Hit more glitches.  As to the expired CA cert, I set the clock back, then ran 
ipa-replica-prepare. That got me the bundle.

Took that to the new one.

Tried running

ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg

But that gave me:

<snip>
> Connection from replica to master is OK.
> Start listening on required ports for remote master check
> Get credentials to log in to remote master
> ad...@lab.whamcloud.com password:
> 
> Cannot acquire Kerberos ticket: kinit: Cannot read password while getting
> initial credentials
> 
> Connection check failed!
> Please fix your network settings according to error messages above.
> If the check results are not valid it can be skipped with --skip-conncheck
> parameter.

I know the admin password is correct, as I just reset it.  Is the connection 
check really failing, or is the ipa-install-replica script not passing the 
password to the kerberos client?

Next, I tried:

ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg --
skip-conncheck

But I just got:

ipa         : CRITICAL CA DS schema check failed. Make sure the PKI service on 
the remote master is operational.

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

LDAP error: PROTOCOL_ERROR
unsupported extended operation

Siiiigh...I'm about to give up and just bring up a new system and tell 
everyone their passwords got reset. :(

Ideas?

j

-- 
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/  ID 0x73B13B6A

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to