ipactl startExisting service file detected!Assuming stale, cleaning and
proceedingStarting Directory ServiceFailed to read data from service file:
Failed to get list of services to probe status!Configured hostname
this_server.domain' does not match any master server in LDAP:
in
[01/Mar/2017:18:19:48 +] agmt="cn=meTo ipa2.internal.domain" (ipa2:389) -
Can't locate CSN 582301c3000d0077 in the changelog (DB rc=-30988). If
replication stops, the consumer may need to be
reinitialized.[01/Mar/2017:18:19:48 +] NSMMReplicationPlugin - changelog
program -
there are reports from multiple clients being unable to authenticate.
ipactl status shows all services as running.The problem is fixed when I 'ipactl
restart'.
From: "Sullivan, Daniel [CRI]" <dsulliv...@bsd.uchicago.edu>
To: pgb205 <pgb...@yahoo.com>
Cc: Freeip
My problem is with the server itself seemingly not providing services even
though it claims to do so. would be curious to know what to look at on freeipa
server or how to inrease logging
From: "Sullivan, Daniel [CRI]" <dsulliv...@bsd.uchicago.edu>
To: pgb205 <pg
We have multiple ipa servers but only one is continuously affected by the
strange problem described in the subject line.Users report not being able to
login to servers that are using a specific ipa_server. Looking at this server
ipactl shows everything as RUNNING. ipactl restart fixes the issue
I have followed troubleshooting procedure outlined hereTroubleshooting - FreeIPA
|
|
|
| ||
|
|
|
| |
Troubleshooting - FreeIPA
| |
|
|
Additionally I have done contrast and compare with a working server for the
following
topology prior to deletion
master1<->master2
master2 deleted with ipa-server --uninstall command
During re-installation I get error that the replication agreement still exists
on master1.I do see this using ipa-replica-manage list.
Tried deleting replication agreement withipa-replica-manage
as before
but am getting the error message.
All systems are centos 7 so I'd expect freeipa to be the latest version.
From: Rob Crittenden <rcrit...@redhat.com>
To: Martin Basti <mba...@redhat.com>; pgb205 <pgb...@yahoo.com>; Freeipa-users
<freeipa-users@redhat.com>
my previous setup wassrv2->replica
srv1->srv2
I have removed replica and set it up with the one with identical hostname.Now
I have replication from srv1->replica
and am trying to create another agreement from srv2=>replica
but i am getting the error message above. My guess is that old hostname
Current topology:
ipa-srv1<->ipa-srv2
ipa-srv1 already has CA installed but NOT ipa-srv2.
The reason I would like to add CA on ipa-srv2 is because I want the setup to
ultimately become ipa-srv2<->ipa-srv2<->ipa-srv3
however I am unable to create gpg replication file on ipa-srv2 (to be used to
thank you! that was it
From: Simpson Lachlan <lachlan.simp...@petermac.org>
To: pgb205 <pgb...@yahoo.com>; Sumit Bose <sb...@redhat.com>
Cc: Freeipa-users <freeipa-users@redhat.com>
Sent: Tuesday, July 19, 2016 7:30 PM
Subject: RE: Re: [Freeipa-users] Unable t
requirement -- direct connectivity to Active Directoryenvironment by clients?
thanks
From: Alexander Bokovoy <aboko...@redhat.com>
To: pgb205 <pgb...@yahoo.com>
Cc: Freeipa-users <freeipa-users@redhat.com>
Sent: Monday, July 4, 2016 12:02 AM
Subject: Re: [Freeipa-
@ADDOMAIN.COMor better yetjsmith --without specifying the domain name.
How can this be accomplished?
thanks
From: Sumit Bose <sb...@redhat.com>
To: pgb205 <pgb...@yahoo.com>
Cc: Freeipa-users <freeipa-users@redhat.com>
Sent: Tuesday, July 19, 2016 3:33 AM
Subject: Re: [Fre
ipa_server.ipa.internal ipa_server172.19.10.10
ad_server1.ad.local172.19.10.10 ad_server2.ad.local172.19.10.10
ad_server3.ad.local
If you want I can send you the sssd logs again
From: Sumit Bose <sb...@redhat.com>
To: pgb205 <pgb...@yahoo.com>
Cc: Freeipa-users <freeipa-u
with this issue. but can you please confirm if it
sounds reasonable.
Ssh is still failing, possibly due to the problem 1 above. Is there anything
else I can do to force ipa to pay attention to the /etc/hosts ?Or is this some
other issue?
thanks From: Sumit Bose <sb...@redhat.com>
To: pgb20
+freeipa-users list
From: pgb205 <pgb...@yahoo.com>
To: Sumit Bose <sb...@redhat.com>
Sent: Tuesday, July 12, 2016 2:12 PM
Subject: Re: [Freeipa-users] Unable to ssh after establishing trust
Sumit, thanks for replying
So the first issue is my fault, probably
I have successfully established trust and am able to obtain ticket granting
ticketkinit user@AD_DOMAIN.COMI can also do kinit admin@IPA_DOMAIN.COMssh
admin@IPA_DOMAIN.COM also works
however, ssh user@AD_DOMAIN.COM or user@ad_domain.com fails
I have checked that there are no hbac rules other then
ad.dc.addomain.com server have been opened between the ipa
and ad servers and so when trust command is executed connection goes to some
domain controller that IPA can't connect to, eventually generating an error.
Just a theory for now.
thanks
From: Alexander Bokovoy <aboko...@redhat.com>
To:
Ben, do you mind sharing your solution as I am affected by the exact same error
when fetching AD domains.
thanks
On Sat, Apr 30, 2016 at 9:16 AM, Ben .T.George wrote:
when i am running ipa trust-fetch-domains "kwttestdc.com.kw" , i am getting
below error in error_log
[Sat Apr 30
Alexander, forwarding sanitized files to you privately
From: Alexander Bokovoy <aboko...@redhat.com>
To: pgb205 <pgb...@yahoo.com>
Cc: "Freeipa-users@redhat.com" <Freeipa-users@redhat.com>
Sent: Tuesday, June 28, 2016 4:25 PM
Subject: Re: [Freeipa-users]
Trust is successfully established
ipa trust-find---1 trust matched--- Realm name:
ad_domain.local Domain NetBIOS name: AD_DOMAIN
and I can get kerberos ticket and access to servicesKRB5_TRACE=/dev/stderr kvno
-S cifs ADDC.AD_DOMAIN
[3552] 1467143851.633980: Received
opriate for name type <0x1c>name_resolve_bcast: Attempting broadcast lookup
for name IPADOMAIN<0x1c>tstream_unix_connect failed: No such file or
directorynmbd not aroundAdding 0 DC's from auto lookupget_dc_list: no servers
foundads_connect: No logon serversDidn't find the cldap server!return code
thanks for the help From: Alexander Bokovoy <aboko...@redhat.com>
To: pgb205 <pgb...@yahoo.com>
Cc: freeipa-users@redhat.com
Sent: Friday, June 10, 2016 12:14 AM
Subject: Re: [Freeipa-users] Can't establish trust with 2008 AD
Please don't answer directly, use mailin
The setup is:AD 2008 domain,Latest version of FreeIpa with integrated DNS,As
the AD domain is not known to any DNS servers on the network I have
created a stub zone in Freeipa integrated dns server addomain.com,and created
A-record for DC.addomain.comas well as _ldap.tcp.addomain.com and
FIPA1.com
->FIPA2.comwith
password replication to both?
thanks
From: Alexander Bokovoy <aboko...@redhat.com>
To: pgb205 <pgb...@yahoo.com>
Cc: Freeipa-users <freeipa-users@redh
Currently passync is only triggered one the domain controller where the
password change is made.Is there a way to trigger passync to run periodically
and resend information to freeipa even if there are no changes?--
Manage your subscription for the Freeipa-users mailing list:
We have:AD->winsync->FIPA1<->replica<->FIPA2etc to multiple other replicas from
FIPA1
What we want is to establish separate set of FIPA replicas which wold still
have information from AD and yet would not 'pollute' the FIPA1/FIPA2 replicas
above.
So far we have considered following options:1.
I have enabled debugging withdebug_level = 7 in sssd.conf
Receive following error messages:Marking server 'ipa-server' as 'name
resolved'[be_resolve_server_process] (0x0200): Found address for server
ipa-server
[get_port_status] (0x1000): Port status of port 389 for server 'ipa-server' is
'not
28 matches
Mail list logo
