On 04/07/2018 04:52 PM, lejeczek via FreeIPA-users wrote:
hi
having a client installed now I attempt to install a replica..
..
host already exists. It needs to be removed.
Run this command:
%% ipa-replica-manage del rider.private.ccnr.ceb.private.cam.ac.uk
--force
which I do, I go to first master and I do as recommend, and on candidate
replica again I do, but this time..
..
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall):
ERROR Major (851968): Unspecified GSS failure. Minor code may
provide more information, Minor (2529638918): Client
'host/rider.private.ccnr.ceb.private.cam.ac.uk@PRIVATE' not found in
Kerberos database
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR
on first master I do: $ ipa host-find ; and yes, there no host so I need
to do client re-installation, right?
Is this intended & expected? Or is this some weird bug?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi,
if you are promoting a host from client to replica and there was already
a replica with the same name (visible with ipa-replica-manage list), it
is expected that the ipa-replica-install command fails.
The correct procedure to recover is to completely delete the replica:
(on replica) ipa-server-install --uninstall -U
(on master) ipa-replica-manage list
If the above command returns the replica,
(on master) ipa-replica-manage del <replica> --force
and then retry the replica installation. Note that you can either:
- install the client then promote to replica:
ipa-client-install <client_options>
ipa-replica-install <replica_options>
- or do both operations in a single step:
ipa-replica-install <client_options> <replica_options>
(see DOMAIN LEVEL 1 CLIENT ENROLLMENT OPTIONS in the man page for
ipa-replica-install).
Which command is triggering the Unspecified GSS failure in your case?
HTH,
Flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org