Brian J. Murrell via FreeIPA-users wrote: > I'm trying to add a replica but it's failing on step "[23/38]: creating DS > keytab" with: > > [error] CalledProcessError: CalledProcessError(Command > ['/usr/sbin/ipa-getkeytab', '-k', '/etc/dirsrv/ds.keytab', '-p', > 'ldap/[email protected]', '-H', > 'ldaps://server-staging.example.com'] returned non-zero exit status 9: > 'Failed to parse result: Insufficient access rights\n\nRetrying with pre-4.0 > keytab retrieval method…\nFailed to parse result: Insufficient access > rights\n\nFailed to get keytab!\nFailed to get keytab\n') > > This is trying to add back an ipa server that was previously removed (for O/S > major version upgrade per the supported upgrade/migration process). Maybe > the previous removal was not complete? > > After running the recommended --uninstall and then examining the principals > in the master server, I see an ldap/[email protected] still > remaining. Surely that should not be there, correct? > > So I tried to remove it, but that gave yet another error: > > missing attribute "krbPrincipalName" required by object class > "ipaKrbPrincipal" > > and logged the error: > > ERR - oc_check_required - Entry > "krbprincipalname=ldap/[email protected],cn=services,cn=accounts,dc=interlinx,dc=bc,dc=ca" > missing attribute "krbPrincipalName" required by object class > "ipaKrbPrincipal" > > in the journal. > > So how to proceed now?
What is it exactly that you're doing? Are you trying to preserve the host entry? ipa server-del <removed-server> should clean things up. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
