ether bunny via FreeIPA-users wrote: > Setup: primary host: centos7 - ipa v 4.6.8 > Attempted replica: rocky9 - ipa 4.12.2 > > Ultimate goal is to ditch the centos 7 host. > > Replica installation finished without any (apparent) errors. Subsequent > attempts to |kinit| gave me the "kinit: Generic error (see e-text) while > getting initial credentials". > > (details are summarized here: > https://serverfault.com/questions/1196002/freeipa-replica-issues-cant-kinit-or-ipa-ca-install > ) > > It seems that Im lacking proper SID assignments owing to the old version > of the primary host. Unfortunately when I tried to fix this (per > https://enotty.pipebreaker.pl/posts/2024/01/woes-with-freeipa-and-sids/) > > [root@freeipa ~]# ipa config-mod --enable-sid --add-sids > Usage: ipa [global-options] config-mod [options] > > ipa: error: no such option: --enable-sid > > So Im guessing I need to upgrade the primary host somehow.. But all the > centos7 repos are shut down. > > > One thing I noticed: > > # ipa user-show admin --all | grep ipantsecurityidentifier > > > This does show the -500 - and the admin group has the -512 as well. > > It doesn't appear that I have the |ipa-print-pac| command available.
You should not skip a release. You should create a RHEL 8 replica first, then a RHEL 9 from the RHEL 8. Skipping is not supported. On a newer install you can run the job without a TGT with: # python3 /usr/libexec/ipa/oddjob/org.freeipa.server.config-enable-sid --add-sid rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
