[Freeipa-users] Freeipa-users Digest, Vol 30, Issue 8

Aravind GV aravind.gv at gmail.com
Wed Jan 19 07:22:54 UTC 2011 

Hi All

Please help me in adding a synchronization agreement. I followed (
http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/) but
the example given in  4.4. Creating Synchronization Agreements is not
correct. There is no more option add in ipa-replica-manage command. After
googling they suggested me to use connect instead of add. This command
worked but it stopped directory server and thorws following errors. Jakub
Hrozek suggested me to get logs from /var/log/ipareplica-install.log. But
this file is not at all created only ipaclient-install.log
 ipaserver-install.log  are the two files in that there is no reference to
ipa-replica-mange command.

I have installed ipa v2 from http://jdennis.fedorapeople.org repo.

[root at dirsrv ~]# ipa-replica-manage connect --winsync --binddn
CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert
/root/bgkerb.cer 10.0.65.28 -v --passsync asd312ASD
INFO:root:args=/sbin/service dirsrv stop
INFO:root:stdout=Shutting down dirsrv:
    AGV-COM...[  OK  ]
    PKI-IPA...[  OK  ]

INFO:root:stderr=
unexpected error: DsInstance instance has no attribute 'subject_base'

Regards,
AGV
On Fri, Jan 14, 2011 at 10:30 PM, <freeipa-users-request at redhat.com> wrote:

> Send Freeipa-users mailing list submissions to
>        freeipa-users at redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://www.redhat.com/mailman/listinfo/freeipa-users
> or, via email, send a message with subject or body 'help' to
>        freeipa-users-request at redhat.com
>
> You can reach the person managing the list at
>        freeipa-users-owner at redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeipa-users digest..."
>
>
> Today's Topics:
>
>   1. ipa-replica-manage command fails while Setting up Windows
>      Sync on the IPA Server V2 (Aravind GV)
>   2. Re: ipa-replica-manage command fails while Setting up Windows
>      Sync on the IPA Server V2 (Jakub Hrozek)
>   3. Re: certmonger selinux issue and freeipa dns database error
>      problem (Rob Crittenden)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 14 Jan 2011 15:08:44 +0530
> From: Aravind GV <aravind.gv at gmail.com>
> To: freeipa-users at redhat.com
> Subject: [Freeipa-users] ipa-replica-manage command fails while
>        Setting up Windows Sync on the IPA Server V2
> Message-ID:
>        <AANLkTimSR3k_Vbm_xaVyNOeVmGeti6rDNWUgb6bh05Ko at mail.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> Hi
>
> I?m trying to set up password/identity sync to the FreeIPA V2 server from a
> Windows 2003R2 SP2 server to a Fedora 14. According to installation
> document
> in free ipa website [
> http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/ ]
> ipa-replica-manage add option is no more there if i use connect option i
> get
> below error. There is not much in logs to troubleshoot. Please help me to
> resolve this issue.
>
> [root at fedora ~]# ipa-replica-manage connect --winsync --binddn
> CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert
> /root/bgkerb.cer bgkerb.test02.com -v --passsync asd312ASD
> Directory Manager password:
> INFO:root:args=/sbin/service dirsrv stop
> INFO:root:stdout=Shutting down dirsrv:
>    AGV-COM...[  OK  ]
>    PKI-IPA...[  OK  ]
>
> INFO:root:stderr=
> unexpected error: DsInstance instance has no attribute 'subject_base'
>
> --
> ----------------------------
> With Best Regards
> Aravind G V
> Ph-9880346065
> "I want it all,
> That's why I strive for it,
> I know that it's coming" - Drake from "Successful"
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://www.redhat.com/archives/freeipa-users/attachments/20110114/518de32f/attachment.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 14 Jan 2011 11:15:23 +0100
> From: Jakub Hrozek <jhrozek at redhat.com>
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] ipa-replica-manage command fails while
>        Setting up Windows Sync on the IPA Server V2
> Message-ID: <20110114101522.GA17525 at zeppelin.brq.redhat.com>
> Content-Type: text/plain; charset=utf-8
>
> On Fri, Jan 14, 2011 at 03:08:44PM +0530, Aravind GV wrote:
> > Hi
> >
> > I?m trying to set up password/identity sync to the FreeIPA V2 server from
> a
> > Windows 2003R2 SP2 server to a Fedora 14. According to installation
> document
> > in free ipa website [
> > http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/]
> > ipa-replica-manage add option is no more there if i use connect option i
> get
> > below error. There is not much in logs to troubleshoot. Please help me to
> > resolve this issue.
> >
> > [root at fedora ~]# ipa-replica-manage connect --winsync --binddn
> > CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert
> > /root/bgkerb.cer bgkerb.test02.com -v --passsync asd312ASD
> > Directory Manager password:
> > INFO:root:args=/sbin/service dirsrv stop
> > INFO:root:stdout=Shutting down dirsrv:
> >     AGV-COM...[  OK  ]
> >     PKI-IPA...[  OK  ]
> >
> > INFO:root:stderr=
> > unexpected error: DsInstance instance has no attribute 'subject_base'
> >
>
> Hi,
>
> The full Python exception can be found in
> /var/log/ipareplica-install.log. Can you post the last couple of lines
> with the traceback?
>
> Thank you,
>    Jakub
>
>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 14 Jan 2011 09:19:21 -0500
> From: Rob Crittenden <rcritten at redhat.com>
> To: Uzor Ide <ide4you at gmail.com>
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] certmonger selinux issue and freeipa dns
>        database error problem
> Message-ID: <4D305B69.2090007 at redhat.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Uzor Ide wrote:
> >
> >   We have a network that relies on kerberos, 389-ds, bind and nfs4. I am
> > currently testing out the freeipa version 2 to see if we can use it to
> > consolidate the various configuration into one interface. For the most
> > part it works great apart from the obvious area where it has not been
> > completed. However there are somethings that I have noticed.
> >
> > 1.) The DNS logging always logs database error every time it access the
> > ldap. even though the query returns okay and the dns reply is fine.
> >
> > here is an excerpt of the log  named.run
> >
> > 24-Oct-2010 10:32:33.025 edns-disabled: info: success resolving
> > 'www.mailscanner.tv/A <http://www.mailscanner.tv/A>' (in 'mailscanner.tv
> > <http://mailscanner.tv>'?) after reducing the advertised EDNS UDP packet
> > size to 512 octets
> > 24-Oct-2010 10:34:41.137 database: error: querying 'idnsName=wpad,
> > idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> > '(objectClass=idnsRecord)'
> > 24-Oct-2010 10:34:41.140 database: error: querying 'idnsname=uzdomain.ca
> > <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> > '(objectClass=idnsRecord)'
> > 24-Oct-2010 10:34:41.143 database: error: entry count: 1
> > 24-Oct-2010 10:34:41.146 database: error: querying 'idnsName=wpad,
> > idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> > '(objectClass=idnsRecord)'
> > 24-Oct-2010 10:39:43.581 database: error: querying 'idnsName=wpad,
> > idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> > '(objectClass=idnsRecord)'
> > 24-Oct-2010 10:39:43.583 database: error: querying 'idnsname=uzdomain.ca
> > <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> > '(objectClass=idnsRecord)'
> > 24-Oct-2010 10:39:43.586 database: error: entry count: 1
> > 24-Oct-2010 10:39:43.589 database: error: querying 'idnsName=wpad,
> > idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
> > '(objectClass=idnsRecord)'
> >
> >   here is our logging configuration
> >
> > // *******************
> > // Logging definitions
> > // *******************
> >
> > // Logging
> > logging {
> >     channel "named_log" {
> >        file "data/log/named.run" versions 5 size 4m;
> >        severity dynamic;
> >        print-category yes;
> >        print-severity yes;
> >        print-time yes;
> >     };
> >
> >     channel "security_log" {
> >        file "data/log/security.log" versions 5 size 10m;
> >        severity dynamic;
> >        print-category yes;
> >        print-severity yes;
> >        print-time yes;
> >     };
> >
> >     channel "query_log" {
> >        file "data/log/query.log" versions 5 size 50m;
> >        #severity dynamic;
> >        severity debug;
> >        print-category yes;
> >        print-severity yes;
> >        print-time yes;
> >     };
> >
> >     channel "transfer_log" {
> >        file "data/log/transfer.log" versions 5 size 10m;
> >        severity dynamic;
> >        print-category yes;
> >        print-severity yes;
> >    };
> >
> >     category "default" {
> > "named_log";
> > "default_syslog";
> > "default_debug";
> >     };
> >
> >     category "general" {
> > "named_log";
> >     };
> >
> >    category "queries" {
> > "query_log";
> >     };
> >
> >     category "lame-servers" {
> >        null;
> >     };
> >
> >     category "security" {
> > "security_log";
> >     };
> >
> >     category "config" {
> > "named_log";
> >     };
> >
> >     category "resolver" {
> > "query_log";
> >     };
> >
> >     category "xfer-in" {
> > "transfer_log";
> >     };
> >
> >     category "xfer-out" {
> > "transfer_log";
> >     };
> >
> >     category "notify" {
> > "transfer_log";
> >     };
> >
> >     category "client" {
> > "query_log";
> >     };
> >
> >     category "network" {
> > "named_log";
> >     };
> >
> >     category "update" {
> > "transfer_log";
> >     };
> >
> >     category "dnssec" {
> > "security_log";
> >     };
> >
> >   category "dispatch" {
> > "security_log";
> >     };
> > };
> >
> > This error message keeps triggering our monitoring systems.
>
> This has been fixed in bug
> https://bugzilla.redhat.com/show_bug.cgi?id=656454. It should show up as
> bind-dyndb-ldap-0.2.0-1.fc14 in the Fedora updates-testing repo in the
> next day or so.
>
> rob
>
>
>
> ------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> End of Freeipa-users Digest, Vol 30, Issue 8
> ********************************************
>



-- 
----------------------------
With Best Regards
Aravind G V
Ph-9880346065
"I want it all,
That's why I strive for it,
I know that it's coming" - Drake from "Successful"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110119/cc9fd723/attachment.htm>

More information about the Freeipa-users mailing list