Just found some additional possible clues in the apache error.log
=
[Tue Jun 15 17:11:34.636290 2021] [:warn] [pid 31831:tid
139703600768768] [client 2001:470:8af9:255::10:47920] failed to set
perms (3140) on file (/run/ipa/ccaches/ch...@ipa.node-nine.com)!,
referer: https://REDACTED-1.ipa
Apologies for the belated response - took me a bit to verify across all
clients.
When I installed the LE certs on each replica/server, I performed the
following:
=(the privkey & fullchain files provided by LE)=
ipa-server-certinstall -w -d privkey.pem fullchain.pem
&
/usr/sbin/ipa-cert
Alfred Victor wrote:
> I don't see a directive equivalent of SECURE_NFS to add to nfs.conf (all
> documentation seems to still refer to the sysconfig path), or is it the
> same? Can I just disable rpcgssd? We have no nfs mounts which are
> kerberized yet, and disabling rpcgssd seems to solve our pr
Might the 'edition' (server, desktop, iot, whatnot) of the distribution
used in testing freeipa-server* be explicitly stated in the 'getting
started' docs as being 'approved' for freeipa-server use? The better
to avoid interactions with un-interaction-tested packages / security
libraries generall
I don't see a directive equivalent of SECURE_NFS to add to nfs.conf (all
documentation seems to still refer to the sysconfig path), or is it the
same? Can I just disable rpcgssd? We have no nfs mounts which are
kerberized yet, and disabling rpcgssd seems to solve our problem, and I can
kinit after
On ti, 15 kesä 2021, Alfred Victor via FreeIPA-users wrote:
Hi Rob,
We attempted setting sec=sys on the mount, however to our surprise found
this didn't work. We then figured out that IPA install is adding this to
/etc/sysconfig/nfs:
SECURE_NFS=yes
We tried removing this to no avail and resta
Hi Rob,
We attempted setting sec=sys on the mount, however to our surprise found
this didn't work. We then figured out that IPA install is adding this to
/etc/sysconfig/nfs:
SECURE_NFS=yes
We tried removing this to no avail and restarting all the related sytstemd
units (rpcgssd, nfs, etc). Any
I have attached some sssd logs snippets with debug_level activated in
sssd.conf (some lines have been truncated) :
(Tue Jun 15 16:09:02 2021) [be[ipa.example.com]] [dp_get_account_info_send]
(0x0200): Got request for [0x1][BE_REQ_USER][name=test_u...@example.com]
(Tue Jun 15 16:09:02 2021) [be
On Mon, Jun 14, 2021, at 3:47 PM, Rob Crittenden wrote:
> Bret Wortman via FreeIPA-users wrote:
> > This appears to be the error, or at least it's the only "fatal" I could
> > find in the stream and it's near enough to the end of traffic that it seems
> > likely. I'm no expert on Wireshark so I'm
On ti, 15 kesä 2021, Ronald Wimmer via FreeIPA-users wrote:
On 15.06.21 08:42, Alexander Bokovoy via FreeIPA-users wrote:
[...]
Check the first link I gave. Only 'domain local' groups can include
members from "Accounts, Global groups, and Universal groups from other
forests and from external dom
On 15.06.21 08:42, Alexander Bokovoy via FreeIPA-users wrote:
[...]
Check the first link I gave. Only 'domain local' groups can include
members from "Accounts, Global groups, and Universal groups from other
forests and from external domains". Domain local groups, on the other
hand, can only be us
11 matches
Mail list logo
