;
track: yes
auto-renew: yes
=
Where else should I be looking to try and understand/debug why the
server is rejecting itś own connection to itself? From my (albeit
limited) understanding thus far, all the requisite components are
present and accounted for, no?
Do my apache logs of the
new certificate steps are unrelated. This affects all CA requests.
rob
Chris Moody via FreeIPA-users wrote:
Just found some additional possible clues in the apache error.log
=
[Tue Jun 15 17:11:34.636290 2021] [:warn] [pid 31831:tid
139703600768768] [client 2001:470:8af9:255::10:47920] faile
version='2.233'): NetworkError
=====
-Chris
On 6/15/21 5:09 PM, Chris Moody via FreeIPA-users wrote:
Apologies for the belated response - took me a bit to verify across
all clients.
When I installed the LE certs on each replica/server, I performed the
following:
=(the privkey &a
t-manage install on one of the nodes + ipa-certupdate on _all
the IPA machines_? It's important to run ipa-certupdate on all the
server/replicas/clients in order to install the CA everywhere.
flo
On Sat, Jun 12, 2021 at 2:19 AM Chris Moody via FreeIPA-users
<mailto:freeipa-users@lists.fedoraho
Hello folks.
Hopefully I'm just missing something face-palm level obvious, but I am
running into some trouble when interfacing with my CA functionality on
an IPA server cluster. My attempts at scouring all my saved prior-comms
from the mailing-list as well as several search-engines are not
e
Trying to stand up a brand new IPA Server install on a brand new VM.
I am lightly obfuscating some strings out of respect for the client so
their domain-name will say 'DOMAIN' in my email.
==
~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=19.10
DISTRIB_CODENAME=eoan
DISTRIB_DE
just continue here - your call.
-Chris
On 1/17/18 6:10 PM, Chris Moody via FreeIPA-users wrote:
> Just attempted the '--server' option you mention, as well as the
> '--domain' value that the parameter requires, and it actually SUCCEEDED
> in joining!
>
> I rec
in to this node with a user
in IPA.
Which is wonderful news however I'm still now wondering what
component might be failing or portion of autodiscovery perhaps
missing/b0rk3d that's necessitating the --server param to be explicitly
called.
-Chris
On 1/17/18 5:30 PM, Chris Moody via
Server:
=
[root@sfca-do-4 ~]# ipa --version
VERSION: 4.4.4, API_VERSION: 2.215
[root@sfca-do-4 ~]# cat /etc/fedora-release
Fedora release 25 (Twenty Five)
Client Node:
=
root@sfca-do-1:~# ipa-client-install --version
4.3.1
root@sfca-do-1:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB
Affirmative, it is all caps in the logs.
I can re-send the log with the redactions case sensitive if that's
helpful. My apologies for causing confusion via my obfuscation.
-Chris
On 1/17/18 12:36 PM, Robbie Harwood wrote:
> Chris Moody writes:
>
>> On 1/17/18 8:27 AM, Robbie Harwood wrote:
>>
Yes - I am redacting just the 2nd level domain name portion from any logs.
-Chris
On 1/17/18 8:27 AM, Robbie Harwood wrote:
> Chris Moody writes:
>
>> Thanks for taking a look gents. Ask and ye shall receive. :)
>>
>> -Chris
>>
>> ===[ CLI output ]==
>> root@sfca-do-1:~# ipa-client-in
My reply with the log output is pending moderator approval.
-Chris
On 1/16/18 1:11 PM, Rob Crittenden wrote:
> Robbie Harwood via FreeIPA-users wrote:
>> Chris Moody via FreeIPA-users
>> writes:
>>
>>> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA
Hello all.
First want to thank everyone for all the hard work going into
continually making this platform a better and better offering.
I'm running into some challenges though in joining clients to a
relatively fresh install for a client. I have a pair of replicating IPA
nodes that are respondin
13 matches
Mail list logo
