Multiple dot in hostname - DNS error
by Vivek Aggarwal
Our current implementation has multiple dots(.) names in the hostname ,details mentioned below & we're using below setting while configuring the IPA/Redhat IDM server with integrated DNS.
Hostname : testing-infra-01-dal1.testing.stg.avtar.local
realm_name: avtar.local
domain_name: avtar.local
Once the setup completes ., we're getting below error . We're suspecting its related to multiple dots in the hostname.
Considering the fact we cannot rename these hostname , please suggest how to resolve it . Is there a possibility to resolve it or we have to install/configure BIND DNS separately.
Does this error really prevents us from registering other machines within our environment having similar multi dot pattern in hostnames ?
+++++++++++++++++++++
ipapython.dnsutil: DEBUG The DNS query name does not exist: testing-infra-01-dal1.testing.stg.avtar.local.
ipaserver.dns_data_management: ERROR unable to resolve host name testing-infra-01-dal1.testing.stg.avtar.local. to IP address, ipa-ca DNS record will be incomplete
++++++++++++++++++++
5 years
FreeIPA and AD
by Kristian Petersen
Hello,
Where I work we are a small shop. We are currently using just FreeIPA for
authentication and DNS and other Linux management stuff that it does for
us. We have enough Windows workstations now that it would be really nice
to be able to manage those like we can our Linux stuff. From what I have
read thus far, it seems that if you use FreeIPA with AD AD is the primary
user store and FreeIPA kind of takes a back seat. I am looking for some
help in better understanding the implications of using FreeIPA along with
AD. Is there someone who could help me unravel this a bit or point me at
some good resources?
--
Kristian Petersen
System Administrator
BYU Dept. of Chemistry and Biochemistry
5 years
pki-tomcatd no longer working
by Sina Owolabi
Hi!
I am running a small IPA domain (CentOS 7 servers, ipa version 4.5.4,
api version 2.228), with one master, and two replicas, and I noticed
that pki-tomcatd no longer works on the master, after attempting a
reboot.
pki-tomcatd works fine on the slaves.
I noticed if I try to run IPA functions (dns record removal, hosts
management, user passwords, etc), I receive responses like this:
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (Internal Server Error)
But on the replicas, functions work fine.
Please can someone guide me on how to fix this?
5 years
Re: Lost IPA master Left with replica only
by Rob van Halteren
thanks for the hint.
I ran stuck during the search for the needed files in /var/lib/pki-ca/conf/CS.cfg on the master
in the CS.cfg file the related ca.crl items do not exist. and the ca.listenToCloneModifications=true.
This would implicate that its not the ca-master.
Unfortunately it is the ca-master.
Appart from this, I also was not able to install a CA on the replica with ipa-ca-install.
I abbondoned the effort to promote this replica and decided to install a new ipa-server.
This leads to an other problems for which i will open a new tread.
Regards,
Rob.
<http://www.linkedin.com/company/filmmore-amsterdam/>
5 years
IPA server on multiple subzones
by Callum Smith
Dear All,
We have a number of DNS sub zones in different IP subnets, and we want to ensure that DNS queries respond quickly and aren't waiting for timeouts. So as such we're thinking of putting our IPA on multiple interfaces, one in each sub zone, and registering the host and it's clients within that sub zone separately. To achieve this we need to add principal aliases for each sub zone to the IPA services - which appears to be working well so far, but I have a question: what's the best way to setup a new certificate for the web interface to allow SSL on the new sub zone interface. We're thinking of simply adding alt names to the certificate and getting a newly issued one from the local CA. Should we be looking to do this exclusively with certutil or should we be using ipa-server-certinstall.
I hope that this makes sense and our approach isn't complete madness.
Regards,
Callum
--
Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum(a)well.ox.ac.uk<mailto:callum@well.ox.ac.uk>
5 years
Very slow response from Web UI and command line on master server
by Alex Georgopoulos
Recently we have noticed that our master server is borderline unusable. The webui will time out with the message 'Web UI got in unrecoverable state during "metadata" phase.' Running commands on the command line take minutes to run. While trouble shooting this I found these errors in the http error_log. DOMAIN.NET is our redacted name.
[Fri Mar 01 00:28:10.054324 2019] [:error] [pid 70749] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 200, in read_input
[Fri Mar 01 00:28:10.054326 2019] [:error] [pid 70749] return environ['wsgi.input'].read(length).decode('utf-8')
[Fri Mar 01 00:28:10.054329 2019] [:error] [pid 70749] IOError: request data read error
[Fri Mar 01 00:28:10.054474 2019] [:error] [pid 70749] ipa: INFO: [jsonserver_kerb] admin(a)DOMAIN.NET: None: InternalError
[Fri Mar 01 00:28:10.070493 2019] [:error] [pid 70749] ipa: ERROR: non-public: IOError: request data read error
[Fri Mar 01 00:28:10.070514 2019] [:error] [pid 70749] Traceback (most recent call last):
[Fri Mar 01 00:28:10.070517 2019] [:error] [pid 70749] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 360, in wsgi_execute
[Fri Mar 01 00:28:10.070520 2019] [:error] [pid 70749] data = read_input(environ)
[Fri Mar 01 00:28:10.070528 2019] [:error] [pid 70749] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 200, in read_input
[Fri Mar 01 00:28:10.070531 2019] [:error] [pid 70749] return environ['wsgi.input'].read(length).decode('utf-8')
[Fri Mar 01 00:28:10.070533 2019] [:error] [pid 70749] IOError: request data read error
[Fri Mar 01 00:28:10.070698 2019] [:error] [pid 70749] ipa: INFO: [xmlserver] admin(a)DOMAIN.NET: None: InternalError
[Fri Mar 01 00:28:10.086787 2019] [:error] [pid 70749] ipa: ERROR: non-public: IOError: request data read error
[Fri Mar 01 00:28:10.086809 2019] [:error] [pid 70749] Traceback (most recent call last):
[Fri Mar 01 00:28:10.086812 2019] [:error] [pid 70749] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 360, in wsgi_execute
[Fri Mar 01 00:28:10.086815 2019] [:error] [pid 70749] data = read_input(environ)
[Fri Mar 01 00:28:10.086817 2019] [:error] [pid 70749] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 200, in read_input
[Fri Mar 01 00:28:10.086820 2019] [:error] [pid 70749] return environ['wsgi.input'].read(length).decode('utf-8')
[Fri Mar 01 00:28:10.086823 2019] [:error] [pid 70749] IOError: request data read error
[Fri Mar 01 00:28:10.086968 2019] [:error] [pid 70749] ipa: INFO: [jsonserver_kerb] admin(a)DOMAIN.NET: None: InternalError
[Fri Mar 01 00:28:10.103055 2019] [:error] [pid 70749] ipa: ERROR: non-public: IOError: request data read error
[Fri Mar 01 00:28:10.103075 2019] [:error] [pid 70749] Traceback (most recent call last):
[Fri Mar 01 00:28:10.103077 2019] [:error] [pid 70749] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 360, in wsgi_execute
[Fri Mar 01 00:28:10.103080 2019] [:error] [pid 70749] data = read_input(environ)
[Fri Mar 01 00:28:10.103083 2019] [:error] [pid 70749] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 200, in read_input
[Fri Mar 01 00:28:10.103085 2019] [:error] [pid 70749] return environ['wsgi.input'].read(length).decode('utf-8')
[Fri Mar 01 00:28:10.103088 2019] [:error] [pid 70749] IOError: request data read error
[Fri Mar 01 00:28:10.103245 2019] [:error] [pid 70749] ipa: INFO: [xmlserver] admin(a)DOMAIN.NET: None: InternalError
[Fri Mar 01 00:28:10.119618 2019] [:error] [pid 70749] ipa: INFO: [jsonserver_kerb] admin(a)DOMAIN.NET: ping(): SUCCESS
[Fri Mar 01 00:28:10.138727 2019] [:error] [pid 70749] ipa: INFO: [jsonserver_session] admin(a)DOMAIN.NET: ping(): SUCCESS
[Fri Mar 01 00:28:10.142020 2019] [:warn] [pid 70986] [client 172.31.59.230:50746] failed to set perms (3140) on file (/var/run/ipa/ccaches/admin(a)DOMAIN.NET)!, referer: https://ipa-1.domain.net/ipa/xml
5 years
IPAM that integrates well with FreeIPA
by TomK
Hey Guy's,
I'm looking for an IPAM (IP Address Management) tool that will integrate
with FreeIPA to provide:
1) IP Management
2) Provides DHCP
3) *Integrates well with FreeIPA*
Many of the tools I saw provide conflicting capabilities. Would be
great if the IPAM tool checked FreeIPA to see if the IP is already used.
Has anyone come across such a tool and tried it with FreeIPA?
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
5 years