[Freeipa-users] Re: Problems setting up replica on Raspberry Pi 3B (ARM)

It's still running. Here's the error log from slapd during that run: [01/May/2018:19:22:24.567650453 -0500] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=42 op=5 replica="dc=company,dc=internal": Unable to acquire replica: error: permission denied [01/May/

[Freeipa-users] Re: Problems setting up replica on Raspberry Pi 3B (ARM)

Jonathan Vaughn wrote: Here's the output from ipa-replica-install : # ipa-replica-install WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd Password for admin@COMPANY.INTERNAL: Run connection check to master Connection check OK Configuring NTP da

[Freeipa-users] Re: CA_UNREACHABLE during ipa-replica-install

Jan Gardian via FreeIPA-users wrote: Hello, Do you have some idea why we get "Certificate Authority not found" ? IPA proxies requests to the CA through tomcat. Not Found means that the CA webapp wasn't running in tomcat. You can try restarting pki-tomcatd and seeing what errors are reported

[Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5)

thierry bordaz wrote: Hi Soler, Thanks for the information. So indexing is hanging because SC cache_init is running, the SC cache_init is hanging because SSSD is not started, SSSD is not started possibly because indexing prevents to get read access to the backend ("Backend is offline" TBC).

[Freeipa-users] Re: Named not pulling authoritative zones from LDAP

Thank you, John! That did the trick! named properly starts and grabs all authoritative zones from LDAP now. Appreciate the assistance! On Wed, May 2, 2018 at 3:19 PM John Duino wrote: > I have this problem from time to time and had just assumed it was > something relating to my setup. Yesterday

[Freeipa-users] Re: Server install fails on Ubuntu due to missing crypto.fips_enabled

On 03.05.2018 13:07, Kees Bakker via FreeIPA-users wrote: > Hey, > > Trying to do a test installation of a FreeIPA server on Ubuntu 18.04. > It fails setting up the certificate server (pki-tomcatd). > > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >   [1/28]: configurin

[Freeipa-users] Re: Problems Creating a Replica

Brian Weaver wrote: On Thu, May 3, 2018 at 10:45 AM, Rob Crittenden > wrote: Brian Weaver via FreeIPA-users wrote: So given that 4.6 wasn't going to work nicely with F28, I decided to rollback to F27. I also DID NOT use the COPR repo; j

[Freeipa-users] Re: Problems Creating a Replica

On Thu, May 3, 2018 at 10:45 AM, Rob Crittenden wrote: > Brian Weaver via FreeIPA-users wrote: > >> So given that 4.6 wasn't going to work nicely with F28, I decided to >> rollback to F27. I also DID NOT use the COPR repo; just what was stock with >> F27. I'm still unable to create a replica. I g

[Freeipa-users] Re: Problems Creating a Replica

Brian Weaver via FreeIPA-users wrote: So given that 4.6 wasn't going to work nicely with F28, I decided to rollback to F27. I also DID NOT use the COPR repo; just what was stock with F27. I'm still unable to create a replica. I get the following error on the replica install. Configuring ipa-c

[Freeipa-users] Re: Server install fails on Ubuntu due to missing crypto.fips_enabled

On 03-05-18 16:42, Alexander Bokovoy wrote: > On to, 03 touko 2018, Kees Bakker via FreeIPA-users wrote: >> On 03-05-18 16:08, Alexander Bokovoy wrote: >>> If Ubuntu 18.04 has Tomcat 8.5, you are not going to get it working with >>> the current release of FreeIPA. >>> >>> We have been working on Fr

[Freeipa-users] Re: Server install fails on Ubuntu due to missing crypto.fips_enabled

On to, 03 touko 2018, Kees Bakker via FreeIPA-users wrote: On 03-05-18 16:08, Alexander Bokovoy wrote: If Ubuntu 18.04 has Tomcat 8.5, you are not going to get it working with the current release of FreeIPA. We have been working on FreeIPA 4.7 for about a half a year now and only recently dogta

[Freeipa-users] Re: Server install fails on Ubuntu due to missing crypto.fips_enabled

On 03-05-18 16:08, Alexander Bokovoy wrote: > If Ubuntu 18.04 has Tomcat 8.5, you are not going to get it working with > the current release of FreeIPA. > > We have been working on FreeIPA 4.7 for about a half a year now and only > recently dogtag got support for tomcat 8.5. There are still bits an

[Freeipa-users] Re: CA install on replica fails - Clone URI does not match...

I assume the issue here is with the command... https://pci-mgmt-ipa01.pci.xx.com:443/ca/admin/ca/getDomainXML Which returns... domain info: IPA00 I notice that all the SubsystemCount values are 0. I'm guessing that is what is causing the ipa-ca-install command to throw the Clone URI doe

[Freeipa-users] Re: Server install fails on Ubuntu due to missing crypto.fips_enabled

On to, 03 touko 2018, Kees Bakker via FreeIPA-users wrote: On 03-05-18 12:07, Kees Bakker via FreeIPA-users wrote: Hey, Trying to do a test installation of a FreeIPA server on Ubuntu 18.04. It fails setting up the certificate server (pki-tomcatd). Configuring certificate server (pki-tomcatd).

[Freeipa-users] Re: Problems Creating a Replica

So given that 4.6 wasn't going to work nicely with F28, I decided to rollback to F27. I also DID NOT use the COPR repo; just what was stock with F27. I'm still unable to create a replica. I get the following error on the replica install. Configuring ipa-custodia [1/4]: Generating ipa-custodia co

[Freeipa-users] Re: Server install fails on Ubuntu due to missing crypto.fips_enabled

On 03-05-18 12:07, Kees Bakker via FreeIPA-users wrote: > Hey, > > Trying to do a test installation of a FreeIPA server on Ubuntu 18.04. > It fails setting up the certificate server (pki-tomcatd). > > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >   [1/28]: configuring ce

[Freeipa-users] Server install fails on Ubuntu due to missing crypto.fips_enabled

Hey, Trying to do a test installation of a FreeIPA server on Ubuntu 18.04. It fails setting up the certificate server (pki-tomcatd). Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes   [1/28]: configuring certificate server instance ipaserver.install.dogtaginstance: CRITICAL

[Freeipa-users] Re: CA_UNREACHABLE during ipa-replica-install

Hello, Do you have some idea why we get "Certificate Authority not found" ? Thanks. With kind regards. Jan Gardian On 04/26/2018 10:57 AM, Jan Gardian via FreeIPA-users wrote: Hello, Permission of cert files at ipa2 and ipa3 are ok. I was installing replica under admin user. Master CA shoul

[Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5)

Hi Soler, Thanks for the information. So indexing is hanging because SC cache_init is running, the SC cache_init is hanging because SSSD is not started, SSSD is not started possibly because indexing prevents to get read access to the backend ("Backend is offline" TBC). An option would be to

[Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5)

Hello Thierry, The version is: slapi-nis-0.56.0-8.el7.x86_64 And the errors are: [02/May/2018:13:04:30.089731032 +0200] - ERR - schema-compat-plugin - group "xxx...@ipa.example.org" does not exist because SSSD is offline. [02/May/2018:13:04:30.093169411 +0200] - ERR - schema-compat-plugin - wait

[Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5)

me again ... If it exists some logs (/var/log/dirsrv/slapd-/errors) during the hanging period it could also indicate the reason what Schema compat was waiting for (SSSD ?) On 05/03/2018 10:38 AM, SOLER SANGUESA Miguel wrote: hello, Yesterday my ssh console closed the connection, so I had to

[Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5)

On 05/03/2018 10:38 AM, SOLER SANGUESA Miguel wrote: hello, Yesterday my ssh console closed the connection, so I had to start again the "ipa-server-upgrade", but the result is more or less the same: # ipa-server-upgrade Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/10]: stopping d

[Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5)

hello, Yesterday my ssh console closed the connection, so I had to start again the "ipa-server-upgrade", but the result is more or less the same: # ipa-server-upgrade Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/10]: stopping directory server [2/10]: saving configuration [3/10]: d

[Freeipa-users] Re: Problem on dirsrv when updating from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5)

Hi, During indexing task we should see in the task status the periodic progression of the indexing. May be the indexing is hanging somewhere. When the problem occurs could you provide a pstack of the dirsrv server ? best regards thierry On 05/02/2018 10:27 PM, Rob Crittenden wrote: SOLER SA