again as in 3.
doesnt change the file.
On Thursday, February 27, 2020, 10:12:29 AM EST, Rob Crittenden
wrote:
pgb205 via FreeIPA-users wrote:
> 1. ipa client 4.6.5-11.el7
> 2. one of the lines in sshd.conf is reverted to the default option.
> specifically port number. Almost s
wrote:
pgb205 via FreeIPA-users wrote:
> 1. Happens on RHEL/Centos only(other distros are not affected)
> 2. Happens only during the first attempted install of ipa-client
> package. If we try to reinstall the sshd.conf is not modified.
> 3. We tried with --no-sshd flag to
1. Happens on RHEL/Centos only(other distros are not affected)
2. Happens only during the first attempted install of ipa-client package. If we
try to reinstall the sshd.conf is not modified.3. We tried with --no-sshd flag
to prevent sshd configuration
as suggested in the following ticket
[Freeipa
Fedora 26Freeipa 4.4
When trying to start ipactl I get the below output which never ceases. Seems
like it may have a few things in common with other dirsrv issues that we've
benhaving on our other CENTOS replicas.
ipactl -d statusipa: DEBUG: importing all plugin modules in
ipaserver.plugins..
I've had a short conversation about this in irc channel, but figured I'd open a
ticket to keep a track of things.
We are trying to reinstall a replica (replica-x1) but it errors out with the
above error message. The logs of ipa-replica-install.log are belowI've tried
following a similar issue he
ailed to read service file. Hostname does
not match any master server in LDAP
pgb205 via FreeIPA-users wrote:
> I have also checked on the neighboring replica and can see the broken
> server in
>
> ldapsearch -b "cn=masters, cn=ipa, cn=etc, dc=domain,dc=local" -D
the information. Just somehow broken replica
loses its own hostname in this list.
From: Rob Crittenden
To: pgb205 ; FreeIPA users list
Sent: Thursday, December 28, 2017 2:26 PM
Subject: Re: [Freeipa-users] Failed to read service file. Hostname does not
match any master server in LDA
-f)
If dirsrv is stopped you should look for a core or some indication of
why it is stopped.
rob
>
>
>
> *From:* Rob Crittenden
> *To:* pgb205 ; FreeIPA users list
>
> *Sent:* Thursday, December 28, 2017 2:26 PM
> *Subject:* Re: [Fr
ervice file. Hostname does not
match any master server in LDAP
pgb205 via FreeIPA-users wrote:
> Hello everyone.
>
> Periodically and seemingly at random our replicas crash with the above
> error. Dirsrv shows as stopped and restarting doesn't help.
> Someone suggested
Hello everyone.
Periodically and seemingly at random our replicas crash with the above error.
Dirsrv shows as stopped and restarting doesn't help.Someone suggested earlier
that this is due to problems with topology plugin but I don't think that the
cause as we are still ondomainlevel=0.
I'm not
We have experienced several cases of end users not being able to authenticate.
While investigating I've found that I can not obtain kinit credentials on the
local freeipa replicaipactl however shows all processes including Directory
Server as running. Doing ipactl restart hangs but service ipa
Get this error when trying to restart ipa service on apparently not working
replica.
This iscat /etc/redhat-releaseCentOS Linux release 7.3.1611
(Core)andipa-server-4.4.0-14.el7.centos.7.x86_64
and389-ds-base-1.3.5.10-20.el7_3.x86_64
ausearch -m avc -ts today
slapd log shows the following
[22/S
Rob, sorry to nag but did you hear anything from dogtag developers? Or instead
of bothering you can I deal with them directly, maybe?
thank you
From: Rob Crittenden
To: FreeIPA users list
Cc: pgb 205
Sent: Thursday, August 24, 2017 10:27 AM
Subject: Re: [Freeipa-users] Re: CA install
I've tried installing in two different waysfirst as a part of full replica
install. IE ipa-replica-install --setup-ca --no-forwarders -p
replica.gpg this failed on step 8 [8/27]: starting certificate server
instanceipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart
the D
so far we have pure domainlevel0 consisting of Centos7 servers. The plan is to
add Fedora Server 26 which will initially also be at domanlevel0.
Are there any pitfalls that we should watch out for with these two different
versions of OS?
thank you___
Fr
We have observed the following situationreplication agreement between server1
and server2 exists
ipa-replica-manage list server2>server1
However some of the users, hosts etc that are added on server1 are not making
it to server2.
In sssd/error logs I can see the following which looks relevant:
we are affected by the CSN time skew bug discussed in this
wikihttp://directory.fedoraproject.org/docs/389ds/howto/howto-fix-and-reset-time-skew.html#so-how-does-the-time-skew-grow-at-all
andhttps://bugzilla.redhat.com/show_bug.cgi?id=1009122
We are on CentOS Linux release 7.3.1611 (Core)ipa-
Jakub,
After doing some more troubleshooting I agree that there is no problem with
having multiple kdc servers.However, having more than one non-functional
master_kdc is what's causing the failure.
server1 and server2 are down. server3 is up
this works.
kdc=server1kdc=server2kdc=server3master_
small update as I've managed to narrow things down.
the following will NOT work
[realms]kdc=server1kdc=server2kdc=server3kdc=server4master_kdc=server1master_kdc=server2master_kdc=server3master_kdc=server4
when server1 and server2 are down on the network. server3 and server4 are up
and functional
b
Jacub, yes we do have a one way trust between AD->FreeIPA. That explainswhy
krb5.conf is used instead of the sssd.conf _srv_ to retrieve DNS records.
Can you also please comment on why I'm only getting lookups on the first two
kdc's listed in krb5.conf
thank you so much and I'm bookmarking your b
Sumit, thank you very much for this. Very helpful, but I am still not seeing
the problem
So at first I will try with the following in krb5.confkdc=server1 <--shut
off on the network#kdc=server2 <--shut off on the network and commented out
in krb5.confkdc=server3 <--up and running
As far as I know krb5.conf does not have limitations on the number of KDCs that
can be listedhttps://web.mit.edu/kerberos/krb5-1krb5_conf.html
I have 3 servers that I would like to be read. I have no problem with at least
two being listed there.kdc=server1kdc=server2
when I shutdown server1 a
we have 4 servers for redundancy in krb5.confkdc= server1kdc= server2kdc=
server3kdc=
server4master_kdc=server1master_kdc=server2master_kdc=server3master_kdc=server4admin_server=server1admin_server=server2admin_server=server3admin_server=server4
servers 1 and 2 are shutdown. I am unable to get
From: Rob Crittenden
To: pgb205 ; FreeIPA users list
Sent: Thursday, June 1, 2017 4:34 PM
Subject: Re: [Freeipa-users] ipa-server-upgrade stuck
pgb205 via FreeIPA-users wrote:
> I have tried to start an apparently crashed instance of ipa server
Define crashed, and what vers
I have tried to start an apparently crashed instance of ipa server
and got
ipactl startUpgrade required: please run ipa-server-upgrade commandAborting
ipactl
ran ipa-server-upgrade which got to the following step, but no further
ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG:
-
I have noticed that we had a broken replication agreement between replica in
amazon and on another physical node. I have attempted to re-initialize but
receivedUpdate failed! Status: [2 Replication error acquiring replica:
excessive clock skew]
I had triple verified that time on both is correc
26 matches
Mail list logo