Hi All<div> </div><div>Please help me in adding a synchronization agreement. I followed ( <a href="http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/">http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/</a>) but the example given in 4.4. Creating Synchronization Agreements is not correct. There is no more option add in ipa-replica-manage command. After googling they suggested me to use connect instead of add. This command worked but it stopped directory server and thorws following errors. Jakub Hrozek suggested me to get logs from /var/log/ipareplica-install.log. But this file is not at all created only ipaclient-install.log ipaserver-install.log are the two files in that there is no reference to ipa-replica-mange command. </div> <div> </div><div>I have installed ipa v2 from <a href="http://jdennis.fedorapeople.org">http://jdennis.fedorapeople.org</a> repo.</div><meta charset="utf-8"><meta charset="utf-8"><div> </div><div><div>[root@dirsrv ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert /root/bgkerb.cer 10.0.65.28 -v --passsync asd312ASD</div> <div>INFO:root:args=/sbin/service dirsrv stop </div><div>INFO:root:stdout=Shutting down dirsrv: </div> <div> AGV-COM...[ OK ]</div><div> PKI-IPA...[ OK ]</div> <div> </div><div>INFO:root:stderr=</div> <div>unexpected error: DsInstance instance has no attribute 'subject_base'</div><div style="font-size: 12px; line-height: 15px; white-space: pre-wrap; "> </div><meta charset="utf-8">Regards,</div><div>AGV <div class="gmail_quote">On Fri, Jan 14, 2011 at 10:30 PM, <<a href="mailto:freeipa-users-request@redhat.com">freeipa-users-request@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Send Freeipa-users mailing list submissions to <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> To subscribe or unsubscribe via the World Wide Web, visit <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> or, via email, send a message with subject or body 'help' to <a href="mailto:freeipa-users-request@redhat.com">freeipa-users-request@redhat.com</a> You can reach the person managing the list at <a href="mailto:freeipa-users-owner@redhat.com">freeipa-users-owner@redhat.com</a> When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeipa-users digest..." Today's Topics: 1. ipa-replica-manage command fails while Setting up Windows Sync on the IPA Server V2 (Aravind GV) 2. Re: ipa-replica-manage command fails while Setting up Windows Sync on the IPA Server V2 (Jakub Hrozek) 3. Re: certmonger selinux issue and freeipa dns database error problem (Rob Crittenden) ---------------------------------------------------------------------- Message: 1 Date: Fri, 14 Jan 2011 15:08:44 +0530 From: Aravind GV <<a href="mailto:aravind.gv@gmail.com">aravind.gv@gmail.com</a>> To: <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> Subject: [Freeipa-users] ipa-replica-manage command fails while Setting up Windows Sync on the IPA Server V2 Message-ID: <<a href="mailto:AANLkTimSR3k_Vbm_xaVyNOeVmGeti6rDNWUgb6bh05Ko@mail.gmail.com">AANLkTimSR3k_Vbm_xaVyNOeVmGeti6rDNWUgb6bh05Ko@mail.gmail.com</a>> Content-Type: text/plain; charset="windows-1252" Hi I?m trying to set up password/identity sync to the FreeIPA V2 server from a Windows 2003R2 SP2 server to a Fedora 14. According to installation document in free ipa website [ <a href="http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/" target="_blank">http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/</a> ] ipa-replica-manage add option is no more there if i use connect option i get below error. There is not much in logs to troubleshoot. Please help me to resolve this issue. [root@fedora ~]# ipa-replica-manage connect --winsync --binddn CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert /root/bgkerb.cer <a href="http://bgkerb.test02.com" target="_blank">bgkerb.test02.com</a> -v --passsync asd312ASD Directory Manager password: INFO:root:args=/sbin/service dirsrv stop INFO:root:stdout=Shutting down dirsrv: AGV-COM...[ OK ] PKI-IPA...[ OK ] INFO:root:stderr= unexpected error: DsInstance instance has no attribute 'subject_base' -- ---------------------------- With Best Regards Aravind G V Ph-9880346065 "I want it all, That's why I strive for it, I know that it's coming" - Drake from "Successful" -------------- next part -------------- An HTML attachment was scrubbed... URL: <<a href="https://www.redhat.com/archives/freeipa-users/attachments/20110114/518de32f/attachment.html" target="_blank">https://www.redhat.com/archives/freeipa-users/attachments/20110114/518de32f/attachment.html</a>> ------------------------------ Message: 2 Date: Fri, 14 Jan 2011 11:15:23 +0100 From: Jakub Hrozek <<a href="mailto:jhrozek@redhat.com">jhrozek@redhat.com</a>> To: <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> Subject: Re: [Freeipa-users] ipa-replica-manage command fails while Setting up Windows Sync on the IPA Server V2 Message-ID: <<a href="mailto:20110114101522.GA17525@zeppelin.brq.redhat.com">20110114101522.GA17525@zeppelin.brq.redhat.com</a>> Content-Type: text/plain; charset=utf-8 On Fri, Jan 14, 2011 at 03:08:44PM +0530, Aravind GV wrote: > Hi > > I?m trying to set up password/identity sync to the FreeIPA V2 server from a > Windows 2003R2 SP2 server to a Fedora 14. According to installation document > in free ipa website [ > <a href="http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/" target="_blank">http://freeipa.org/docs/2.0.0/Installation_Deployment_Guide/en-US/html/</a> ] > ipa-replica-manage add option is no more there if i use connect option i get > below error. There is not much in logs to troubleshoot. Please help me to > resolve this issue. > > [root@fedora ~]# ipa-replica-manage connect --winsync --binddn > CN=agv,OU=Users,DC=bgkerb,DC=test02,DC=com --bindpw asd312ASD --cacert > /root/bgkerb.cer <a href="http://bgkerb.test02.com" target="_blank">bgkerb.test02.com</a> -v --passsync asd312ASD > Directory Manager password: > INFO:root:args=/sbin/service dirsrv stop > INFO:root:stdout=Shutting down dirsrv: > AGV-COM...[ OK ] > PKI-IPA...[ OK ] > > INFO:root:stderr= > unexpected error: DsInstance instance has no attribute 'subject_base' > Hi, The full Python exception can be found in /var/log/ipareplica-install.log. Can you post the last couple of lines with the traceback? Thank you, Jakub ------------------------------ Message: 3 Date: Fri, 14 Jan 2011 09:19:21 -0500 From: Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>> To: Uzor Ide <<a href="mailto:ide4you@gmail.com">ide4you@gmail.com</a>> Cc: <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> Subject: Re: [Freeipa-users] certmonger selinux issue and freeipa dns database error problem Message-ID: <<a href="mailto:4D305B69.2090007@redhat.com">4D305B69.2090007@redhat.com</a>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Uzor Ide wrote: > > We have a network that relies on kerberos, 389-ds, bind and nfs4. I am > currently testing out the freeipa version 2 to see if we can use it to > consolidate the various configuration into one interface. For the most > part it works great apart from the obvious area where it has not been > completed. However there are somethings that I have noticed. > > 1.) The DNS logging always logs database error every time it access the > ldap. even though the query returns okay and the dns reply is fine. > > here is an excerpt of the log named.run > > 24-Oct-2010 10:32:33.025 edns-disabled: info: success resolving > '<a href="http://www.mailscanner.tv/A" target="_blank">www.mailscanner.tv/A</a> <<a href="http://www.mailscanner.tv/A" target="_blank">http://www.mailscanner.tv/A</a>>' (in '<a href="http://mailscanner.tv" target="_blank">mailscanner.tv</a> > <<a href="http://mailscanner.tv" target="_blank">http://mailscanner.tv</a>>'?) after reducing the advertised EDNS UDP packet > size to 512 octets > 24-Oct-2010 10:34:41.137 database: error: querying 'idnsName=wpad, > idnsname=<a href="http://uzdomain.ca" target="_blank">uzdomain.ca</a> <<a href="http://uzdomain.ca" target="_blank">http://uzdomain.ca</a>>,cn=dns,dc=uzdomain,dc=ca' with > '(objectClass=idnsRecord)' > 24-Oct-2010 10:34:41.140 database: error: querying 'idnsname=<a href="http://uzdomain.ca" target="_blank">uzdomain.ca</a> > <<a href="http://uzdomain.ca" target="_blank">http://uzdomain.ca</a>>,cn=dns,dc=uzdomain,dc=ca' with > '(objectClass=idnsRecord)' > 24-Oct-2010 10:34:41.143 database: error: entry count: 1 > 24-Oct-2010 10:34:41.146 database: error: querying 'idnsName=wpad, > idnsname=<a href="http://uzdomain.ca" target="_blank">uzdomain.ca</a> <<a href="http://uzdomain.ca" target="_blank">http://uzdomain.ca</a>>,cn=dns,dc=uzdomain,dc=ca' with > '(objectClass=idnsRecord)' > 24-Oct-2010 10:39:43.581 database: error: querying 'idnsName=wpad, > idnsname=<a href="http://uzdomain.ca" target="_blank">uzdomain.ca</a> <<a href="http://uzdomain.ca" target="_blank">http://uzdomain.ca</a>>,cn=dns,dc=uzdomain,dc=ca' with > '(objectClass=idnsRecord)' > 24-Oct-2010 10:39:43.583 database: error: querying 'idnsname=<a href="http://uzdomain.ca" target="_blank">uzdomain.ca</a> > <<a href="http://uzdomain.ca" target="_blank">http://uzdomain.ca</a>>,cn=dns,dc=uzdomain,dc=ca' with > '(objectClass=idnsRecord)' > 24-Oct-2010 10:39:43.586 database: error: entry count: 1 > 24-Oct-2010 10:39:43.589 database: error: querying 'idnsName=wpad, > idnsname=<a href="http://uzdomain.ca" target="_blank">uzdomain.ca</a> <<a href="http://uzdomain.ca" target="_blank">http://uzdomain.ca</a>>,cn=dns,dc=uzdomain,dc=ca' with > '(objectClass=idnsRecord)' > > here is our logging configuration > > // ******************* > // Logging definitions > // ******************* > > // Logging > logging { > channel "named_log" { > file "data/log/named.run" versions 5 size 4m; > severity dynamic; > print-category yes; > print-severity yes; > print-time yes; > }; > > channel "security_log" { > file "data/log/security.log" versions 5 size 10m; > severity dynamic; > print-category yes; > print-severity yes; > print-time yes; > }; > > channel "query_log" { > file "data/log/query.log" versions 5 size 50m; > #severity dynamic; > severity debug; > print-category yes; > print-severity yes; > print-time yes; > }; > > channel "transfer_log" { > file "data/log/transfer.log" versions 5 size 10m; > severity dynamic; > print-category yes; > print-severity yes; > }; > > category "default" { > "named_log"; > "default_syslog"; > "default_debug"; > }; > > category "general" { > "named_log"; > }; > > category "queries" { > "query_log"; > }; > > category "lame-servers" { > null; > }; > > category "security" { > "security_log"; > }; > > category "config" { > "named_log"; > }; > > category "resolver" { > "query_log"; > }; > > category "xfer-in" { > "transfer_log"; > }; > > category "xfer-out" { > "transfer_log"; > }; > > category "notify" { > "transfer_log"; > }; > > category "client" { > "query_log"; > }; > > category "network" { > "named_log"; > }; > > category "update" { > "transfer_log"; > }; > > category "dnssec" { > "security_log"; > }; > > category "dispatch" { > "security_log"; > }; > }; > > This error message keeps triggering our monitoring systems. This has been fixed in bug <a href="https://bugzilla.redhat.com/show_bug.cgi?id=656454" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=656454</a>. It should show up as bind-dyndb-ldap-0.2.0-1.fc14 in the Fedora updates-testing repo in the next day or so. rob ------------------------------ _______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> End of Freeipa-users Digest, Vol 30, Issue 8 ******************************************** </blockquote></div> -- ---------------------------- With Best Regards Aravind G V Ph-9880346065 "I want it all, That's why I strive for it, I know that it's coming" - Drake from "Successful" </div>