Upgraded to Nextcloud 29 and seeing “Your data directory and your files are probably accessible from the internet” on your admin page?
Do you hava a redirect for any of your trusted_domains in config/config.php?
See #45087
Using DHCP on a bridge with NixOS 24.11? No longer getting an IP?
dhcpcd.service failing to start? Worked with 24.05?
dhcpcd.service: Failed to set up mount namespacing: /proc/sys/net/ipv6: No such file or directory
dhcpcd.service: Failed at step NAMESPACE spawning ... No such file or directory
Seems to fail with
boot.kernelParams = ["ipv6.disable=1"];
Also there is #355450.
Does your SolrCloud successfully talk to ZooKeeper over TLS? But bin/solr zk ls fails?
In order to set custom System Properties when running any Solr utility other than start (e.g. stop, create, auth, status, api), the SOLR_TOOL_OPTS environment variable should be used.
Trying to list shares of a windows machine
smbclient -W WORKGROUP -U user -L //server.domain/
Password for [WORKGROUP\user]:
session setup failed: NT_STATUS_NOT_SUPPORTED
and failing?
Running with -d 10
Kinit for user@WORKGROUP to access server.domain failed: Cannot find KDC for requested realm
...
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
...
Starting GENSEC submechanism ntlmssp
and seeing it falling back to NTLM?
Using the REALM instead of WORKGROUP helped:
smbclient -W REALM -U user -L //server.domain/
Is ssh reporting Load key ... invalid format when trying to use a private key?
The file might be missing a newline at EOF.
TIL, the Mojolicious tag helper can be nested. This
<ul class="navigation">
%= tag 'li', tag 'a', href => "#$_", $_ foreach qw/foo bar baz/
</ul>
becomes
<ul class="navigation">
<li>
<a href="#foo">foo</a>
</li>
<li>
<a href="#bar">bar</a>
</li>
<li>
<a href="#baz">baz</a>
</li>
</ul>
Trying to install a replica on Rocky 9? Failing when setting up CA or KRA with creating installation admin user:
[3/30]: creating ACIs for admin
[4/30]: creating installation admin user
Unable to log in as uid=admin-ipa2.$domain,ou=people,o=ipaca on ldap://ipa1.$domain:389
[hint] tune with replication_wait_timeout
[error] NotFound: uid=admin-ipa2.$domain,ou=people,o=ipaca did not replicate to ldap://ipa1.$domain:389
Seems like there is a problem with password setting/synchronisation.
On the new replica, patch dogtaginstance.py:
--- dogtaginstance.py 2024-09-18 13:07:59.800133397 +0000
+++ /usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py 2024-09-18 13:08:24.763219686 +0000
@@ -676,6 +676,7 @@
# add user
password = ipautil.ipa_generate_password()
+ logger.debug( "FOOBAR " + password )
entry = api.Backend.ldap2.make_entry(
dn,
objectclass=[
Start ipa-replica-install
Watch /var/log/ipareplica-install.log for the FOOBAR line.
On an existing machine, set password:
ldappasswd -D 'cn=Directory Manager' -W -S uid=admin-ipa2.$domain,ou=people,o=ipaca
Needs to be done once for CA and once for KRA.
Trying to get a Kerberos ticket for a user on a master? Getting
kinit: Generic error (see e-text) while getting initial credentials
Log shows
ipa1.$domain krb5kdc... AS_REQ ... HANDLE_AUTHDATA: $user@$realm ... No such file or directory
Did you forget to add SIDs on upgrade/replica install?
This helped:
ipa config-mod --enable-sid --add-sids
Trying to install an additional KRA and getting
KRA connector has already been defined for this CA
Has your KRA transport certificate rolled over since the original installation?
If yes, /etc/pki/pki-tomcat/ca/CS.cfg on the machine you try to sync from
might still have the old certificate in ca.connector.KRA.transportCert.
Since ipa-replica-install ... --setup-kra copies that file, it will try to add
itself with the wrong certificate leading to the above error.
Get the current transport certificate:
pki -u admin ca-kraconnector-show
Host: ipa1.$domain:443
...
Transport Cert:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
On the machine you sync from, replace the base64 encoded value for ca.connector.KRA.transportCert in /etc/pki/pki-tomcat/ca/CS.cfg
reload tomcat.
To generate an install token used in f.e.
pki ca-kraconnector-add --install-token ...
Run
curl -u admin
"https://$( hostname -f )/ca/rest/securityDomain/installToken\
?hostname=$( hostname -f)&subsystem=KRA"
enter the directory manager password, save the content of <token> to a file,
and use that for --install-token.