Brian LaMere wrote:
On Fri, Sep 24, 2010 at 10:43 AM, Dmitri Pal <[email protected] <mailto:[email protected]>> wrote:Brian LaMere wrote: > ah, odd - I'm used to IPs being IA5. then the equality match should > be changed? Can't have caseIgnoreIA5Match on a directory string :) Yes. This is what the patch does :-) so, out of curiousity...why 60sudo? Seems like a string matching netmask could be used more generically...it's redefined over as radiusFramedIPNetmask in 60radius.ldif. I go through and purge my tree of attributes I'll never need, sorry - I have strange quirks. Also, I've noted that when I stop services, then start them again per the order in /etc/rc3.d, named doesn't know about the local domain yet because it connects to an empty socket (since the krb and dirsrv services aren't started yet) trying to establish LDAP connection to ldapi://%2fvar%2frun%2fslapd-BRIAN-INTERNAL.socket which fails at: Principal not found in cred cache (Matching credential not found) Once everything is up, if I run "rndc reload" the local domain lookups (and thus, everything else) works again. Should one of the other services incorporate a rndc reload, for this reason? I didn't actually restart the server (can't, due to something else it is doing) I just stopped things per rc3.d/k* order, and then started them per s* order. Brian
I use /usr/sbin/ipactl to restart all the IPA services myself. This could definitely be a problem on reboot though. I filed ticket https://fedorahosted.org/freeipa/ticket/294 to investigate this further.
rob _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
