Hi! The node 1 is the Renewal Master -- ldapsearch -D cn=directory\ manager -W -LLL -b cn=masters,cn=ipa,cn=etc,BASEDN '(&(cn=CA)(ipaConfigString=caRenewalMaster))' dn Enter LDAP Password: dn: cn=CA,cn=<<ipa1.fqdn>>,cn=masters,cn=ipa,cn=etc,BASEDN --
Eemeli -----Original Message----- From: Florence Blanc-Renaud [mailto:[email protected]] Sent: maanantai 25. kesäkuuta 2018 12.53 To: FreeIPA users list <[email protected]> Cc: Jokinen Eemeli <[email protected]> Subject: Re: [Freeipa-users] Re: Problems after IPA upgrade: ipa-server-upgrade doesn't complete, pki-tomcatd won't start On 06/25/2018 07:48 AM, Jokinen Eemeli via FreeIPA-users wrote: > Hi! > > gssproxy up and running > > -- > systemctl status gssproxy > ● gssproxy.service - GSSAPI Proxy Daemon > Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; > vendor preset: disabled) > Active: active (running) since Fri 2018-06-15 12:58:24 EEST; 1 weeks 2 > days ago > Process: 3807 ExecStart=/usr/sbin/gssproxy -D (code=exited, > status=0/SUCCESS) > -- > > Also seems like there's some default configuration of gssproxy, no ipa.conf > (googling said that there should probably be also ipa.conf?). > > -- > ls /etc/gssproxy/ > 24-nfs-server.conf 99-nfs-client.conf gssproxy.conf > -- > Hi, you are indeed missing the file /etc/gssproxy/10-ipa.conf, and this file should be created during ipa-server-upgrade, but after the step restarting pki-tomcat. So let's go back to our initial goal: finding which master is the renewal master. You can use a ldapsearch query to find out the renewal master: # ldapsearch -D cn=directory\ manager -W -LLL -b cn=masters,cn=ipa,cn=etc,$BASEDN '(&(cn=CA)(ipaConfigString=caRenewalMaster))' dn Enter LDAP Password: dn: cn=CA,cn=myrenewalmaster.domain.com,cn=masters,cn=ipa,cn=etc,$BASEDN (replace BASEDN with your own setting that can be found in /etc/ipa/default.conf) Flo _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/VMQPV3EF4XN2QYAFQEG63KU5YNQW64TX/
