Setup: primary host: centos7 - ipa v 4.6.8 Attempted replica: rocky9 - ipa 4.12.2
Ultimate goal is to ditch the centos 7 host. Replica installation finished without any (apparent) errors. Subsequent attempts to kinit gave me the "kinit: Generic error (see e-text) while getting initial credentials". (details are summarized here: https://serverfault.com/questions/1196002/freeipa-replica-issues-cant-kinit-or-ipa-ca-install ) It seems that Im lacking proper SID assignments owing to the old version of the primary host. Unfortunately when I tried to fix this (per https://enotty.pipebreaker.pl/posts/2024/01/woes-with-freeipa-and-sids/) [root@freeipa ~]# ipa config-mod --enable-sid --add-sids Usage: ipa [global-options] config-mod [options] ipa: error: no such option: --enable-sid So Im guessing I need to upgrade the primary host somehow.. But all the centos7 repos are shut down. One thing I noticed: # ipa user-show admin --all | grep ipantsecurityidentifier This does show the -500 - and the admin group has the -512 as well. It doesn't appear that I have the ipa-print-pac command available.
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
