Upon a FreeIPA Replica install, I am failing at:
Configuring Kerberos KDC: Estimated time 30 seconds
  [1/9]: adding sasl mappings to the directory
  [2/9]: writing stash file from DS
  [3/9]: configuring KDC
  [4/9]: creating a keytab for the directory
  [5/9]: creating a keytab for the machine
  [6/9]: adding the password extension to the directory
  [7/9]: enable GSSAPI for replication
creation of replica failed: list index out of range

Per an IRC session with Rich, it looks like 
ldap/authdev1.qai.example....@example.com<mailto:ldap/authdev1.qai.example....@example.com>
 is not being created at all... So when the replica slave goes to search for 
it, it yields an empty list and throws the python exception...

Does anyone know how and when that principal should be getting created/inserted?

The /var/log/ipareplica-install.log:

<snipit>
2011-11-17 12:50:14,708 DEBUG stderr=ldap_initialize( 
ldap://authdev1.qai.example.com )

2011-11-17 12:50:14,708 DEBUG   duration: 0 seconds
2011-11-17 12:50:14,708 DEBUG   [7/9]: enable GSSAPI for replication
2011-11-17 12:50:14,746 INFO Changing agreement 
cn=meToauthdev2.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config schedule to 2358-2359 0 to force synch
2011-11-17 12:50:15,756 INFO Changing agreement 
cn=meToauthdev2.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config to restore original schedule 0000-2359 0123456
2011-11-17 12:50:16,787 INFO Replication Update in progress: FALSE: status: -1 
Incremental update has failed and requires administrator actionSystem error: 
start: 0: end: 0
2011-11-17 12:50:16,791 INFO Changing agreement 
cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config schedule to 2358-2359 0 to force synch
2011-11-17 12:50:17,802 INFO Changing agreement 
cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config to restore original schedule 0000-2359 0123456
2011-11-17 12:50:18,816 INFO Replication Update in progress: FALSE: status: 0 
Replica acquired successfully: Incremental update succeeded: start: 
20111110000049Z: end: 20111110000049Z
2011-11-17 12:50:18,865 DEBUG list index out of range
  File "/usr/sbin/ipa-replica-install", line 483, in <module>
    main()

  File "/usr/sbin/ipa-replica-install", line 444, in main
    install_krb(config, setup_pkinit=options.setup_pkinit)

  File "/usr/sbin/ipa-replica-install", line 156, in install_krb
    setup_pkinit, pkcs12_info)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", 
line 212, in create_replica
    self.start_creation("Configuring Kerberos KDC", 30)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
248, in start_creation
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", 
line 553, in __convert_to_gssapi_replication
    r_bindpw=self.dm_password)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 798, in convert_to_gssapi_replication
    self.gssapi_update_agreements(self.conn, r_conn)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 532, in gssapi_update_agreements
    self.setup_krb_princs_as_replica_binddns(a, b)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 525, in setup_krb_princs_as_replica_binddns
    mod = [(ldap.MOD_ADD, "nsds5replicabinddn", a_pn[0].dn)]


The Master server dirsrv access log:
[09/Nov/2011:15:39:44 -0800] conn=28 op=1 RESULT err=0 tag=97 nentries=0 
etime=0 dn="cn=replication manager,cn=config"
[09/Nov/2011:15:39:44 -0800] conn=28 op=2 SRCH base="" scope=0 
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[09/Nov/2011:15:39:44 -0800] conn=28 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:39:44 -0800] conn=28 op=3 SRCH base="" scope=0 
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[09/Nov/2011:15:39:44 -0800] conn=28 op=3 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:39:44 -0800] conn=28 op=4 EXT oid="2.16.840.1.113730.3.5.12"
[09/Nov/2011:15:39:44 -0800] conn=28 op=4 RESULT err=0 tag=120 nentries=0 
etime=0
[09/Nov/2011:15:40:00 -0800] conn=29 fd=76 slot=76 SSL connection from 
10.230.6.100 to 10.230.6.96
[09/Nov/2011:15:40:00 -0800] conn=29 SSL 256-bit AES
[09/Nov/2011:15:40:00 -0800] conn=29 op=0 BIND dn="cn=Directory Manager" 
method=128 version=3
[09/Nov/2011:15:40:00 -0800] conn=29 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn="cn=directory manager"
[09/Nov/2011:15:40:00 -0800] conn=29 op=1 SRCH base="cn=config,cn=ldbm 
database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" 
attrs="nsslapd-directory"
[09/Nov/2011:15:40:00 -0800] conn=29 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:40:01 -0800] conn=28 op=5 UNBIND
[09/Nov/2011:15:40:01 -0800] conn=28 op=5 fd=75 closed - U1
[09/Nov/2011:15:40:01 -0800] conn=30 fd=75 slot=75 connection from 10.230.6.100 
to 10.230.6.96
[09/Nov/2011:15:40:01 -0800] conn=30 op=0 EXT oid="1.3.6.1.4.1.1466.20037" 
name="startTLS"
[09/Nov/2011:15:40:01 -0800] conn=30 op=0 RESULT err=0 tag=120 nentries=0 
etime=0
[09/Nov/2011:15:40:01 -0800] conn=30 SSL 256-bit AES
[09/Nov/2011:15:40:01 -0800] conn=30 op=1 BIND dn="cn=replication 
manager,cn=config" method=128 version=3
[09/Nov/2011:15:40:01 -0800] conn=30 op=1 RESULT err=0 tag=97 nentries=0 
etime=0 dn="cn=replication manager,cn=config"
[09/Nov/2011:15:40:01 -0800] conn=30 op=2 SRCH base="" scope=0 
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[09/Nov/2011:15:40:01 -0800] conn=30 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:40:01 -0800] conn=30 op=3 SRCH base="" scope=0 
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[09/Nov/2011:15:40:01 -0800] conn=30 op=3 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:40:01 -0800] conn=30 op=4 EXT oid="2.16.840.1.113730.3.5.12"
[09/Nov/2011:15:40:01 -0800] conn=30 op=4 RESULT err=0 tag=120 nentries=0 
etime=0
[09/Nov/2011:15:40:02 -0800] conn=29 op=2 SRCH base="cn=config" scope=2 
filter="(&(nsDS5ReplicaHost=authdev1.qai.example.com)(|(objectClass=nsDSWindowsReplicationAgreement)(objectClass=nsds5ReplicationAgreement)))"
 attrs=ALL
[09/Nov/2011:15:40:02 -0800] conn=29 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:40:02 -0800] conn=29 op=3 MOD 
dn="cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config"
[09/Nov/2011:15:40:02 -0800] conn=29 op=3 RESULT err=0 tag=103 nentries=0 
etime=0
[09/Nov/2011:15:40:03 -0800] conn=29 op=4 MOD 
dn="cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config"
[09/Nov/2011:15:40:03 -0800] conn=29 op=4 RESULT err=0 tag=103 nentries=0 
etime=0
[09/Nov/2011:15:40:04 -0800] conn=29 op=5 SRCH 
base="cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config" scope=0 filter="(objectClass=*)" attrs="cn 
nsds5replicaUpdateInProgress nsds5replicaLastUpdateStatus 
nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd"
[09/Nov/2011:15:40:04 -0800] conn=29 op=5 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:40:04 -0800] conn=29 op=6 SRCH base="dc=example,dc=com" scope=2 
filter="(krbPrincipalName=ldap/authdev1.qai.example....@example.com<mailto:krbPrincipalName=ldap/authdev1.qai.example....@example.com>)"
 attrs=ALL
[09/Nov/2011:15:40:04 -0800] conn=29 op=6 RESULT err=0 tag=101 nentries=0 
etime=0
[09/Nov/2011:15:40:04 -0800] conn=29 op=7 UNBIND
[09/Nov/2011:15:40:04 -0800] conn=29 op=7 fd=76 closed - U1
[09/Nov/2011:15:40:08 -0800] conn=30 op=5 UNBIND
[09/Nov/2011:15:40:08 -0800] conn=30 op=5 fd=75 closed - U1
[09/Nov/2011:15:40:08 -0800] conn=31 fd=75 slot=75 connection from 10.230.6.100 
to 10.230.6.96
[09/Nov/2011:15:40:08 -0800] conn=31 op=0 EXT oid="1.3.6.1.4.1.1466.20037" 
name="startTLS"
[09/Nov/2011:15:40:08 -0800] conn=31 op=0 RESULT err=0 tag=120 nentries=0 
etime=0
[09/Nov/2011:15:40:08 -0800] conn=31 SSL 256-bit AES
[09/Nov/2011:15:40:08 -0800] conn=31 op=1 BIND dn="cn=replication 
manager,cn=config" method=128 version=3
[09/Nov/2011:15:40:08 -0800] conn=31 op=1 RESULT err=0 tag=97 nentries=0 
etime=0 dn="cn=replication manager,cn=config"
[09/Nov/2011:15:40:08 -0800] conn=31 op=2 SRCH base="" scope=0 
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[09/Nov/2011:15:40:08 -0800] conn=31 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:40:08 -0800] conn=31 op=3 SRCH base="" scope=0 
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[09/Nov/2011:15:40:08 -0800] conn=31 op=3 RESULT err=0 tag=101 nentries=1 
etime=0
[09/Nov/2011:15:40:08 -0800] conn=31 op=4 EXT oid="2.16.840.1.113730.3.5.12"
[09/Nov/2011:15:40:08 -0800] conn=31 op=4 RESULT err=0 tag=120 nentries=0 
etime=0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino, GCIH, GWAPT | Sr. Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T:  +1 805.690.3478
jr.aqu...@citrixonline.com<mailto:jr.aqu...@citrixonline.com>
http://www.citrixonline.com


[cid:image001.jpg@01CB2FE6.2B7BFA80]
Access Your PC or Mac From Anywhere:  www.gotomypc.com
Online Meetings Made Easy:  www.gotomeeting.com
Web Events Made Easy:    www.gotowebinar.com
Remote Support Made Easy:  www.gotoassist.com




<<inline: image001.jpg>>

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to