[Freeipa-users] hostMask attribute syntax issue in 60sudo.ldif
Rob Crittenden
rcritten at redhat.com
Fri Sep 24 20:09:11 UTC 2010
Brian LaMere wrote:
> On Fri, Sep 24, 2010 at 10:43 AM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
> Brian LaMere wrote:
> > ah, odd - I'm used to IPs being IA5. then the equality match should
> > be changed? Can't have caseIgnoreIA5Match on a directory string :)
> Yes. This is what the patch does :-)
>
>
> so, out of curiousity...why 60sudo? Seems like a string matching netmask
> could be used more generically...it's redefined over as
> radiusFramedIPNetmask in 60radius.ldif. I go through and purge my tree
> of attributes I'll never need, sorry - I have strange quirks.
>
> Also, I've noted that when I stop services, then start them again per
> the order in /etc/rc3.d, named doesn't know about the local domain yet
> because it connects to an empty socket (since the krb and dirsrv
> services aren't started yet)
>
> trying to establish LDAP connection to
> ldapi://%2fvar%2frun%2fslapd-BRIAN-INTERNAL.socket
>
> which fails at:
>
> Principal not found in cred cache (Matching credential not found)
>
> Once everything is up, if I run "rndc reload" the local domain lookups
> (and thus, everything else) works again. Should one of the other
> services incorporate a rndc reload, for this reason? I didn't actually
> restart the server (can't, due to something else it is doing) I just
> stopped things per rc3.d/k* order, and then started them per s* order.
>
> Brian
I use /usr/sbin/ipactl to restart all the IPA services myself. This
could definitely be a problem on reboot though. I filed ticket
https://fedorahosted.org/freeipa/ticket/294 to investigate this further.
rob
More information about the Freeipa-users
mailing list