Swiching which FreeIPA server is the main CA
by Kristian Petersen
I am having problems with the server that currently is my main CA and was
considering trying to switch that function to a different server. I have
tried some of the stuff I found online but the CA role can't be enabled on
another server because it is broken on the one that has it right now.
Hence the operation fails. Any other ideas on how to resolve this? It is
OK if I have to abandon my old certificates and generate entirely new one
on the new CA server.
--
Kristian Petersen
System Administrator
Dept. of Chemistry and Biochemistry
6 years, 5 months
Re: libsemanage updates fail due to AD user with space
by Lachlan Musicman
On 4 April 2017 at 17:44, Lukas Slebodnik <lslebodn(a)redhat.com> wrote:
> >>> On Mon, Apr 03, 2017 at 11:00:21AM +1000, Lachlan Musicman wrote:
> >>> >
> >>> > With SSSD/IPA in use, in a one way trust to AD, and AD users have
> spaces
> >>> in
> >>> > their names, libsemanage fails to update:
> >>> >
> >>> > eg from recent monthly upgrade cycle:
> >>> >
> >>> > Updating :
> >>> > selinux-policy-targeted-3.13.1-102.el7_3.16.noarch
> >>> > 3/14
> >>> > libsemanage.parse_assert_ch: expected character ':', but found 'f'
> >>> > (/etc/selinux/targeted/tmp/seusers.local: 5):
> >>> > lastname firstname@domain.com:unconfined_u:s0-s0:c0.c1023 (No such
> file
> >>> or
> >>> > directory).
> >>> > libsemanage.seuser_parse: could not parse seuser record (No such
> file or
> >>> > directory).
> >>> > libsemanage.dbase_file_cache: could not cache file database (No such
> file
> >>> > or directory).
> >>> > libsemanage.semanage_base_merge_components: could not merge local
> >>> > modifications into policy (No such file or directory).
> >>> >
> >>>
> >>> Hi,
> >>> according to my quick testing this is solved with this PR:
> >>> https://github.com/SSSD/sssd/pull/189
> >This patch will not help with spaces in name.
> >
> >it need to be fixed in selinux-policy or libsemanage.
> >
>
> It looks like it happen with each upgrade of selinux-policy.
> I assume it might be some missing quoting in rpm bash scriptlet.
>
> It should not be difficult to reproduce and file a bug.
> Feel free to add to CC my mail.
>
Lukas,
I've just seen this again. When you said "file a bug" did you mean against
ipa or against selinux?
(I've just seen it again)
Updating :
selinux-policy-targeted-3.13.1-166.el7_4.5.noarch
56/149
libsemanage.parse_assert_ch: expected character ':', but found 'j'
(/etc/selinux/targeted/tmp/seusers.local: 5):
last jason@domain.com:unconfined_u:s0-s0:c0.c1023 (No such file or
directory).
libsemanage.seuser_parse: could not parse seuser record (No such file or
directory).
libsemanage.dbase_file_cache: could not cache file database (No such file
or directory).
libsemanage.semanage_base_merge_components: could not merge local
modifications into policy (No such file or directory).
/usr/sbin/semodule: Failed!
cheers
L.
------
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the insistence that we cannot ignore the truth, nor should we panic
about it. It is a shared consciousness that our institutions have failed
and our ecosystem is collapsing, yet we are still here — and we are
creative agents who can shape our destinies. Apocalyptic civics is the
conviction that the only way out is through, and the only way through is
together. "
*Greg Bloom* @greggish
https://twitter.com/greggish/status/873177525903609857
6 years, 5 months