG: The ipa-certupdate command failed, >> > exception: ScriptError: Error resubmitting certmonger request >> > '20200311065837', please check the request manually >> > >> > ipapython.admintool: ERROR: Error resubmitting certmonger request >> > '20200311065837', please check the request manually >> > >> > ipapython.admintool: ERROR: The ipa-certupdate command failed. >> > >> > [root@sg ansible]# kinit admin >> > >> > Password for ad...@fixedandmobile.com <mailto:ad...@fixedandmobile.com >> >: >> > >> > >> > [root@sg ansible]# klist -kt /etc/krb5.keytab >> > >> > Keytab name: FILE:/etc/krb5.keytab >> > >> > KVNO Timestamp Principal >> > >> > ---- ----------------- >> > -------------------------------------------------------- >> > >> > 3 03/11/20 07:15:51 host/sg.fixedandmobile....@fixedandmobile.com >> > <mailto:sg.fixedandmobile....@fixedandmobile.com> >> > >> > 3 03/11/20 07:15:51 host/sg.fixedandmobile....@fixedandmobile.com >> > <mailto:sg.fixedandmobile....@fixedandmobile.com> >> > >> > [root@sg ansible]# ipa-certupdate -v >> > >> > ipapython.admintool: DEBUG: Not logging to a file >> > >> > ipalib.plugable: DEBUG: importing all plugin modules in >> > ipaclient.remote_plugins.schema$79e69edd... >> > >> > ipalib.plugable: DEBUG: importing plugin module >> > ipaclient.remote_plugins.schema$79e69edd.plugins >> > >> > ipalib.plugable: DEBUG: importing all plugin modules in >> ipaclient.plugins... >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.automember >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.automount >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.ca >> > <http://ipaclient.plugins.ca> >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.cert >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.certmap >> > >> > ipalib.plugable: DEBUG: importing plugin module >> > ipaclient.plugins.certprofile >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.csrgen >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.dns >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.hbacrule >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.hbactest >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.host >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.idrange >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.internal >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.location >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.migration >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.misc >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.otptoken >> > >> > ipalib.plugable: DEBUG: importing plugin module >> > ipaclient.plugins.otptoken_yubikey >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.passwd >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.permission >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.rpcclient >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.server >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.service >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.sudorule >> > >> > ipalib.plugable: DEBUG: importing plugin module >> ipaclient.plugins.topology >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.trust >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.user >> > >> > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.vault >> > >> > ipalib.rpc: DEBUG: failed to find session_cookie in persistent storage >> > for principal 'ad...@fixedandmobile.com <mailto: >> ad...@fixedandmobile.com>' >> > >> > ipalib.rpc: INFO: trying https://sg.fixedandmobile.com/ipa/json >> > >> > ipalib.rpc: DEBUG: New HTTP connection (sg.fixedandmobile.com >> > <http://sg.fixedandmobile.com>) >> > >> > ipalib.rpc: DEBUG: received Set-Cookie (<type >> > >> 'list'>)'['ipa_session=MagBearerToken=a5woxNPqwGkbOIbov2siCoVxMmHwiE4IDTv1Q14Cyvb4h2a3Xy9PoQnQfe%2fWUvLCppJSxeVB9Q4kiQMeaWwhrwyjUfdmf%2bzjVmujGelpW%2b1FFY1ErOXKfR%2bSHWBaZUC2DSFxBDZ8xYS237VtX%2f0OkZrBMlUJc2mvioG5vkeKKvmoeBoIjFztlxlTHRh80vvfnRejxZUkvJkzmYuKJT39rw%3d%3d;path=/ipa;httponly;secure;']' >> > >> > ipalib.rpc: DEBUG: storing cookie >> > >> 'ipa_session=MagBearerToken=a5woxNPqwGkbOIbov2siCoVxMmHwiE4IDTv1Q14Cyvb4h2a3Xy9PoQnQfe%2fWUvLCppJSxeVB9Q4kiQMeaWwhrwyjUfdmf%2bzjVmujGelpW%2b1FFY1ErOXKfR%2bSHWBaZUC2DSFxBDZ8xYS237VtX%2f0OkZrBMlUJc2mvioG5vkeKKvmoeBoIjFztlxlTHRh80vvfnRejxZUkvJkzmYuKJT39rw%3d%3d;' >> > for principal ad...@fixedandmobile.com <mailto:ad...@fixedandmobile.com >> > >> > >> > ipalib.backend: DEBUG: Created connection >> context.rpcclient_139702145432656 >> > >> > ipalib.install.kinit: DEBUG: Initializing principal >> > host/sg.fixedandmobile....@fixedandmobile.com >> > <mailto:sg.fixedandmobile....@fixedandmobile.com> using keytab >> > /etc/krb5.keytab >> > >> > ipalib.install.kinit: DEBUG: using ccache /tmp/tmp-v__2gr/ccache >> > >> > ipalib.install.kinit: DEBUG: Attempt 1/1: success >> > >> > ipalib.frontend: DEBUG: raw: ca_is_enabled(version=u'2.107') >> > >> > ipalib.frontend: DEBUG: ca_is_enabled(version=u'2.107') >> > >> > ipalib.rpc: INFO: [try 1]: Forwarding 'ca_is_enabled/1' to json server >> > 'https://sg.fixedandmobile.com/ipa/json' >> > >> > ipalib.rpc: DEBUG: HTTP connection keep-alive (sg.fixedandmobile.com >> > <http://sg.fixedandmobile.com>) >> > >> > ipalib.rpc: DEBUG: received Set-Cookie (<type >> > >> 'list'>)'['ipa_session=MagBearerToken=k3UeW0CBhnYQxsMjGQXZlMLMoykL9MpMuAlwz%2bIEzsTnqSJd%2frxLN4adiTkmXRmg%2b%2b2fm75Y0YkLgQUVEG6MgbO03zo%2fulI27VKCdl8y4zhSzZXN5pfXCEf6bTU3OCdGWkLiH11iw41BWSAt2Oz5dSAFrvhHKLyzf%2bZe84BgIaLNkXPPLzs4yVlP7ysBxb1BmOjA9Zy6B6FlJf0rUAKx68RVbLPM5nCWvj7xcl0sYxFamesj%2fvA64frAlJyKuhwSUMfxwTRJQMCpuwjXjBqdZ2GO74447LXf3KUE4Pra4Do%3d;path=/ipa;httponly;secure;']' >> > >> > ipalib.rpc: DEBUG: storing cookie >> > >> 'ipa_session=MagBearerToken=k3UeW0CBhnYQxsMjGQXZlMLMoykL9MpMuAlwz%2bIEzsTnqSJd%2frxLN4adiTkmXRmg%2b%2b2fm75Y0YkLgQUVEG6MgbO03zo%2fulI27VKCdl8y4zhSzZXN5pfXCEf6bTU3OCdGWkLiH11iw41BWSAt2Oz5dSAFrvhHKLyzf%2bZe84BgIaLNkXPPLzs4yVlP7ysBxb1BmOjA9Zy6B6FlJf0rUAKx68RVbLPM5nCWvj7xcl0sYxFamesj%2fvA64frAlJyKuhwSUMfxwTRJQMCpuwjXjBqdZ2GO74447LXf3KUE4Pra4Do%3d;' >> > for principal ad...@fixedandmobile.com <mailto:ad...@fixedandmobile.com >> > >> > >> > ipapython.ipaldap: DEBUG: retrieving schema for SchemaCache >> > url=ldap://sg.fixedandmobile.com:389 <http://sg.fixedandmobile.com:389> >> > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f0ef07b8c68> >> > >> > ipalib.frontend: DEBUG: raw: ca_find(None, version=u'2.231') >> > >> > ipalib.frontend: DEBUG: ca_find(None, version=u'2.231') >> > >> > ipalib.rpc: INFO: [try 1]: Forwarding 'ca_find/1' to json server >> > 'https://sg.fixedandmobile.com/ipa/json' >> > >> > ipalib.rpc: DEBUG: HTTP connection keep-alive (sg.fixedandmobile.com >> > <http://sg.fixedandmobile.com>) >> > >> > ipalib.rpc: DEBUG: received Set-Cookie (<type >> > >> 'list'>)'['ipa_session=MagBearerToken=Nz2iaoFY1%2f9u4dZOG4va33r391H7RiJXQG4r6eIu825JBLHn8tuA78JX4dNwXeOcZ9lr0LhBRmHrYnSanDlBjjfB%2bGljqkyTdpif3AkFzbIO7YDPUXCO0aYc5tMlO4BJdr3yCoPvcZi1Qxshf7aEQoYhsswwAx%2batp3%2f8noK8yps4hn%2fZzbfrdzkQRRSNZzbz4bzOFhVbNFIgJMm%2f8KtEpnhyi6Guluq7RRXe0N3RO%2bXuQa1%2fyfBLnSsUzGGpEGxfu28PM6i9os2Ly2tZJpzxjsM%2bmrDY1BfwyxLiTXlCgQ%3d;path=/ipa;httponly;secure;']' >> > >> > ipalib.rpc: DEBUG: storing cookie >> > >> 'ipa_session=MagBearerToken=Nz2iaoFY1%2f9u4dZOG4va33r391H7RiJXQG4r6eIu825JBLHn8tuA78JX4dNwXeOcZ9lr0LhBRmHrYnSanDlBjjfB%2bGljqkyTdpif3AkFzbIO7YDPUXCO0aYc5tMlO4BJdr3yCoPvcZi1Qxshf7aEQoYhsswwAx%2batp3%2f8noK8yps4hn%2fZzbfrdzkQRRSNZzbz4bzOFhVbNFIgJMm%2f8KtEpnhyi6Guluq7RRXe0N3RO%2bXuQa1%2fyfBLnSsUzGGpEGxfu28PM6i9os2Ly2tZJpzxjsM%2bmrDY1BfwyxLiTXlCgQ%3d;' >> > for principal ad...@fixedandmobile.com <mailto:ad...@fixedandmobile.com >> > >> > >> > ipalib.install.sysrestore: DEBUG: Loading Index file from >> > '/var/lib/ipa/sysrestore/sysrestore.index' >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d >> > dbm:/etc/dirsrv/slapd-FIXEDANDMOBILE-COM -A -n FIXEDANDMOBILE.COM >> > <http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a -f >> > /etc/dirsrv/slapd-FIXEDANDMOBILE-COM/pwdfile.txt >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d >> > dbm:/etc/dirsrv/slapd-FIXEDANDMOBILE-COM -A -n >> > E=supp...@fixedandmobile.com >> > <mailto:supp...@fixedandmobile.com>,CN=sg.fixedandmobile.com >> > <http://sg.fixedandmobile.com >> >,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG >> > -t C,, -a -f /etc/dirsrv/slapd-FIXEDANDMOBILE-COM/pwdfile.txt >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/bin/systemctl is-active >> > dirsrv@FIXEDANDMOBILE-COM.service >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout=active >> > >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/bin/systemctl --system daemon-reload >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/bin/systemctl restart >> > dirsrv@FIXEDANDMOBILE-COM.service >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/bin/systemctl is-active >> > dirsrv@FIXEDANDMOBILE-COM.service >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout=active >> > >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: wait_for_open_ports: localhost [389] timeout >> 300 >> > >> > ipapython.ipautil: DEBUG: waiting for port: 389 >> > >> > ipapython.ipautil: DEBUG: SUCCESS: port: 389 >> > >> > ipaplatform.base.services: DEBUG: Restart of >> > dirsrv@FIXEDANDMOBILE-COM.service complete >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias >> > -A -n FIXEDANDMOBILE.COM <http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C >> -a >> > -f /etc/httpd/alias/pwdfile.txt >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias >> > -A -n E=supp...@fixedandmobile.com >> > <mailto:supp...@fixedandmobile.com>,CN=sg.fixedandmobile.com >> > <http://sg.fixedandmobile.com >> >,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG >> > -t C,, -a -f /etc/httpd/alias/pwdfile.txt >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout=active >> > >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/bin/systemctl restart httpd.service >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout=active >> > >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipaplatform.base.services: DEBUG: Restart of httpd.service complete >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb >> > -L -n IPA CA -a -f /etc/ipa/nssdb/pwdfile.txt >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=255 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: IPA CA >> > >> > : PR_FILE_NOT_FOUND_ERROR: File not found >> > >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb >> > -L -n External CA cert -a -f /etc/ipa/nssdb/pwdfile.txt >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=255 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: External >> > CA cert >> > >> > : PR_FILE_NOT_FOUND_ERROR: File not found >> > >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb >> > -A -n FIXEDANDMOBILE.COM <http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C >> -a >> > -f /etc/ipa/nssdb/pwdfile.txt >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb >> > -A -n E=supp...@fixedandmobile.com >> > <mailto:supp...@fixedandmobile.com>,CN=sg.fixedandmobile.com >> > <http://sg.fixedandmobile.com >> >,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG >> > -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipaplatform.redhat.tasks: INFO: Systemwide CA database updated. >> > >> > ipapython.ipautil: DEBUG: Starting external process >> > >> > ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust >> > >> > ipapython.ipautil: DEBUG: Process finished, return code=0 >> > >> > ipapython.ipautil: DEBUG: stdout= >> > >> > ipapython.ipautil: DEBUG: stderr= >> > >> > ipaplatform.redhat.tasks: INFO: Systemwide CA database updated. >> > >> > ipalib.backend: DEBUG: Destroyed connection >> > context.rpcclient_139702145432656 >> > >> > ipapython.admintool: INFO: The ipa-certupdate command was successful >> > >> > [root@sg ansible]# ipactl status >> > >> > *Unknown error when retrieving list of services from LDAP: need more >> > than 1 value to unpack* >> > >> > *[root@sg ansible]# ipactl restart* >> > >> > *Failed to read data from Directory Service: Unknown error when >> > retrieving list of services from LDAP: need more than 1 value to unpack* >> > >> > *Shutting down* >> > >> > >> > On Wed, Mar 11, 2020 at 5:36 PM Rob Crittenden <rcrit...@redhat.com >> > <mailto:rcrit...@redhat.com>> wrote: >> > >> > Faraz Younus wrote: >> > > >> > > Kindly approve this email, please >> > >> > It is nearly 5MB due to the screen shots. Please either reduce their >> > size or preferably just copy/paste the text. >> > >> > rob >> > >> > > >> > > On Wed, Mar 11, 2020 at 12:28 PM Faraz Younus <fara...@gmail.com >> > <mailto:fara...@gmail.com> >> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>> wrote: >> > > >> > > I fixed that error ipaclient is required on master server, I >> > created >> > > new master with ipaclient >> > > >> > > [root@sg ansible]# klist -kt /etc/krb5.keytab >> > > >> > > Keytab name: FILE:/etc/krb5.keytab >> > > >> > > KVNO Timestamp Principal >> > > >> > > ---- ----------------- >> > > -------------------------------------------------------- >> > > >> > > 3 03/11/20 07:15:51 >> > host/sg.fixedandmobile....@fixedandmobile.com >> > <mailto:sg.fixedandmobile....@fixedandmobile.com> >> > > <mailto:sg.fixedandmobile....@fixedandmobile.com >> > <mailto:sg.fixedandmobile....@fixedandmobile.com>> >> > > >> > > 3 03/11/20 07:15:51 >> > host/sg.fixedandmobile....@fixedandmobile.com >> > <mailto:sg.fixedandmobile....@fixedandmobile.com> >> > > <mailto:sg.fixedandmobile....@fixedandmobile.com >> > <mailto:sg.fixedandmobile....@fixedandmobile.com>> >> > > >> > > >> > > >> > > But Now Issue is that when I updating the external certificate >> > it is >> > > failing first time then it got successful however it broke the >> > LDAP. >> > > Screenshots are attached >> > > >> > > [root@sg ansible]# ipactl restart >> > > >> > > Failed to read data from Directory Service: Unknown error when >> > > retrieving list of services from LDAP: need more than 1 value >> > to unpack >> > > >> > > Shutting down >> > > >> > > >> > > Screen Shot 2020-03-11 at 12.22.40 PM.png >> > > >> > > Screen Shot 2020-03-11 at 12.23.36 PM.png >> > > >> > > On Tue, Mar 10, 2020 at 7:33 PM Robbie Harwood >> > <rharw...@redhat.com <mailto:rharw...@redhat.com> >> > > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com>>> >> wrote: >> > > >> > > Faraz Younus <fara...@gmail.com <mailto:fara...@gmail.com >> > >> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>> writes: >> > > >> > > > Yes /tmp is writable for everyone. >> > > > >> > > > drwxrwxrwt. root root 4.0K tmp >> > > > >> > > > [root@ipa5 centos]# kinit admin >> > > > >> > > > Password for ad...@fixedandmobile.com >> > <mailto:ad...@fixedandmobile.com> >> > > <mailto:ad...@fixedandmobile.com >> > <mailto:ad...@fixedandmobile.com>>: >> > > > >> > > > >> > > > The output for /etc/krb5.keytab >> > > > >> > > > >> > > > [root@ipa5 centos]# klist -kt /etc/krb5.keytab >> > > > >> > > > Keytab name: FILE:/etc/krb5.keytab >> > > > >> > > > KVNO Timestamp Principal >> > > > >> > > > ---- ----------------- >> > > > -------------------------------------------------------- >> > > >> > > Did you obfuscate this output? Can you not? >> > > >> > > It should contain an entry for >> > > host/ipa5.fixedandmobile....@fixedandmobile.com >> > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> >> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com >> > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>> . The next >> > > question is >> > > whether it matches the output of `kvno >> > > host/ipa5.fixedandmobile....@fixedandmobile.com >> > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> >> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com >> > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>>` (kinit >> first). >> > > >> > > Thanks, >> > > --Robbie >> > > >> > >> >>
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
