[Freeipa-users] New DNS Record - Create Reverse Option Fails

2023-05-30 Thread Jeff Hochberg via FreeIPA-users
Hello, I have an odd issue that just cropped up... I've been using FreeIPA for the past two or three months. I'm using it both for user/group membership as well as for internal DNS. Any time I try to add an A record with the "Create reverse" option checked, I see the "waiting" message for abou

[Freeipa-users] ldap_sasl_interactive_bind_s: Inappropriate authentication (48) - help debugging

2023-05-30 Thread Radoslaw Kujawa via FreeIPA-users
Hello list. I am trying to understand a reason for certificate-based authentication failure to one of my directory servers. A have 3 IPA replicas running on CentOS 7. After running yum update on one of the nodes, PKI Tomcat failed to start. That system was not updated for last year or so, so

[Freeipa-users] Re: dns suddenly not happy with DNSSEC

2023-05-30 Thread lejeczek via FreeIPA-users
On 30/05/2023 12:23, Alexander Bokovoy wrote: On Tue, 30 May 2023, lejeczek via FreeIPA-users wrote: On 30/05/2023 10:43, Alexander Bokovoy wrote: On Mon, 29 May 2023, lejeczek via FreeIPA-users wrote: Hi guys. That is on first master which was happy for short while and then suddenly:

[Freeipa-users] Re: dns suddenly not happy with DNSSEC

2023-05-30 Thread Alexander Bokovoy via FreeIPA-users
On Tue, 30 May 2023, lejeczek via FreeIPA-users wrote: On 30/05/2023 10:43, Alexander Bokovoy wrote: On Mon, 29 May 2023, lejeczek via FreeIPA-users wrote: Hi guys. That is on first master which was happy for short while and then suddenly: ... 29-May-2023 12:38:23.597 info: client @0x7f64

[Freeipa-users] Re: dns suddenly not happy with DNSSEC

2023-05-30 Thread lejeczek via FreeIPA-users
On 30/05/2023 10:43, Alexander Bokovoy wrote: On Mon, 29 May 2023, lejeczek via FreeIPA-users wrote: Hi guys. That is on first master which was happy for short while and then suddenly: ... 29-May-2023 12:38:23.597 info: client @0x7f6484005538 127.0.0.1#43235 (onet.pl): query failed (broke

[Freeipa-users] Re: Need some advice on current Replica Best Practices (LDAP only, no AD)

2023-05-30 Thread Alexander Bokovoy via FreeIPA-users
On Tue, 30 May 2023, Chris Cowan via FreeIPA-users wrote: I work for a large corporation where we like to switch from OpenLDAP (with Krb5) to RedHat idM. I'll call it xyz.com The IAM system we are refactoring was setup more than a decade ago, and based on OpenLDAP. We had a primary or master

[Freeipa-users] Re: dns suddenly not happy with DNSSEC

2023-05-30 Thread Alexander Bokovoy via FreeIPA-users
On Mon, 29 May 2023, lejeczek via FreeIPA-users wrote: Hi guys. That is on first master which was happy for short while and then suddenly: ... 29-May-2023 12:38:23.597 info: client @0x7f6484005538 127.0.0.1#43235 (onet.pl): query failed (broken trust chain) for onet.pl/IN/A at ../../../lib/

[Freeipa-users] Re: repl conflict which is not there - ?

2023-05-30 Thread lejeczek via FreeIPA-users
On 30/05/2023 08:21, Florence Blanc-Renaud wrote: Hi, On Fri, May 26, 2023 at 10:26 PM lejeczek via FreeIPA-users wrote: Hi guys. for what 'ipa-healthcheck' complains of:   {     "source": "ipahealthcheck.ds.replication",     "check": "ReplicationCheck",     "resu