Infrastructure and Network

Problem: The client reported recurring kernel messages appearing in the system logs while running OpenZFS on a virtualized Linux server. Using dmesg -T, the customer observed approximately five identical stack traces per second, raising concerns about potential impact on production stability and data integrity. The log messages consistently referenced memory allocation paths within ZFS and […]

Problem: The client, a company using FreeIPA for identity management, encountered issues when running the ipa-healthcheck command. The system was returning errors related to non-existent servers, which had been decommissioned as part of a recent infrastructure migration. These errors were causing the ipa-healthcheck command to fail and reported old servers that no longer existed in […]

Problem: The client wanted to allow admins to reset user passwords without forcing the next login change. Process: The expert confirmed that FreeIPA didn’t respect the set attribute with –setattr=krbPasswordExpiration from the command line. It changed the password but the expiry date automatically adjusted to the value from global_policy `ipa pwpolicy-show`. The expert tried to […]

Problem: Some client servers are not receiving updated data from our IPA servers. For example, listing hosts in a specific host group on one client server shows missing hosts: ~]# ipa host-find --in-hostgroups=rhel9_hosts | grep Host | grep -i ra Host name: india In contrast, the same command on another server shows additional hosts: ~]# […]

Problem: FreeIPA prompts regular users to change their passwords immediately after an admin resets them, which is undesired for certain admin-managed accounts like ‘admpass’. Process: The expert first reviewed the client’s IPA password policy and proposed using the krbPasswordExpiration attribute to control password expiration. However, attempts to set this attribute during user modification did not […]

Problem: The client is unable to register to a FreeIPA server, encountering the error message “Cannot obtain CA certificate.” The error log indicates issues with LDAP access and Kerberos database. Process: The expert took the following steps to address the client’s registration issue with the FreeIPA server: Reproduction of the Setup: The expert attempted to […]

Problem: Ceph Storage Almost Full but Should Have Space. The client reported that the Ceph storage is nearly full, even though there should be sufficient space available. The output of ceph osd status indicates that some OSDs have limited available space. The most common cause identified is not deleting the lost+found directory after a crash […]

Problem: The problem is that commit logs in the production Cassandra cluster are accumulating excessively without being deleted, leading to a full filesystem and subsequent database crashes. Process: FreeIPA-Replication-Troubleshooting We have tried to reproduce the setup by performing the following actions. Installing FreeIPA Server on CentOS 7 server. Which had the default version of FreeIPA […]

Problem: The key challenge emerged when the university aimed to implement Kerberos Single Sign-On (SSO) for FreeIPA and configure Keycloak to seamlessly connect with FreeIPA. Two significant updates revealed obstacles: an inability to access a third-party application for Kerberos installation and the absence of a topology or visual representation of the configuration. Additionally, the university […]