Bonsoir,
Le 13/10/2023 à 22:20, Rob Crittenden via FreeIPA-users a écrit :
Frederic Ayrault via FreeIPA-users wrote:
Done configuring certificate server (pki-tomcatd).
ipaclient.install.ipa_certupdate: ERROR failed to update
LIX.POLYTECHNIQUE.FR IPA CA in /etc/httpd/alias: Command
'/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n LIX.POLYTECHNIQUE.FR
IPA CA -t CT,C,C -a -f /etc/httpd/alias/pwdfile.txt' returned non-zero
exit status 255
I'd recommend you try this command manually to see what the whole error
is. You'll need to quote the nickname 'LIX....'
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Resubmitting certmonger request '20231013171553' timed out, please
check the request manually
ipa-certupdate give similar errorr
Running it manually should give more details why it failed.
rob
I got a lot of errors
Oct 16 14:14:46 ipa3.lix.polytechnique.fr krb5kdc[1932](info): TGS_REQ
(8 etypes {18 17 20 19 16 23 25 26}) 193.55.176.91: LOOKING_UP_SERVER:
authtime 0, ldap/[email protected] for
ldap/[email protected], Server not found
in Kerberos database
ipa2 was the server used for ipa-replica-prepare, the is now only ipa3
in the ipa-replica-manage list and ipa3 is not in
any other ipa-replica-manage list
I have delete
cn=sig/ipa2.lix.polytechnique.fr,cn=custodia,cn=ipa,cn=etc,dc=lix,dc=polytechnique,dc=fr
and
cn=enc/ipa2.lix.polytechnique.fr,cn=custodia,cn=ipa,cn=etc,dc=lix,dc=polytechnique,dc=fr
from the ldap base
(I can not find any ipa2)
Regards,
Frederic
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
