Works for me. I also tested revocation and pwpolicy

Tested with ipa server and it worked fine

This is causing IPA CI to fail. I'm not completely sure why. The behavior we see is that the current principal is cifs/<fqdn> when we expect it to be something else.

The AVC we see is:

type=AVC msg=audit(1657297049.999:3709): avc: denied { sendto } for pid=13209 comm="smbcontrol" path="/var/lib/samba/private/msg.sock/13151" scontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tcontext=system_u:system_r:winbind_rpcd_t:s0 tclass=unix_dgram_socket permissive=0

Its unclear from the web server log the time the shutdown was requested. Do you see in those logs a request to stop and the next log line being ~90 seconds later? We sort of see that in the apachectl log but its waiting on a POLL so isn't particularly enlightening. It appears to be just waiting for Apache to stop.

BZ#2009117 python-cryptography-35.0.0 is available

Breaks freeIPA.


Breaks freeIPA.

This update has been unpushed.

Crash issue was discovered upstream and a new release made.

This update has been unpushed.

segfault was discovered during testing. New upstream release was done to correct it.

Install with standalone IPA master working fine.

Fixes the false-positive Referential Integrity Plugin issues with the DS healtcheck integration into freeipa-healthcheck.

Tested with an IPA installation in FIPS no less and it worked fine:

  • install ok
  • issued certs ok
  • revoked certs ok
  • queries from IPA work

Thanks for pointing that out, I must have mis-clicked. It it is just a bugfix update.

tested the nisserver-change and it is working again




Working for me with a freeIPA installation.

We are working on an upgrade issue recently discovered,