lejeczek via FreeIPA-users wrote: > Hi guys. > > I'm trying to spin up a new replica: > > ... > > [25/41]: restarting directory server > [26/41]: creating DS keytab > [error] CalledProcessError: CalledProcessError(Command > ['/usr/sbin/ipa-getkeytab', '-k', '/etc/dirsrv/ds.keytab', '-p', > 'ldap/[email protected]', '-H', > 'ldaps://drunk.ccn.domain.mine'] returned non-zero exit status 9: > 'Failed to parse result: Insufficient access rights\n\nRetrying with > pre-4.0 keytab retrieval method...\nFailed to parse result: Insufficient > access rights\n\nFailed to get keytab!\nFailed to get keytab\n') > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > CalledProcessError(Command ['/usr/sbin/ipa-getkeytab', '-k', > '/etc/dirsrv/ds.keytab', '-p', > 'ldap/[email protected]', '-H', > 'ldaps://drunk.ccn.domain.mine'] returned non-zero exit status 9: > 'Failed to parse result: Insufficient access rights\n\nRetrying with > pre-4.0 keytab retrieval method...\nFailed to parse result: Insufficient > access rights\n\nFailed to get keytab!\nFailed to get keytab\n') > > > So I do: > > ~]$ ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and > configuration! > It is highly recommended to take a backup of existing data and > configuration using ipa-backup utility before proceeding. > > Are you sure you want to continue with the uninstall procedure? [no]: yes > Shutting down all IPA services > Unconfiguring directory server > [Errno 2] No such file or directory: > '/etc/dirsrv/slapd-CCN-DOMAIN-MINE/dse.ldif' > > And from here on it's practically a small mayhem. '--uninstall' no > matter how many times does not help. > > I see that 'systemctl status -l dirsrv@my-instance' is till up. So > obviously: > > ~]$ ipa-replica-install --setup-dns --no-forwarders --admin-password=ccn > --principal=admin > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > IPA requires ports 389 and 636 for the Directory Server. > These are currently in use: > 389 > 636 > > ... > > One more time? > > ~]$ ipa-server-install --uninstall > WARNING: > IPA server is not configured on this system. If you want to install the > IPA server, please install it using 'ipa-server-install'. > > This is a NON REVERSIBLE operation and will delete all data and > configuration! > It is highly recommended to take a backup of existing data and > configuration using ipa-backup utility before proceeding. > > ... and like I vicious circle. > > Seems to me that this simple case is what IPA devel guys could look into > and then hopefully improve and harden un/installation process. > > ipa-client-4.8.7-12.module_el8.3.0+511+8a502f20.x86_64 > ipa-client-common-4.8.7-12.module_el8.3.0+511+8a502f20.noarch > ipa-common-4.8.7-12.module_el8.3.0+511+8a502f20.noarch > ipa-healthcheck-core-0.4-6.module_el8.3.0+482+9e103aab.noarch > ipa-selinux-4.8.7-12.module_el8.3.0+511+8a502f20.noarch > ipa-server-4.8.7-12.module_el8.3.0+511+8a502f20.x86_64 > ipa-server-common-4.8.7-12.module_el8.3.0+511+8a502f20.noarch > ipa-server-dns-4.8.7-12.module_el8.3.0+511+8a502f20.noarch
dirsrv may be wedged. If you don't want to determine why you can kill it with: # kill -9 `pidof ns-slapd` Bugs and feature requests can be created at https://pagure.io/freeipa/new_issue rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
