ipactl startExisting service file detected!Assuming stale, cleaning and
proceedingStarting Directory ServiceFailed to read data from service file:
Failed to get list of services to probe status!Configured hostname
this_server.domain' does not match any master server in LDAP:
in /var/log/dirsrv/
[01/Mar/2017:18:19:48 +] agmt="cn=meTo ipa2.internal.domain" (ipa2:389) -
Can't locate CSN 582301c3000d0077 in the changelog (DB rc=-30988). If
replication stops, the consumer may need to be
reinitialized.[01/Mar/2017:18:19:48 +] NSMMReplicationPlugin - changelog
program - agmt="cn=
there are reports from multiple clients being unable to authenticate.
ipactl status shows all services as running.The problem is fixed when I 'ipactl
restart'.
From: "Sullivan, Daniel [CRI]"
To: pgb205
Cc: Freeipa-users
Sent: Friday, February 3, 2017 2:47 PM
S
My problem is with the server itself seemingly not providing services even
though it claims to do so. would be curious to know what to look at on freeipa
server or how to inrease logging
From: "Sullivan, Daniel [CRI]"
To: pgb205
Cc: Freeipa-users
Sent: Thursday, February 2,
We have multiple ipa servers but only one is continuously affected by the
strange problem described in the subject line.Users report not being able to
login to servers that are using a specific ipa_server. Looking at this server
ipactl shows everything as RUNNING. ipactl restart fixes the issue
I have followed troubleshooting procedure outlined hereTroubleshooting - FreeIPA
|
|
|
| ||
|
|
|
| |
Troubleshooting - FreeIPA
| |
|
|
Additionally I have done contrast and compare with a working server for the
following
files/etc/hosts/etc/resolv.con
topology prior to deletion
master1<->master2
master2 deleted with ipa-server --uninstall command
During re-installation I get error that the replication agreement still exists
on master1.I do see this using ipa-replica-manage list.
Tried deleting replication agreement withipa-replica-manage discon
before
but am getting the error message.
All systems are centos 7 so I'd expect freeipa to be the latest version.
From: Rob Crittenden
To: Martin Basti ; pgb205 ; Freeipa-users
Sent: Friday, August 5, 2016 9:28 AM
Subject: Re: [Freeipa-users] is an IPA Server, but it mig
my previous setup wassrv2->replica
srv1->srv2
I have removed replica and set it up with the one with identical hostname.Now
I have replication from srv1->replica
and am trying to create another agreement from srv2=>replica
but i am getting the error message above. My guess is that old hostname i
Current topology:
ipa-srv1<->ipa-srv2
ipa-srv1 already has CA installed but NOT ipa-srv2.
The reason I would like to add CA on ipa-srv2 is because I want the setup to
ultimately become ipa-srv2<->ipa-srv2<->ipa-srv3
however I am unable to create gpg replication file on ipa-srv2 (to be used to
est
thank you! that was it
From: Simpson Lachlan
To: pgb205 ; Sumit Bose
Cc: Freeipa-users
Sent: Tuesday, July 19, 2016 7:30 PM
Subject: RE: Re: [Freeipa-users] Unable to ssh after establishing trust
#yiv1956000891 #yiv1956000891 -- _filtered #yiv1956000891
{font-family:Helvetica
requirement -- direct connectivity to Active Directoryenvironment by clients?
thanks
From: Alexander Bokovoy
To: pgb205
Cc: Freeipa-users
Sent: Monday, July 4, 2016 12:02 AM
Subject: Re: [Freeipa-users] ipa trust-fetch-domains failing.
On Mon, 04 Jul 2016, pgb205 wrote:
>Selinux
smith@ADDOMAIN.COMor better yetjsmith --without specifying the domain name.
How can this be accomplished?
thanks
From: Sumit Bose
To: pgb205
Cc: Freeipa-users
Sent: Tuesday, July 19, 2016 3:33 AM
Subject: Re: [Freeipa-users] Unable to ssh after establishing trust
On Mon, Jul 18, 20
ipa_server.ipa.internal ipa_server172.19.10.10
ad_server1.ad.local172.19.10.10 ad_server2.ad.local172.19.10.10
ad_server3.ad.local
If you want I can send you the sssd logs again
From: Sumit Bose
To: pgb205
Cc: Freeipa-users
Sent: Tuesday, July 19, 2016 3:33 AM
Subject: Re: [Freeipa
a.
I think this is what helped with this issue. but can you please confirm if it
sounds reasonable.
Ssh is still failing, possibly due to the problem 1 above. Is there anything
else I can do to force ipa to pay attention to the /etc/hosts ?Or is this some
other issue?
thanks From: Sumit
+freeipa-users list
From: pgb205
To: Sumit Bose
Sent: Tuesday, July 12, 2016 2:12 PM
Subject: Re: [Freeipa-users] Unable to ssh after establishing trust
Sumit, thanks for replying
So the first issue is my fault, probably from when I was sanitizing logs.
our active directory
I have successfully established trust and am able to obtain ticket granting
ticketkinit user@AD_DOMAIN.COMI can also do kinit admin@IPA_DOMAIN.COMssh
admin@IPA_DOMAIN.COM also works
however, ssh user@AD_DOMAIN.COM or user@ad_domain.com fails
I have checked that there are no hbac rules other then
ad.dc.addomain.com server have been opened between the ipa
and ad servers and so when trust command is executed connection goes to some
domain controller that IPA can't connect to, eventually generating an error.
Just a theory for now.
thanks
From: Alexander Bokovoy
To: pgb205
Cc: &quo
Ben, do you mind sharing your solution as I am affected by the exact same error
when fetching AD domains.
thanks
On Sat, Apr 30, 2016 at 9:16 AM, Ben .T.George wrote:
when i am running ipa trust-fetch-domains "kwttestdc.com.kw" , i am getting
below error in error_log
[Sat Apr 30 09:14:25.107449
Alexander, forwarding sanitized files to you privately
From: Alexander Bokovoy
To: pgb205
Cc: "Freeipa-users@redhat.com"
Sent: Tuesday, June 28, 2016 4:25 PM
Subject: Re: [Freeipa-users] Unable to add external group
On Tue, 28 Jun 2016, pgb205 wrote:
>Trust is
Trust is successfully established
ipa trust-find---1 trust matched--- Realm name:
ad_domain.local Domain NetBIOS name: AD_DOMAIN
and I can get kerberos ticket and access to servicesKRB5_TRACE=/dev/stderr kvno
-S cifs ADDC.AD_DOMAIN
[3552] 1467143851.633980: Received cr
rvers listed.resolve_hosts: not
appropriate for name type <0x1c>name_resolve_bcast: Attempting broadcast lookup
for name IPADOMAIN<0x1c>tstream_unix_connect failed: No such file or
directorynmbd not aroundAdding 0 DC's from auto lookupget_dc_list: no servers
foundads_connect: No logon serv
thanks for the help From: Alexander Bokovoy
To: pgb205
Cc: freeipa-users@redhat.com
Sent: Friday, June 10, 2016 12:14 AM
Subject: Re: [Freeipa-users] Can't establish trust with 2008 AD
Please don't answer directly, use mailing list.
On Thu, 09 Jun 2016, pgb205 wrote:
&g
The setup is:AD 2008 domain,Latest version of FreeIpa with integrated DNS,As
the AD domain is not known to any DNS servers on the network I have
created a stub zone in Freeipa integrated dns server addomain.com,and created
A-record for DC.addomain.comas well as _ldap.tcp.addomain.com and
_kerber
this setup possible.
1AD->FIPA1.com
->FIPA2.comwith
password replication to both?
thanks
From: Alexander Bokovoy
To: pgb205
Cc: Freeipa-users
Sent: Tuesday, May 24, 2016 12:22 PM
Su
Currently passync is only triggered one the domain controller where the
password change is made.Is there a way to trigger passync to run periodically
and resend information to freeipa even if there are no changes?--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.
We have:AD->winsync->FIPA1<->replica<->FIPA2etc to multiple other replicas from
FIPA1
What we want is to establish separate set of FIPA replicas which wold still
have information from AD and yet would not 'pollute' the FIPA1/FIPA2 replicas
above.
So far we have considered following options:1. S
I have enabled debugging withdebug_level = 7 in sssd.conf
Receive following error messages:Marking server 'ipa-server' as 'name
resolved'[be_resolve_server_process] (0x0200): Found address for server
ipa-server
[get_port_status] (0x1000): Port status of port 389 for server 'ipa-server' is
'not w
28 matches
Mail list logo