On Fri, Sep 24, 2010 at 10:43 AM, Dmitri Pal <[email protected]> wrote:
> Brian LaMere wrote:
> > ah, odd - I'm used to IPs being IA5. then the equality match should
> > be changed? Can't have caseIgnoreIA5Match on a directory string :)
> Yes. This is what the patch does :-)
>
>
so, out of curiousity...why 60sudo? Seems like a string matching netmask
could be used more generically...it's redefined over as
radiusFramedIPNetmask in 60radius.ldif. I go through and purge my tree of
attributes I'll never need, sorry - I have strange quirks.
Also, I've noted that when I stop services, then start them again per the
order in /etc/rc3.d, named doesn't know about the local domain yet because
it connects to an empty socket (since the krb and dirsrv services aren't
started yet)
trying to establish LDAP connection to
ldapi://%2fvar%2frun%2fslapd-BRIAN-INTERNAL.socket
which fails at:
Principal not found in cred cache (Matching credential not found)
Once everything is up, if I run "rndc reload" the local domain lookups (and
thus, everything else) works again. Should one of the other services
incorporate a rndc reload, for this reason? I didn't actually restart the
server (can't, due to something else it is doing) I just stopped things per
rc3.d/k* order, and then started them per s* order.
Brian
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
