<div dir="ltr"><div>Hi </div><div> </div><div>Update on the errors</div><div> </div><div>kinit charlesd </div><div>kinit: Generic error (see e-text) while getting initial credentials</div><div>krb5kdc.log - LOOKING_UP_CLIENT: <a href="mailto:charlesd@EXAMPLE.COM">charlesd@EXAMPLE.COM</a> for krbtg/<a href="mailto:EXAMPLE.COM@EXAMPLE.COM">EXAMPLE.COM@EXAMPLE.COM</a>, Server Error</div> <div> </div><div> </div><div>Starting the IPA service (dirsrv in particular) gives</div><div> </div><div>Failed to read data from Directory Service: Failed to get list of services to probe status!</div><div>Configured hostname '<a href="http://ipa3.example.com">ipa3.example.com</a>' doesn't match any master server in LDAP:</div> <div>No master found because of error: {'matched': dc=example,dc=com', 'desc': 'No such object'}</div><div>Shutting down</div><div> </div><div> </div><div>The errors log has a load of different services schema-compat-plugin. dna-plugin, ipalockout_preop/postop all complaining in one way or another about being unable to retrieve entries or no entries being set up.</div> <div class="gmail_extra"><br>Cheers,</div><div class="gmail_extra">Charlie<br></div><div class="gmail_extra"> </div><div class="gmail_quote">On Fri, Sep 13, 2013 at 2:49 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span> wrote:<br> <blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"> <div text="#000000" bgcolor="#FFFFFF"><div class="im"> <div>On 09/12/2013 08:04 PM, Charlie Derwent wrote:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div class="gmail_extra"><br> <br> <div class="gmail_quote">On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span> wrote:<br> <blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"> <div text="#000000" bgcolor="#FFFFFF"> <div> <div>On 09/09/2013 10:20 AM, Charlie Derwent wrote:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div>Hi,</div> <div> </div> <div>2 questions, some of our automation accounts are needlessly querying the IPA server every time they call a command via sudo. This is generating a lot of noise in our access logs. Is there any way to ensure certain system accounts don't call out to the IPA server for additional groups or sudo permission when completing tasks?</div> </div> </blockquote> <br> </div> What are your client platforms? Does sssd or newer versions of sudo cache? <div><br> <br> <blockquote type="cite"> <div dir="ltr"> <div> </div> <div>The other question is slightly more embarrassing, one of our guys saw /var filling and noticed that /var/lib/dirsrv/slapd-EXAMPLE-COM/db/ had a load of "log" files which looked like they weren't being tidied. </div> </div> </blockquote> <br> </div> They are automatically cleaned up. If you have a lot of updates, it may take longer. <div><br> <br> <blockquote type="cite"> <div dir="ltr"> <div>One stupid decision later and I'm now here asking on his behalf if there is anyway of restoring the database from a replica or is a complete rebuild required?</div> </div> </blockquote> <br> </div> Just reinit the replica using ipa-replica-manage.<br> <br> </div> </blockquote> <div>I just tried to reinit the replica but I'm getting an error about failure to connect to LDAP server I'm guessing that's because it's impossible for me to kinit on the server now given the state of the DB.</div> </div> </div> </div> </blockquote> <br></div> It depends. What error? Can you provide the exact error message and/or excerpts from /var/log/dirsrv/slapd-DOMAIN-COM/errors?<div class="im"><br> <br> <blockquote type="cite"> <div dir="ltr"> <div class="gmail_extra"> <div class="gmail_quote"> <blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"> <div text="#000000" bgcolor="#FFFFFF"> </div> </blockquote> <blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"> <div text="#000000" bgcolor="#FFFFFF"> </div> </blockquote> <blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"> <div text="#000000" bgcolor="#FFFFFF"> <blockquote type="cite"> <div> <div dir="ltr"> <div>Second question is obviously a little bit more urgent than the first but any advice is greatly appreciated.</div> <div> </div> <div>Thanks,</div> <div>Charlie</div> <div> </div> <div> </div> <div> </div> <div> </div> <div> </div> <div> </div> </div> <br> <fieldset></fieldset> <br> </div> <pre>_______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> </div> </blockquote> </div> <br> </div> </div> </blockquote> <br> </div></div> </blockquote></div><div class="gmail_extra"><br></div></div>