Public bug reported:
Kindly notice https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1885024
which won't be fixed in kerberos since freeipa changes the log destination. So
freeipa needs to add a systemd drop in to allow the logging.
krb5-kdc.service drop in:
[Service]
ReadWriteDirectories= /va
With the line not commented, upon each and every startup in all cases
one sees this:
May 19 11:37:25 email1 systemd[1]: Starting SSSD NSS Service responder socket.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72216]: (Tue May
19 11:37:12:251510 2020) [sssd] [main] (0x0010): Misco
Public bug reported:
Notice
ipa-client-install
creates /etc/sssd/sssd.conf
but changes in the sssd process's socket approach calls for that file to change
/etc/sssd.conf from
...
[sssd]
services = nss, pam, ssh, sud
...
to
[sssd]
#services = nss, pam, ssh, sud
otherwise the sssd service either wo
Timo,
You might take a look at /etc/sssd/sssd.conf
Consider changing
services = ifp
#services = nss, pam, ifp, ssh, sudo
The reason is that unless you change this, systemctl is-system-running
reports degraded instead of running, with messages akin to
Dec 9 17:59:25 registry1 sssd_check_sock
Using the ppa, the upgrade to the primary server was successful. Then the
replica install was successful, other than, at the end:
...
Restarting named
Updating DNS system records
DNS query for registry1.1.quietfountain.com. 1 failed: All nameservers failed
to answer the query registry1.1.quietfo
Good to know. I was using ubuntu eoan.
On 11/27/19 11:18 AM, Timo Aaltonen wrote:
> for the record, ipa-replica-install works fine on the debian vm's that I
> have set up for this (and finally had a go at replicating 4.8)
>
> my goal is to eventually have it all tested with a CI system somewhere,
I appreciate your efforts. The thing is folks who use freeipa put it in
the same 'has-got-to-work' 'no-regressions' category as the kernel.
While it might lack a feature or need work in this or that area, it just
can't 'not install' or have some major user-facing thing like the
'here's how you cha
Timo,
Thank you. I didn't understand freeipa wasn't supported on Ubuntu. You
can consider this matter closed, I have to move to a different distro.
On 11/25/19 2:20 PM, Timo Aaltonen wrote:
> replica install is untested, not surprising to see it being broken
>
> and freeipa is in universe and
Here's the shell script log
root@registry2:~# kinit admin
Password for ad...@1.quietfountain.com:
root@registry2:~# ipa-replica-install --setup-dns --no-forwarders
WARNING: conflicting time&date synchronization service 'ntp' will
be disabled in favor of chronyd
Lookup failed: Preferred host regis
Of some interest, a curl of exactly the same link works (kinit admin in effect,
just after failure above).
root@registry2:/tmp# curl
https://registry1.1.quietfountain.com/ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.Fj
Both registry1 and registry2 are 'vanilla' eoan mate vms.
Host registry1... has a working freeipa-server based on eoan installed. No
other packages. It does include the dns support. registry2 is the attempt to
install a replica. No other packages.
--
You received this bug notification becaus
Public bug reported:
Just trying to see if freeipa works on Ubuntu, I installed freeipa-
server on one system, then tried to install the freeipa-replica on
another. The two system setup works just fine on Fedora, but I need to
standardize on one distro so I'm evaluating Ubuntu hoping that Canonic
Public bug reported:
Notice the bug and fix mentioned in
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772921
is, somehow 're-broken' in eoan. Possibly because of:
https://pagure.io/freeipa/c/78652a52f083bac5238f9e0a6520e0e448dadabe
The result is none of the directional glyphs appear
PPPS. You don't need the latest fontsawesome after all for the gui to
work. However, you do need:
apt install libjs-scriptaculous
and
The installed code expects fontawesome, not font-awesome in the truetype
directory.
cd /usr/share/fonts/truetype
ln -s font-awesome /usr/share/fonts/truetype/f
PPS. Freeipa needs fontawesome version 4 or you get unicode boxes.
Bionic ships v3. Attached find v4. put them in
/usr/share/fonts/fontawesome
** Attachment added: "fontawesome v4"
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440/+attachment/5156225/+files/fontawesome4.bz
--
P.S. After the systemctl disable commands, you may need to delete the
'/etc/resolv.conf' then make a new one with the simple content as it
could be a link to a stub for systemd-resolved.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in
At
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440/comments/34
You will find a recipe to work around all bugs stopping the installation
of freeipa with integrated DNS on 18.04/bionic as of this date.
Hopefully folks who like to fix things can work these into the install
scripts and
t debugging this helps you!
Harry Coin
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
Status in bind9 package in Ubuntu:
At appears my problem arises as I asked for an install with DNS. On
ubuntu bionic, apt install freeipa-server-dns
ipa-server-install
then the bug appears. It is discussed here.
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440
--
You received this bug notification because you are
Spoke too soon, though the routine reported success, in the log we have:
Updating DNS system records
ipapython.dnsutil: ERRORDNS query for directory1.ri.mamabosso.com. 1
failed: The DNS operation timed out after 30.0014941692 seconds
ipaserver.dns_data_management: ERRORunable to resolve h
Added:
apt install python-psutil
in cainstance.py after import tempfile added
import psutil
In function "migrate_profiles_to_ldap"
before
for profile_id in profile_ids:
changed time.sleep(80) to time.sleep(30)
then added just after, inside the loop:
while psutil.cpu_percent() > 5: time.sleep(2
Same issue here. Adding haveged reduced the error count, but still
failed with 2 processors and 2gb. 3 processors and 3gb failed with a
network error
[24/28]: migrating certificate profiles to LDAP
[error] NetworkError: cannot connect to
'https://directory1.ri.mamabosso.com:8443/ca/rest/accoun
22 matches
Mail list logo
