Header Shadow Image


Archive for the 'NIX Posts' Category

LDAP ldapmodify: additional info: attribute “ipaBaseID” not allowed

When modifying LDAP entries, you may get the following error: [root@idmipa03 ~]# ldapmodify -H ldapi://%2fvar%2frun%2fslapd-MWS-MDS-XYZ.socket << EOF > dn: cn=ranges,cn=etc,dc=mws,dc=mds,dc=xyz > changetype: modify > replace: ipaBaseID > ipaBaseID: 155600000 > EOF SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=ranges,cn=etc,dc=mws,dc=mds,dc=xyz" ldap_modify: Object class violation (65)         additional info: attribute […]

LDAP ldapmodify: additional info: single-valued attribute “ipaBaseRID” has multiple values

You may run into the following when trying to modify the FreeIPA ID Ranges: [root@ipa03 ~]# ldapmodify -H ldapi://%2fvar%2frun%2fslapd-MWS-MDS-XYZ.socket << EOF > dn: cn=MDS.XYZ_id_range,cn=ranges,cn=etc,dc=mws,dc=mds,dc=xyz > changetype: modify > add: ipaBaseRID > ipaBaseRID: 200000000 > EOF SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=MDS.XYZ_id_range,cn=ranges,cn=etc,dc=mws,dc=mds,dc=xyz" ldap_modify: Object class violation (65)       […]

Free IPA Replication Verification Tool

There is a tool available that does a verification of the replication of each FreeIPA host: yum install git -y; git clone https://github.com/peterpakos/checkipaconsistency.git # ./cipa -d mws.mds.xyz -W "SECRET" +——————–+————+————-+——-+ | FreeIPA servers:   | idmipa03   | idmipa04    | STATE | +——————–+————+————-+——-+ | Active Users       | 1       […]

[sssd[pac]] [accept_fd_handler] (0x0020): Access denied for uid [994]. / [resolv_discover_srv_done] (0x0040): SRV query failed [11]: Could not contact DNS servers

You receive the following two errors when dealing with apparent group lookups using getent group <USER GROUP> : [sssd[pac]] [accept_fd_handler] (0x0020): Access denied for uid [994].  [resolv_discover_srv_done] (0x0040): SRV query failed [11]: Could not contact DNS servers

Feb 17 00:35:37 idmipa04 ns-slapd: [17/Feb/2019:00:35:37.251117736 -0500] – ERR – agmt=”cn=meToidmipa03.mws.mds.xyz” (idmipa03:389) – clcache_load_buffer – Can’t locate CSN 5c593ee3000200050000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.

When you get this: Feb 17 00:35:37 idmipa04 ns-slapd: [17/Feb/2019:00:35:37.251117736 -0500] – ERR – agmt="cn=meToidmipa03.mws.mds.xyz" (idmipa03:389) – clcache_load_buffer – Can't locate CSN 5c593ee3000200050000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. Run this on the replica throwing the above error: [root@idmipa04 ~]# ipa-replica-manage re-initialize –from idmipa03.mws.mds.xyz Directory Manager […]

Zabbix: [Z3001] connection to database ‘zabbix’ failed: [2003] Can’t connect to MySQL server on ‘mysql-01.abc.xyz.123’ (13)

Zabbix error: [Z3001] connection to database ‘zabbix’ failed: [2003] Can't connect to MySQL server on 'mysql-01.abc.xyz.123' (13) related to: audit.log:type=AVC msg=audit(1549949080.977:11328): avc:  denied  { name_connect } for  pid=9115 comm="zabbix_server" dest=3306 scontext=system_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket is solved by: # grep AVC /var/log/audit/audit.log | audit2allow -M systemd-allow; semodule -i systemd-allow.pp Cheers, TK

Zabbix: cannot start preprocessing service: Cannot bind socket to “/var/run/zabbix/zabbix_server_preprocessing.sock”: [98] Address already in use.

Zabbix error:  10272:20190212:003104.073 cannot start preprocessing service: Cannot bind socket to "/var/run/zabbix/zabbix_server_preprocessing.sock": [98] Address already in use.  10239:20190212:003104.078 One child process died (PID:10272,exitcode/signal:1). Exiting … related to: # cat ../audit/audit.log|grep -Ei denied|tail type=AVC msg=audit(1549949530.062:12551): avc:  denied  { unlink } for  pid=10521 comm="zabbix_server" name="zabbix_server_preprocessing.sock" dev="tmpfs" ino=3998803 scontext=system_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:zabbix_var_run_t:s0 tclass=sock_file is solved by: # grep AVC /var/log/audit/audit.log* […]

Zabbix: cannot set resource limit: [13] Permission denied

Zabbix error:  10587:20190212:003514.676 using configuration file: /etc/zabbix/zabbix_server.conf  10587:20190212:003514.676 cannot set resource limit: [13] Permission denied relates to: [root@host01 zabbix]# cat ../audit/audit.log|grep -Ei denied|tail type=AVC msg=audit(1549949714.675:12570): avc:  denied  { setrlimit } for  pid=10587 comm="zabbix_server" scontext=system_u:system_r:zabbix_t:s0 tcontext=system_u:system_r:zabbix_t:s0 tclass=process [root@host01 zabbix]# and is solved by: [root@host01 zabbix]# grep AVC /var/log/audit/audit.log* | audit2allow -M systemd-allow; semodule -i systemd-allow.pp Cheers, […]

FreeIPA Quick Setup Guide w/ Replication HA, AD DC Trust, Sudo, Ganesha NFS

In this post, we are setting up an IPA server on a separate domain than the one we had configured earlier ( nix.mds.xyz ) .   We do so because IPA comes not only with Authentication and DNS but also with a built in KDC to which we will be connnecting various pieces of software that […]

Install RabbitMQ in High Availability

In this post we'll install RabbitMQ in High Availability on 3 nodes.  We'll do this to share out the instance with third party applications that need it while providing fault tolerance. We will reference the following post but instead on CentOS 7. So let's get started. HOSTS COMMANDS DESCRIPTION rmq01 / rmq02 / rmq03 CentOS […]


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License