Cross-posting this on the 389-users list.
rob
Jochen Kellner via FreeIPA-users wrote:
>
> Hi,
>
> I've upgraded my freeipa server to Fedora 40 (the system was installed
> several releases ago). After the upgrade I get the following new warning
> from ipa-healthcheck:
>
> {
> "source":
Hi,
I've upgraded my freeipa server to Fedora 40 (the system was installed
several releases ago). After the upgrade I get the following new warning
from ipa-healthcheck:
{
"source": "ipahealthcheck.ds.backends",
"check": "BackendsCheck",
"result": "WARNING",
"uuid":
Thanks much. dnssec-validation was set to yes on the replica. No idea how that
happened. Works now.
Something else and not related I wondered about, is why some clients point to a
certain server (in my case the failing server).
This is seen with `sssctl domain-status ` under "Active servers".
On Пят, 26 кра 2024, slek kus via FreeIPA-users wrote:
Hi Alexander, according to /etc/resolv.conf it is integrated and points to
localhost, but nmcli says DNS is set to idm01.
A bit strange, since resolv.conf is generated by networkmanager.
[root@idm02 ~]# nmcli dev show | grep DNS
Hi Alexander, according to /etc/resolv.conf it is integrated and points to
localhost, but nmcli says DNS is set to idm01.
A bit strange, since resolv.conf is generated by networkmanager.
[root@idm02 ~]# nmcli dev show | grep DNS
IP4.DNS[1]: 172.16.27.10 <
Sorry for this later response. Problem is solved. The problem was in the
common-auth file, in the line referring to pam_sss.so that was missing the
option 'use_first_pass'.
Many thanks to all for your help
Regards,
C. L. Martinez
-Original Message-
From: Sumit Bose
Sent: Friday,
On Пят, 26 кра 2024, slek kus via FreeIPA-users wrote:
Hi Sumit, that does not return anything good on the replica. See below.
On the main IPA node node:
[alma@idm01 ~]$ host -t SRV _ldap._tcp.redacted.domain
_ldap._tcp.redacted.domain has SRV record 0 100 389 dc01.redacted.domain.
Hi Sumit, that does not return anything good on the replica. See below.
On the main IPA node node:
[alma@idm01 ~]$ host -t SRV _ldap._tcp.redacted.domain
_ldap._tcp.redacted.domain has SRV record 0 100 389 dc01.redacted.domain.
_ldap._tcp.redacted.domain has SRV record 0 100 389