Hit more glitches. As to the expired CA cert, I set the clock back, then ran ipa-replica-prepare. That got me the bundle.
Took that to the new one. Tried running ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg But that gave me: <snip> > Connection from replica to master is OK. > Start listening on required ports for remote master check > Get credentials to log in to remote master > ad...@lab.whamcloud.com password: > > Cannot acquire Kerberos ticket: kinit: Cannot read password while getting > initial credentials > > Connection check failed! > Please fix your network settings according to error messages above. > If the check results are not valid it can be skipped with --skip-conncheck > parameter. I know the admin password is correct, as I just reset it. Is the connection check really failing, or is the ipa-install-replica script not passing the password to the kerberos client? Next, I tried: ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg -- skip-conncheck But I just got: ipa : CRITICAL CA DS schema check failed. Make sure the PKI service on the remote master is operational. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. LDAP error: PROTOCOL_ERROR unsupported extended operation Siiiigh...I'm about to give up and just bring up a new system and tell everyone their passwords got reset. :( Ideas? j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design jos...@azariah.com - Jabber: pedah...@gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users