Hi,
Thank you Fabian, your suggested commands lead me to the answer and a solution!
```
[root@se-rhidm01x ~]# ldapsearch -Y GSSAPI -H
ldap://usidc1-rhidm01x.idc1.us.example.com -b "" -s base
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info
Hi,
On Fri, Feb 23, 2024 at 2:49 PM Markus Rexhepi-Lindberg via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi,
>
> You are right, sorry for the confusion. I have performed a new
> `ipa-replica-install` and you can find the logs for the master and replica
> in these links:
>
>
Hi,
You are right, sorry for the confusion. I have performed a new
`ipa-replica-install` and you can find the logs for the master and replica in
these links:
master ds389 access:
https://www.rexhepi-lindberg.com/iparepl/20230223/se-rhidm03_access
master ds389 errors:
https://www.rexhepi-lindb
Hi,
On Fri, Feb 23, 2024 at 12:38 PM Markus Rexhepi-Lindberg via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi Florence,
>
> From what I can see it is setup correctly on both the master(s) and
> replica.
>
I now understand the confusion: the logs provided in
master ds389 acces
Hi Florence,
From what I can see it is setup correctly on both the master(s) and replica.
I got the following during `ipa-replica-install`:
```
Search DNS server se-rhidm01x.se.example.com (['10.0.13.139', '10.0.13.139',
'10.0.13.139']) for se-rhidm03x.se.example.com
Could not resolve hostname s
Hi Markus,
On Mon, Feb 19, 2024 at 9:07 AM Markus Rexhepi-Lindberg via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi Florence,
>
> Thanks for looking into this I appreciate it very much!
>
>
> ```
> master# ldapsearch -xLLL -o ldif-wrap=no -D "cn=directory manager" -W -s
> sub
Hi Florence,
Thanks for looking into this I appreciate it very much!
```
master# ldapsearch -xLLL -o ldif-wrap=no -D "cn=directory manager" -W -s sub -b
cn=config objectclass=nsds5replicationagreement dn
Enter LDAP Password:
dn:
cn=meTose-rhidm03x.se.example.com,cn=replica,cn=dc\3Dlnx\2Cdc\3De
Hi,
On Thu, Feb 15, 2024 at 3:50 PM Markus Rexhepi-Lindberg via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> The replication step fails while installing a new ipa replica server.
>
> Some facts:
>
> * Both servers running version 4.9.12.
> * Both servers running RHEL 8.9
> * Mas
Bryan Fang via FreeIPA-users wrote:
> Hi Rob and Flo,
> thanks for your reply, yes I am using external CA certificate, we have
> separate Apache server as proxy of ipa server, and we are using external CA
> certificate for Apache server, version of ipa server is 4.6.8, and I don’t
> know how to
Hi Rob and Flo,
thanks for your reply, yes I am using external CA certificate, we have
separate Apache server as proxy of ipa server, and we are using external CA
certificate for Apache server, version of ipa server is 4.6.8, and I don’t know
how to upgrade domain level to 1, I tried to manuall
Bryan Fang via FreeIPA-users wrote:
> Hi folks,
> hope you are doing well, in case of dealing with domain level 0, when run
> ipa-replica-install, i have to provide gpg file as one of parameters, and
> cannot use --dirsrv-cert-file etc. together with gpg file
> 'You cannot specify any of --dirsrv
Hi,
Is your IPA server configured as domain level 0 or domain level 1?
If level 0, the replica installation is done in 2 steps, the preparation of
a replica file on the master, and then the installation of the replica
using this replica file.
If level 1, there is no preparation step for a replica
Hi folks,
hope you are doing well, in case of dealing with domain level 0, when run
ipa-replica-install, i have to provide gpg file as one of parameters, and
cannot use --dirsrv-cert-file etc. together with gpg file
'You cannot specify any of --dirsrv-cert-file, --http-cert-file, or
--pkinit-cer
Ganesh Kumar via FreeIPA-users wrote:
> Hi,
>
> I am setting up a 2 node FreeIPA system. One primary and the other is a
> replica. I want the replica to use the cloud DNS nameserver as a forwarder.
> In Google cloud, 169.254.169.254 is the nameserver. But when this is used as
> a forwarder I ge
Forgot to send the version info
$ ipa --version
VERSION: 4.6.6, API_VERSION: 2.231
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
On 6/18/20 12:55 PM, Rob Crittenden wrote:
> Orion Poplawski via FreeIPA-users wrote:
>> I'm trying run ipa-replica-install on a non-IPA joined CentOS 8.2 system:
>>
>> ipa-replica-install --principal admin --admin-password='SECRET'
>>
>> Configuring client side components
>> This program will set
Orion Poplawski via FreeIPA-users wrote:
> I'm trying run ipa-replica-install on a non-IPA joined CentOS 8.2 system:
>
> ipa-replica-install --principal admin --admin-password='SECRET'
>
> Configuring client side components
> This program will set up IPA client.
> Version 4.8.4
>
> Using existin
Peter Tselios via FreeIPA-users wrote:
> Exactly.
>
> So, what I did in order to make it work:
> Create 2 PKS#12 archives with the certificates of the HTTP and LDAP (because
> I don't see how I can make the ansible module to add more certificates to an
> existing archive).
> Use those files a
Exactly.
So, what I did in order to make it work:
Create 2 PKS#12 archives with the certificates of the HTTP and LDAP (because I
don't see how I can make the ansible module to add more certificates to an
existing archive).
Use those files as the input of the ipa-replica-install command.
It
Peter Tselios via FreeIPA-users wrote:
> By the way, the information you provided are the complete opposite of the
> information here:
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-replica_installing-identity-manag
By the way, the information you provided are the complete opposite of the
information here:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-replica_installing-identity-management#installing-an-ipa-replica-without-a-ca_
Many thanks to all.
This means I have a lt of work ahead of me.
I am using ansible for the installation and for the moment I don't use the
freeipa modules.
I will try with a p12 file and see if there is any improvement, if not, I will
fall back to ipa-client install.
_
You must first install the ipa-client !
And you can pass your certs option in the ipa-client-install, then the
ipa-replica-install will use them and perform the replication from your primary
server with the correct certs...
-Message d'origine-
De : Peter Tselios via FreeIPA-users
[mailt
On Tue, Mar 17, 2020 at 1:18 PM Peter Tselios via FreeIPA-users
wrote:
>
> I have installed the ipa server by using the following command:
>
> -
> ipa-server-install
> --realm "EXAMPLE.COM" -p 'password' -a 'password'
> --hostname="server.example.com" -n example.com
> --ip-address="10.
Till Hofmann via FreeIPA-users wrote:
> Hi all,
>
> I managed to work around the issue by:
> 1. Setting up the replica without the CA (i.e., `ipa-replica-install` without
> `--setup-ca`)
> 2. Set up the CA with `ipa-ca-install`. This also failed at some point
> (because it could not contact the
Hi all,
I managed to work around the issue by:
1. Setting up the replica without the CA (i.e., `ipa-replica-install` without
`--setup-ca`)
2. Set up the CA with `ipa-ca-install`. This also failed at some point (because
it could not contact the old master on port 8443), but it seemed to do "enoug
Hi Arpit,
On 7/26/19 9:18 AM, Arpit Tolani wrote:
> I added Replication timeout in /usr/share/dirsrv/data/template-dse.ldif
> on replica before ipa-replica-install which took care of time consumed
> for large data getting replicated.
>
> https://access.redhat.com/documentation/en-us/red_hat_direc
I added Replication timeout in /usr/share/dirsrv/data/template-dse.ldif on
replica before ipa-replica-install which took care of time consumed for
large data getting replicated.
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/setting-replication-
On 7/24/19 6:03 PM, François Cami wrote:
> On Wed, Jul 24, 2019 at 5:52 PM François Cami wrote:
>>
>> On Wed, Jul 24, 2019 at 5:48 PM Till Hofmann
>> wrote:
>>>
>>>
>>>
>>> On 7/24/19 4:03 PM, Till Hofmann wrote:
Hi François,
Thanks for the reply!
On 7/24/19 2:32 PM, F
On Wed, Jul 24, 2019 at 5:52 PM François Cami wrote:
>
> On Wed, Jul 24, 2019 at 5:48 PM Till Hofmann
> wrote:
> >
> >
> >
> > On 7/24/19 4:03 PM, Till Hofmann wrote:
> > > Hi François,
> > >
> > > Thanks for the reply!
> > >
> > > On 7/24/19 2:32 PM, François Cami wrote:
> > >
> > >>>
> > >>> I
On Wed, Jul 24, 2019 at 5:48 PM Till Hofmann wrote:
>
>
>
> On 7/24/19 4:03 PM, Till Hofmann wrote:
> > Hi François,
> >
> > Thanks for the reply!
> >
> > On 7/24/19 2:32 PM, François Cami wrote:
> >
> >>>
> >>> Interestingly, during the setup of the replica, the setup is stuck for
> >>> quite so
On 7/24/19 4:03 PM, Till Hofmann wrote:
> Hi François,
>
> Thanks for the reply!
>
> On 7/24/19 2:32 PM, François Cami wrote:
>
>>>
>>> Interestingly, during the setup of the replica, the setup is stuck for
>>> quite some time (~30 minutes) in the step " [1/28]: configuring
>>> certificate
Hi Florence,
Thanks for the pointers!
On 7/24/19 2:59 PM, Florence Blanc-Renaud wrote:
>
> Hi,
>
> a few things to check on the replica:
> - is the ldap server running and listening on port 636?
Yes, the server is running and listening to port 636. I can also query
the server, but only after
Hi François,
Thanks for the reply!
On 7/24/19 2:32 PM, François Cami wrote:
>>
>> Interestingly, during the setup of the replica, the setup is stuck for quite
>> some time (~30 minutes) in the step " [1/28]: configuring certificate
>> server instance". In the ns-slapd log, I can see a lot of
On 7/24/19 2:12 PM, Till Hofmann via FreeIPA-users wrote:
Hi all,
I'm trying to set up a replica on CentOS 7, the master is on CentOS 6.
Eventually, I want to retire the CentOS 6 host. I'm following this migration
guide:
https://www.freeipa.org/page/Howto/Migration#Migrating_existing_FreeIPA_
Hi,
On Wed, Jul 24, 2019 at 2:13 PM Till Hofmann via FreeIPA-users
wrote:
>
> Hi all,
>
> I'm trying to set up a replica on CentOS 7, the master is on CentOS 6.
> Eventually, I want to retire the CentOS 6 host. I'm following this migration
> guide:
> https://www.freeipa.org/page/Howto/Migratio
36 matches
Mail list logo
