Hello guys, The team was trying some new things and we got some errors we would like to share: ERR - _csngen_adjust_local_time - Adjustment limit exceeded; value - ####, limit - #### (I'm not sure if you care to see the actual numbers)
ERR - ldbm_back_modify - failed to generate modify CSN for entry (cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca), aborting operation After some google searches we found the following links, but want to validate with you guys the steps are what we need. Here are some of those links we have found: We have perform the following steps following this link: https://lists.fedoraproject.org/archives/list/[email protected]/thread/QRQMHFTUB72B6OQJSKYSAQJTQVCZVNLG/ The steps are (for the case where your certs are still valid): 1. Stop certmonger 2. grep dogtag-ipa-ca-renew-agent /var/lib/certmonger/cas/* 3. There should be two. You want the one with "id=dogtag-ipa-ca-renew-agent" 4. Modify that file and add -N to ca_external_helper. It needs to look like: ca_external_helper=/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit -N We have also found the following link, but not perform the suggested steps. https://directory.fedoraproject.org/docs/389ds/howto/howto-fix-and-reset-time-skew.html Since the only way to get the service back is to set the local time and date back to a time before the certs expired, do you know of any way to resolve the clock skew problem with the directory service? Other than what is suggested in the link above? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
