Hit more glitches. As to the expired CA cert, I set the clock back, then ran
ipa-replica-prepare. That got me the bundle.
Took that to the new one.
ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg
But that gave me:
> Connection from replica to master is OK.
> Start listening on required ports for remote master check
> Get credentials to log in to remote master
> ad...@lab.whamcloud.com password:
> Cannot acquire Kerberos ticket: kinit: Cannot read password while getting
> initial credentials
> Connection check failed!
> Please fix your network settings according to error messages above.
> If the check results are not valid it can be skipped with --skip-conncheck
I know the admin password is correct, as I just reset it. Is the connection
check really failing, or is the ipa-install-replica script not passing the
password to the kerberos client?
Next, I tried:
ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg --
But I just got:
ipa : CRITICAL CA DS schema check failed. Make sure the PKI service on
the remote master is operational.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
LDAP error: PROTOCOL_ERROR
unsupported extended operation
Siiiigh...I'm about to give up and just bring up a new system and tell
everyone their passwords got reset. :(
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
Freeipa-users mailing list