Hi Andrey,
it looks really similar to the issue
https://bugzilla.redhat.com/show_bug.cgi?id=1590974
Can you check the access log and error log on the IPA server
server-01.example.com? It seems that the issue happens when the replica
installer tries to create the entry cn=changelog5,cn=config
Hi guys,
This is a new install, software used is:
ipa-server.x86_644.8.4-7.module+el8.2.0+6046+aaa49f96
389-ds-base.x86_64 1.4.2.4-8.module+el8.2.0+5959+cfcaedbd
I followed the install instructions in the documentation, and
everything went fine. I haven't added any users or groups yet.
I h
john doe via FreeIPA-users wrote:
> Are there any options to deploy it within an existing domain with the
> constraints being:
>
> - no domain delegation
DNS domain delegation? Do you mean it doesn't delegate any domains or it
doesn't require delegation?
> - write access to the applicable zone
Are there any options to deploy it within an existing domain with the
constraints being:
- no domain delegation
- write access to the applicable zone file prohibited
- registering/using an external domain impossible; also no external nameserver
access
- FreeIPA allowing for no single label doma
Sergiy Genyuk via FreeIPA-users
writes:
> Thank you for your reply, I do have ipv6 disabled and in capture do not see
> failed attempts.
> In capture it is only ipv4:
>
> 1 0.0 xx.xx.xx.xx -> yy.yy.yy.yy RADIUS 117 Access-Request(1)
> (id=214, l=75)
> 2 7.889686902 yy.yy.yy.yy ->
Thanks for that info, I don't see any suspicious errors in startup that I
haven't seen before. Just the following:
- Token named "NSS Generic Crypto Services", not "NSS Certificate DB",
skipping.
- Error opening "/etc/httpd/alias/pwdfile.txt": No such file or directory.
I don't think either of th
Alfred Victor via FreeIPA-users wrote:
> Hi FreeIPA,
>
> We are testing an IPA deployment and regularly using expect to perform
> ipa migrate-ds commands to keep the IPA environment refreshed. However,
> I cannot seem to get any log trail of the migrates...it is proving
> difficult in expect to ca
Ilya Kogan wrote:
> Wow ok, that was easy. `getcert list` now reports correct expiration
> dates for those certificates and they're all in MONITORING. It still has
> that ca-error field although it's no longer trying to renew. Is that
> going to be an issue or is it just going to try again when it'
Hi FreeIPA,
We are testing an IPA deployment and regularly using expect to perform ipa
migrate-ds commands to keep the IPA environment refreshed. However, I
cannot seem to get any log trail of the migrates...it is proving difficult
in expect to capture/log the output, and there appears to be no lo
White, Daniel E. (GSFC-770.0)[NICS] wrote:
> For your amusement:
>
> Red Hat Support referred me to
>
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1273040 (A RHEL 7 RFE)
>
>
>
> and
>
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1654395 (The same RFE,
> pushed to RHEL 8)
IMH
Florence,
Thank you for answering this. Still no luck yet, out of options where to look
at:
BEFORE:
[root@server-02 ~]# ipa-server-install --uninstall
---8<--8<--8<---
Client uninstall complete.
The ipa-client-install command was successful
[root@ipa-server-02 ~]#
[root@ipa-server-02 ~]#
Wow ok, that was easy. `getcert list` now reports correct expiration dates
for those certificates and they're all in MONITORING. It still has that
ca-error field although it's no longer trying to renew. Is that going to be
an issue or is it just going to try again when it's time to renew and
succee
For your amusement:
Red Hat Support referred me to
https://bugzilla.redhat.com/show_bug.cgi?id=1273040 (A RHEL 7 RFE)
and
https://bugzilla.redhat.com/show_bug.cgi?id=1654395 (The same RFE, pushed to
RHEL 8)
…, saying, "You can also set a policy to automatically disable an account if
the pas
Hi Jochen,
Thank you for your reply, I do have ipv6 disabled and in capture do not see
failed attempts.
In capture it is only ipv4:
1 0.0 xx.xx.xx.xx -> yy.yy.yy.yy RADIUS 117 Access-Request(1)
(id=214, l=75)
2 7.889686902 yy.yy.yy.yy -> xx.xx.xx.xx RADIUS 90 Access-Accept(2)
(i
Hello Sergiy,
Sergiy Genyuk via FreeIPA-users
writes:
> I have setup radius proxy (DUO) and associate user with it. Everything works
> except radius
> timeout. It is 5 seconds and you have to be blazing fast to push the button
> :-)
> I did adjust radius timeout in freeipa to 30 seconds but
Hello
I have setup radius proxy (DUO) and associate user with it. Everything works
except radius
timeout. It is 5 seconds and you have to be blazing fast to push the button :-)
I did adjust radius timeout in freeipa to 30 seconds but it is still 5
seconds. As well I
have tried a trick with krb.
On 7/6/20 7:59 PM, Ilya Kogan via FreeIPA-users wrote:
Hi,
Thanks for the help so far! I've actually run `ipa-cert-fix` on both
nodes, it says everything is ok on both nodes. When I run it with
verbose mode, it spits out the command it's running and the certificate
it got, for example:
Hello,
I've been working with idm ad integration for some time now.
But one thing has always confused me.
In all the docs it will tell you to check the dns to see if the dns records
resolve.
dig +short -t SRV _kerberos._udp.idm.example.com.
dig +short -t SRV _ldap._tcp.idm.example.com.
dig +short
18 matches
Mail list logo
