trust-add => ipa: ERROR: Cannot find specified domain or server name
by lejeczek
hi guys
I'm trying to add a trust to AD, I do DNS regural(as per Win
Integration Guide) and all seems good, but it fails with
error as per the subject.
With regards to DNS, only thing on the odd side (guide
mentions this record) is missing
_kerberos._udp.dc._msdcs.ad.example.com
Would this be a problem.
I also use --server to trust-add but it fails the same.
How to troubleshoot it? ipa -v also does not reveal more.
Process asks:
Active Directory domain administrator's password:
and the fails immediately.
many thanks, L.
6 years, 1 month
any freeipa master slave configuration
by barrykfl@gmail.com
Hi:
I m seeking a replication of master - slave mode of free ipa ?
Is there such mode ? as I saw actually 2 nodes configuration acutally
called master - master .
Regards
6 years, 1 month
Client install fails: Automember Plugin update unexpectedly failed.
by greg@greg-gilbert.com
Hey,
Things have been fine for a long time, but in the last day or so we've
been seeing a lot of errors. We can't create any IPA users, and we get
this whenever we try to run ipa-client-install:
> Synchronizing time with KDC...
> Attempting to sync time using ntpd. Will timeout after 15 seconds
> Attempting to sync time using ntpd. Will timeout after 15 seconds
> Unable to sync time with NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
> Joining realm failed: RPC failed at server. Server is unwilling to perform: Automember Plugin update unexpectedly failed.
I see this error repeatedly in the logs:
> [14/Mar/2018:22:23:40.011998888 +0000] seq id2entry err -30988
> [14/Mar/2018:22:23:40.013516946 +0000] DSRetroclPlugin - replog: an error occured while adding change number 1, dn = changenumber=1,cn=changelog: Already exists.
> [14/Mar/2018:22:23:40.014652652 +0000] retrocl-plugin - retrocl_postob: operation failure [68]
And this is in sssd/sssd_nss.log:
> (Wed Mar 14 22:18:05 2018) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
I've tried stopping and starting ipactl, sssd, and nothing changes. I
tried rebooting the instance, that didn't help either.
Any ideas?
6 years, 1 month
Re: [SSSD-users] Re: Re: Auto create NFS home folders on IPA Server.
by TomK
On 3/4/2018 10:23 AM, Galen Johnson wrote:
Hey Galen / Trevor,
Thanks for replying. Like other posters seem to be having, sssd /
oddjobd / mkhomedir isn't even trying to make a directory on /n which is
an automounted NFSv4 path:
[root@ipaclient01 oddjobd.conf.d]# grep -Ei mkhomedir /etc/pam.d/*
/etc/pam.d/fingerprint-auth:session optional
pam_oddjob_mkhomedir.so umask=0077
/etc/pam.d/fingerprint-auth-ac:session optional
pam_oddjob_mkhomedir.so umask=0077
/etc/pam.d/password-auth:session optional
pam_oddjob_mkhomedir.so umask=0077
/etc/pam.d/password-auth-ac:session optional
pam_oddjob_mkhomedir.so umask=0077
/etc/pam.d/smartcard-auth:session optional
pam_oddjob_mkhomedir.so umask=0077
/etc/pam.d/smartcard-auth-ac:session optional
pam_oddjob_mkhomedir.so umask=0077
/etc/pam.d/system-auth:session optional pam_oddjob_mkhomedir.so
umask=0077
/etc/pam.d/system-auth-ac:session optional
pam_oddjob_mkhomedir.so umask=0077
[root@ipaclient01 oddjobd.conf.d]#
I have no_root_squash enabled temporarily as I test everything out (It's
only a LAB) and I can make the folder as root from within the client (ie
by typing the command in myself) but it just doesn't work from within
oddjobd / mkhomedir for some reason unless it's on a local UNIX
filesystem. It appears only able to change directory to an NFS v4
mount, not actually create anything on it.
What I'm trying to do is follow an earlier suggestion and send the
directory creation over to the NFS v4 Cluster I have by setting up a
client-server type of python code. The code opens up a port on the
NFSv4 server and accepts a set of messages. Then the client send the
server a message and waits for a reply, then the client logs the user in
once directory is created and available. I've succeeded so far as to
get oddjobd to run my custom code and send 'something' over to the
server but I can't get oddjobd to give up the user it's trying to create
the directory for.
To be perfectly open, I'm not yet convinced having this TCP/IP
client-server code would be much better then no_root_squash but
optimistic that via python, I can provide better security in the long
run, if not the short run.
Seems this might be related to the first problem above. Maybe I'm not
getting a user via oddjobd.conf because the NFSv4 mount isn't
recognized? (This is a guess and I'm really stretching here.)
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
Not to loose Trevor's reply, I'm including it here.
---------------------------------------
On 3/4/2018 11:21 AM, Trevor Vaughan via FreeIPA-users wrote:
> I use this in a cron job that's dropped by Puppet.
>
>
https://github.com/simp/pupmod-simp-simp_nfs/blob/master/templates/etc/cr...
>
>
https://github.com/simp/pupmod-simp-simp_nfs/blob/master/manifests/create...
>
> There's really no way to do this in real time without a LOT of
> additional infrastructure since you're looking at rapid cross-system
> based on enterprise-wide log processing. Users can generally wait the
> <=60 minutes that a cron job will entail.
>
> Trevor
----------------------------------------
> This is most likely due to the nfs mount having 'root_squash" set which
> prevents remote servers root from from writing as root (typically nobody
> or nfsnobody). If you are confident that the servers are secure, you
> could mount the NFS share with 'no_root_squash'. It has some security
> concerns but it would allow oddjob_mkhomedir to create homedirs.
> Another option would be to add '<allow user="apache"/>' in addition to root.
>
> =G=
>
> On Sun, Mar 4, 2018 at 3:53 AM, TomK <tomkcpr(a)mdevsys.com
> <mailto:tomkcpr@mdevsys.com>> wrote:
>
> On 2/28/2018 11:19 PM, TomK wrote:
>
> On 2/27/2018 3:40 AM, Alexander Bokovoy wrote:
>
> On ti, 27 helmi 2018, TomK via FreeIPA-users wrote:
>
> On 2/26/2018 1:27 AM, Alexander Bokovoy via
> FreeIPA-users wrote:
> Thanks Alex. + SSSD mailing list.
>
> Two remaining questions.
>
> 1) Creating the NFS user folders on the server itself is
> not a problem however I would like to trap events that
> indicate USER logged into a client host. On this event,
> a home directory could then be created on the FreeIPA
> side. Without such an event I can't precreate it. So
> when a user logs into a client machine, is there any
> SSSD call initiated to the FreeIPA server that would
> show up in a log for example that I could in turn use to
> run a small shell script to precreate the user's home
> folder, if it doesn't exist?
>
> This is not something FreeIPA can help with. We already have
> pam_oddjob_mkhomedir module and its default configuration
> provides you a
> way to create directories out of band using oddjob-mkhomedir
> helper. I
> think at the very least you can have a wrapper that:
> - would check some configuration and push a message to some
> server to
> create a home directory somewhere else
> - would wait for a response back that a directory is created
> (either by
> polling a home directory appearance or communicating
> some other way
> with the remote tool that creates a directory)
> - would otherwise call a standard helper provided by
> oddjob-mkhomedir
>
> See /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf for details.
>
>
> Ty. Yes, thinking along those lines. Netcat w/ bash maybe
> (https://tinyurl.com/yat9k3hv), but simpler. Not sure yet.
>
>
> I'm able to write a small python job that will send the username
> logging in to the remote server for directory creation. Not great
> but a start. Not sure if this is the right place to ask but curious
> how get the user logging in and pass it to this script from within
> the oddjobd daemon?
>
> Anyway, I can't pass the user logging in into the code.
>
> # cat oddjobd-mkhomedir.conf
> .
> .
> .
> <interface name="com.redhat.oddjob_mkhomedir">
>
> <method name="mkmyhomedir">
> <helper exec="/bin/it.py"
> arguments="0"
> prepend_user_name="yes"/>
> <!-- no acl entries -> not allowed for anyone -->
> </method>
>
> <method name="mkhomedirfor">
> <helper exec="/bin/it.py ITDNWORK"
> arguments="1"
> prepend_user_name="yes"/>
> <allow user="root"/>
> </method>
>
> </interface>
> .
> .
> .
>
> Btw, above mkhomedir doesn't work on NFS v4 mounted folders anyway.
>
>
>
>
> 2) Is there a way to get SSSD to retrieve the
> unixHomeDirectory that's defined in the UNIX Attribute
> on the AD side? Would be handy if I want to control all
> home directory locations on the AD side. The
> override_homedir works to force a folder but when I try
> the %o option to override_homedir, it appears to take
> the FreeIPA default home directory, not the AD one.
>
> unixHomeDirectory is the default for
> ldap_user_home_directory for AD
> provider. Since all IPA trusted subdomains are using AD
> provider,
> unixHomeDirectory would just be used automatically.
>
>
> Only override_homedir works for me. User 'tom' in AD has
> unixHomeDirectory set to /home/tom but on a unix client
> connected to FreeIPA home directory is always /home/my.dom/tom
> instead of just /home/tom . Scratching my head as to what I
> might be missing here or not understanding well enough. My config:
>
> [domain/nix.my.dom]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = nix.my.dom
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = ipaclient01.nix.my.dom
> chpass_provider = ipa
> ipa_server = idmipa01.nix.my.dom, idmipa02.nix.my.dom
> ldap_tls_cacert = /etc/ipa/ca.crt
> autofs_provider = ipa
> ipa_automount_location = UserHomeDir01
>
> # Added after below home dir variables didn't work. No effect.
> dyndns_update = true
> dyndns_update_ptr = true
> ldap_schema = ad
> ldap_id_mapping = true
>
> # override_homedir = /n/%d/%u
> # This did not work.
> fallback_homedir = /n/%d/%u
> ldap_user_home_directory = unixHomeDirectory
>
>
> [sssd]
> debug_level = 9
> services = nss, sudo, pam, autofs, ssh
> config_file_version = 2
>
> domains = nix.my.dom
>
> [nss]
> debug_level = 9
> homedir_substring = /n
>
> [pam]
> debug_level = 9
>
> [sudo]
> debug_level = 9
>
> [autofs]
> .
> .
> .
>
>
>
> Cheers,
> Tom
>
> On su, 25 helmi 2018, TomK via FreeIPA-users wrote:
>
> Hey Guy's,
>
> For newly added AD or IPA users, is there a way
> to automatically create the user folders on the
> FreeIPA server under say /nfs/home/bill, for
> example so that when the remote client logs in,
> it sees the NFS mounted folder?
>
> Instructions that I can find right now require
> precreating the folders. Need them precreated
> via the FreeIPA master servers anytime someone
> attempts to login on a client using their AD
> credentials. Is this possible? Assume the NFS
> server will be local to the FreeIPA masters.
>
> One needs to create home directories on the NFS
> server itself. If home
> directories are mounted via NFS, then you need to
> have enough permission
> to create the folder at the NFS root which is not
> what you'd want to
> allow a regular user. Thus, it needs to be solved
> outside of a log-in
> flow.
>
> We don't provide any means to solve this in FreeIPA
> because file
> sharing/hosting is not a FreeIPA problem. If your
> NFS server is running
> on an IPA master, though, you might want to consider
> not using NFS
> mounts on that server itself. In this case a normal
> oddjob-based
> pam_mkhomedir would create the directories just fine.
>
>
> Found steps like the one below but step 5) still
> requires pre creation of the folders.
>
> https://www.redhat.com/archives/freeipa-users/2016-May/msg00380.html
> <https://www.redhat.com/archives/freeipa-users/2016-May/msg00380.html>
>
> https://serverfault.com/questions/705039/how-to-automate-directory-creati...
> <https://serverfault.com/questions/705039/how-to-automate-directory-creati...>
>
>
>
> --
> Cheers,
> Tom K.
> -------------------------------------------------------------------------------------
>
>
>
> Living on earth is expensive, but it includes a
> free trip around the sun.
> _______________________________________________
> FreeIPA-users mailing list --
> freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org>
>
>
>
>
> --
> Cheers,
> Tom K.
> -------------------------------------------------------------------------------------
>
>
> Living on earth is expensive, but it includes a free
> trip around the sun.
> _______________________________________________
> FreeIPA-users mailing list --
> freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org>
>
>
>
>
>
>
> --
> Cheers,
> Tom K.
> -------------------------------------------------------------------------------------
>
> Living on earth is expensive, but it includes a free trip around the
> sun.
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> <mailto:sssd-users@lists.fedorahosted.org>
> To unsubscribe send an email to
> sssd-users-leave(a)lists.fedorahosted.org
> <mailto:sssd-users-leave@lists.fedorahosted.org>
>
>
>
>
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>
6 years, 1 month
ipa-replica-manage: unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
by Harald Dunkel
Hi folks,
somehow my ipa servers became out of sync. ipa4 has an
additional host entry, not known on the others. On
examining I stumbled over this:
[root@ipa0 ~]# ipa-replica-manage clean-dangling-ruv
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
These RUVs are dangling and will be removed:
Host: ipabak.ac.example.de
RUVs:
id: 11, hostname: ipabak.ac.example.de
CS-RUVs:
Host: ipa1.example.de
RUVs:
id: 11, hostname: ipabak.ac.example.de
CS-RUVs:
Host: ipa0.example.de
RUVs:
id: 11, hostname: ipabak.ac.example.de
CS-RUVs:
Host: ipa3.example.de
RUVs:
id: 11, hostname: ipabak.ac.example.de
CS-RUVs:
Host: ipa4.example.de
RUVs:
id: 11, hostname: ipabak.ac.example.de
CS-RUVs:
Host: ipa2.example.de
RUVs:
id: 11, hostname: ipabak.ac.example.de
CS-RUVs:
Proceed with cleaning? [no]: yes
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
Clean the Replication Update Vector for ipabak.ac.example.de:389
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C
Cleanup task created
[root@ipa0 ~]# ipa-replica-manage clean-dangling-ruv
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
No dangling RUVs found
[root@ipa0 ~]# ipa-replica-manage list-ruv
unable to decode: {replica 7} 58809c7c000300070000 58809c7c000300070000
Replica Update Vectors:
ipa0.example.de:389: 12
ipa2.example.de:389: 5
ipa1.example.de:389: 4
ipa4.example.de:389: 8
ipa3.example.de:389: 6
ipabak.ac.example.de:389: 13
Certificate Server Replica Update Vectors:
ipa0.example.de:389: 1095
ipa2.example.de:389: 97
ipa1.example.de:389: 96
ipabak.ac.example.de:389: 1090
The ruvs are the same on all 6 hosts (AFAICS), so I wonder how I could
fix this?
Every helpful comment is highly appreciated.
Harri
6 years, 1 month
Using different distros
by Andrew Meyer
I have emailed in previously fro issues w/ Amazon Linux 2 as a replica server but I am wondering If I can use Amazon Linux 2 as a client machine to FreeIPA. Will I run into the same issues with SSL (NSS vs OpenSSL) that I did with the replica?
Thank you,Andrew
6 years, 1 month
What does migration mode actually do?
by Roderick Johnstone
Hi
I'm using migration mode (ipa config-mod --enable-migration=true) to
help migrate from one freeipa instance to another.
I wasn't able to find any docs on what enabling migration mode actually
does, exactly.
Can anyone supply details please?
Thanks.
Roderick Johnstone
6 years, 1 month
Re: [SSSD-users] Announcing SSSD 1.16.1
by Jakub Hrozek
> On 9 Mar 2018, at 14:45, Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> wrote:
>
> On Fri, 2018-03-09 at 13:28 +0100, Jakub Hrozek wrote:
>> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>>
>>
>> SSSD 1.16.1
>> ===========
>>
>> The SSSD team is proud to announce the release of version 1.16.1 of the
>> System Security Services Daemon.
>>
>> The tarball can be downloaded from https://releases.pagure.org/SSSD/sssd/
>>
>> RPM packages will be made available for Fedora shortly.
>>
>> Feedback
>> --------
>> Please provide comments, bugs and other feedback
>> via the sssd-devel or sssd-users mailing lists:
>> https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
>> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>
>
> Did a quick test here and it seems like enumerate = true is
> broken. Is it just me or .. ?
I don’t know about any bugs around enumeration in 1.16.1. Maybe you found an issue, but it’s hard to say without more context.
6 years, 1 month
ipa-kra-install error
by Natxo Asenjo
hi,
I want to try the vault but when I tried installing it it failed.
Unfortunately the error log got overwritten the next time I tried to
install it, so now I am stuck.
This is what I get:
# ipa-kra-install
Directory Manager password:
Directory Manager password is invalid
The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log
for more information
# ipa-kra-install
Directory Manager password:
KRA already installed
The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log
for more information
# cat /var/log/ipaserver-kra-install.log
2018-03-07T19:23:05Z DEBUG Logging to /var/log/ipaserver-kra-install.log
2018-03-07T19:23:05Z DEBUG ipa-kra-install was invoked with arguments []
and options: {'verbose': False, 'no_host_dns': False, 'quiet': False,
'log_file': None, 'unattended': False, 'uninstall': False}
2018-03-07T19:23:05Z DEBUG IPA version 4.5.0-22.el7.centos
2018-03-07T19:23:05Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2018-03-07T19:23:05Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2018-03-07T19:23:05Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py",
line 155, in run
raise admintool.ScriptError("KRA already installed")
2018-03-07T19:23:05Z DEBUG The ipa-kra-install command failed, exception:
ScriptError: KRA already installed
2018-03-07T19:23:05Z ERROR KRA already installed
2018-03-07T19:23:05Z ERROR The ipa-kra-install command failed. See
/var/log/ipaserver-kra-install.log for more information
Scrolling upwards I see this in my terminal (output of my first try):
[admin@kdc1 ~]$ sudo ipa-kra-install
Directory Manager password:
===================================================================
This program will setup Dogtag KRA for the IPA Server.
Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes
[1/9]: configuring KRA instance
Failed to configure KRA instance: Command '/usr/sbin/pkispawn -s KRA -f
/tmp/tmpTHe4sL' returned non-zero exit status 1
See the installation logs and the following files/directories for more
information:
/var/log/pki/pki-tomcat
[error] RuntimeError: KRA configuration failed.
Your system may be partly configured.
If you run into issues, you may have to re-install IPA on this server.
KRA configuration failed.
The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log
for more information
So does this mean my ipaserver is fubar? Not a huge problem because this is
my test system, but ..., well, that would be a bit disappointing.
--
regards,
Natxo
--
--
Groeten,
natxo
6 years, 1 month
removing a replica
by Andrew Meyer
I am trying to follow HowTo/Remove replica in a managed topology - FreeIPA to remove replica servers correctly. However when I do this I am running into an error:
[andrew.meyer@infra-test-ipa ~]$ ipa topologysegment-delSuffix name: domainSegment name: freeipa01.east.gatewayblend.net-to-freeipa01.stl1.gatewayblend.netipa: ERROR: Server is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed.[andrew.meyer@infra-test-ipa ~]$
However I came across this - Issue #6266: Cannot uninstall server in disconnected topology - freeipa - Pagure
|
| |
Issue #6266: Cannot uninstall server in disconnected topology - freeipa - Pagure
| |
|
Can I use the workaround or is there a better method?
In this case I do not have any topology disconnected:
[andrew.meyer@infra-test-ipa ~]$ ipa topologysegment-find domain --all------------------6 segments matched------------------ dn: cn=freeipa01.east.gatewayblend.net-to-freeipa01.stl1.gatewayblend.net,cn=domain,cn=topology,cn=ipa,cn=etc,dc=gatewayblend,dc=net Segment name: freeipa01.east.gatewayblend.net-to-freeipa01.stl1.gatewayblend.net Left node: freeipa01.east.gatewayblend.net Right node: freeipa01.stl1.gatewayblend.net Connectivity: both iparepltoposegmentstatus: autogen objectclass: iparepltoposegment, top
dn: cn=freeipa01.east.gatewayblend.net-to-infra-test-ipa2.gatewayblend.net,cn=domain,cn=topology,cn=ipa,cn=etc,dc=gatewayblend,dc=net Segment name: freeipa01.east.gatewayblend.net-to-infra-test-ipa2.gatewayblend.net Left node: freeipa01.east.gatewayblend.net Right node: infra-test-ipa2.gatewayblend.net Connectivity: both iparepltoposegmentstatus: autogen objectclass: iparepltoposegment, top
dn: cn=freeipa01.stl1.gatewayblend.net-to-freeipa03.stl1.gatewayblend.net,cn=domain,cn=topology,cn=ipa,cn=etc,dc=gatewayblend,dc=net Segment name: freeipa01.stl1.gatewayblend.net-to-freeipa03.stl1.gatewayblend.net Left node: freeipa01.stl1.gatewayblend.net Right node: freeipa03.stl1.gatewayblend.net Connectivity: both iparepltoposegmentstatus: autogen objectclass: iparepltoposegment, top
dn: cn=freeipa03.east.gatewayblend.net-to-infra-test-ipa.gatewayblend.net,cn=domain,cn=topology,cn=ipa,cn=etc,dc=gatewayblend,dc=net Segment name: freeipa03.east.gatewayblend.net-to-infra-test-ipa.gatewayblend.net Left node: freeipa03.east.gatewayblend.net Right node: infra-test-ipa.gatewayblend.net Connectivity: both iparepltoposegmentstatus: autogen objectclass: iparepltoposegment, top
dn: cn=infra-test-ipa.gatewayblend.net-to-infra-freeipa1-aws.gatewayblend.net,cn=domain,cn=topology,cn=ipa,cn=etc,dc=gatewayblend,dc=net Segment name: infra-test-ipa.gatewayblend.net-to-infra-freeipa1-aws.gatewayblend.net Left node: infra-test-ipa.gatewayblend.net Right node: infra-freeipa1-aws.gatewayblend.net Connectivity: left-right iparepltoposegmentstatus: autogen objectclass: iparepltoposegment, top
dn: cn=infra-test-ipa.gatewayblend.net-to-infra-test-ipa2.gatewayblend.net,cn=domain,cn=topology,cn=ipa,cn=etc,dc=gatewayblend,dc=net Segment name: infra-test-ipa.gatewayblend.net-to-infra-test-ipa2.gatewayblend.net Left node: infra-test-ipa.gatewayblend.net Right node: infra-test-ipa2.gatewayblend.net Connectivity: both iparepltoposegmentstatus: autogen objectclass: iparepltoposegment, top----------------------------Number of entries returned 6----------------------------[andrew.meyer@infra-test-ipa ~]$
6 years, 1 month