This is causing IPA CI to fail. I'm not completely sure why. The behavior we see is that the current principal is cifs/<fqdn> when we expect it to be something else.

The AVC we see is:

type=AVC msg=audit(1657297049.999:3709): avc: denied { sendto } for pid=13209 comm="smbcontrol" path="/var/lib/samba/private/msg.sock/13151" scontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tcontext=system_u:system_r:winbind_rpcd_t:s0 tclass=unix_dgram_socket permissive=0

Its unclear from the web server log the time the shutdown was requested. Do you see in those logs a request to stop and the next log line being ~90 seconds later? We sort of see that in the apachectl log but its waiting on a POLL so isn't particularly enlightening. It appears to be just waiting for Apache to stop.

BZ#2009117 python-cryptography-35.0.0 is available

Breaks freeIPA.


Breaks freeIPA.

This update has been unpushed.

Crash issue was discovered upstream and a new release made.

This update has been unpushed.

segfault was discovered during testing. New upstream release was done to correct it.

Install with standalone IPA master working fine.

Fixes the false-positive Referential Integrity Plugin issues with the DS healtcheck integration into freeipa-healthcheck.

Tested with an IPA installation in FIPS no less and it worked fine:

  • install ok
  • issued certs ok
  • revoked certs ok
  • queries from IPA work

Thanks for pointing that out, I must have mis-clicked. It it is just a bugfix update.

tested the nisserver-change and it is working again




Working for me with a freeIPA installation.

We are working on an upgrade issue recently discovered,

Unpushed for now since freeipa 4.6.1 depends on this, will create new update to release together.

This update has been unpushed.

BZ#1455561 ipa-server-install fails to obtain RA certificate from CA (CA_UNREACHABLE)
BZ#1483159 Server deployment still sets up Firefox extension, this is no longer necessary and broken on F27+
BZ#1488295 4.6.0 server deployment fails due to issue contacting CA(?)
BZ#1465390 python3-pyldap break FreeIPA WebUI
BZ#1488640 "unknown command 'undefined'" error when changing user's password via the web UI