Folks, I am migrating CentOS7 to RockyLinux 8.3. I have my master running on CentOS7 and trying to add replica of RockyLinux 8.3
I am stuck here and not sure what it's actually trying to say and how to fix it? [1/4]: Generating ipa-custodia config file [2/4]: Generating ipa-custodia keys [3/4]: starting ipa-custodia [4/4]: configuring ipa-custodia to start on boot Done configuring ipa-custodia. Configuring certificate server (pki-tomcatd) [1/2]: configure certmonger for renewals [2/2]: Importing RA key Done configuring certificate server (pki-tomcatd). Configuring Kerberos KDC (krb5kdc) [1/1]: installing X509 Certificate for PKINIT PKINIT certificate request failed: Certificate issuance failed (CA_UNREACHABLE: Server at https://ldap-vx-010103-2.site5.example.com/ipa/json failed request, will retry: 4035 (Request failed with status 400: Non-2xx response from CA REST API: 400. Profile KDCs_PKINIT_Certs Not Found).) Failed to configure PKINIT Full PKINIT configuration did not succeed The setup will only install bits essential to the server functionality You can enable PKINIT after the setup completed using 'ipa-pkinit-manage' Done configuring Kerberos KDC (krb5kdc). Applying LDAP updates Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/10]: stopping directory server [2/10]: saving configuration [3/10]: disabling listeners [4/10]: enabling DS global lock [5/10]: disabling Schema Compat [6/10]: starting directory server [7/10]: upgrading server Could not get dnaHostname entries in 60 seconds [8/10]: stopping directory server [9/10]: restoring configuration [10/10]: starting directory server Done. Finalize replication settings Restarting the KDC Configuring SID generation [1/7]: creating samba domain object [2/7]: adding admin(group) SIDs [3/7]: adding RID bases Found more than one local domain ID range with no RID base set. [error] RuntimeError: Too many ID ranges Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. Too many ID ranges The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information # ipa idrange-find --all --raw ---------------- 3 ranges matched ---------------- dn: cn=EXAMPLE.COM_id_range,cn=ranges,cn=etc,dc=example,dc=com cn: EXAMPLE.COM_id_range ipabaseid: 1000 ipaidrangesize: 200000 iparangetype: ipa-local objectclass: top objectclass: ipaIDrange objectclass: ipaDomainIDRange dn: cn=EXAMPLE.COM_subid_range,cn=ranges,cn=etc,dc=example,dc=com cn: EXAMPLE.COM_subid_range ipabaseid: 2147483648 ipaidrangesize: 2147352576 ipabaserid: 2147283648 ipanttrusteddomainsid: S-1-5-21-738065-838566-3614142254 iparangetype: ipa-ad-trust objectclass: top objectclass: ipaIDrange objectclass: ipaTrustedADDomainRange dn: cn=EXAMPLE_OLD_USERS,cn=ranges,cn=etc,dc=example,dc=com cn: EXAMPLE_OLD_USERS ipabaseid: 500 ipaidrangesize: 500 iparangetype: ipa-local objectclass: ipadomainidrange objectclass: ipaIDrange ---------------------------- Number of entries returned 3 ----------------------------
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
