Lucky I saw this early this morning as I'm about to destroy the machine. One
other thing of note is that the ipa installation was done using ansible-freeipa.
Hope it helps
Dave
[root@man-fb-ipa-02 ~]# uname -a
Linux man-fb-ipa-02.testhost.com 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8
23:39:32
On Fri, Sep 06, 2019 at 11:27:52AM +1000, Fraser Tweedale via FreeIPA-users
wrote:
> On Thu, Sep 05, 2019 at 10:12:10AM -, David Etchen via FreeIPA-users
> wrote:
> > Ahh of course sudo I was trying su.
> >
> > I'm on Centos 7.6 running freeipa 4.6.4 all from the standard yum packages.
> >
On Thu, Sep 05, 2019 at 10:12:10AM -, David Etchen via FreeIPA-users wrote:
> Ahh of course sudo I was trying su.
>
> I'm on Centos 7.6 running freeipa 4.6.4 all from the standard yum packages.
>
> It does look to be the exact same issue as you posted about Fedora 30.
>
Thanks. I will need
Ahh of course sudo I was trying su.
I'm on Centos 7.6 running freeipa 4.6.4 all from the standard yum packages.
It does look to be the exact same issue as you posted about Fedora 30.
This means that anyone running Centos 7.6 / RHEL 7.6 will be affected by this.
(See below)
As a work around if
On Wed, Sep 04, 2019 at 03:08:30PM -, David Etchen via FreeIPA-users wrote:
> Hi Fraser,
>
> Thanks for replying.
>
> I've restarted both sides like you suggested but still don't see a
> difference. I can see the back off time has started again like you said.
>
>
Hi Fraser,
Thanks for replying.
I've restarted both sides like you suggested but still don't see a difference.
I can see the back off time has started again like you said.
[04/Sep/2019:15:20:12][KeyRetrieverRunner-dd4ea812-c044-41c0-93bf-ec376c732c93]:
Failed to retrieve key from any host.
So just to add it seems that the 2nd IPA server hasn't managed to get the subCA
cert & key as when I check the nssdb they aren't present on the 2nd IPA server.
(See below)
Running the command as my own user
/usr/libexec/ipa/ipa-pki-retrieve-key "caSigningCert cert-pki-ca
On Wed, Sep 04, 2019 at 12:33:27PM -, David Etchen via
FreeIPA-users wrote:
> Hi Guys,
>
> I have a 2 host basic IPA setup both IPA servers are running dns &
> ca. I'm running on Centos 7.6 using freeipa version 4.6.4 &
> dogtag version 10.5.9
>
> I've made a subCA called vpnca and a