Joshua J. Kugler wrote:
On Wednesday, June 19, 2013 16:34:31 Joshua J. Kugler wrote:
Check SSH connection to remote master
Execute check on remote master

Remote master check failed with following error message(s):
bash: /usr/sbin/ipa-replica-conncheck: No such file or directory

Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck

OK, so it didn't click that it was trying to run ipa-replica-conncheck on the
other machine, and that the error message was on the other machine.

But, skipping the connection check, I'm still getting this:

# ipa-replica-install --setup-ca -N --
Directory Manager (existing master) password:

ipa         : CRITICAL CA DS schema check failed. Make sure the PKI service on
the remote master is operational.

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

unsupported extended operation

I even brought over /etc/ipa/ca.crt file and did this:

export LDAPTLS_CACERT=/etc/ipa/ca.crt; ipa-replica-install --setup-ca -N --skip-conncheck

Same error message.

I'm lost. Help?

This is unrelated to passing in the CA certificate.

We'd need to see /var/log/ipareplica-install.log to see what the LDAP error is. If you look on the remote master DS access log it may have additional information on what was requested.

In 2.2 IPA and the CA each have separate 389-ds instances to store the LDAP data. They are combined in 3.1 which may be what the schema error means.

What exact version is your current master and what are you trying to create a replica to?


Freeipa-users mailing list

Reply via email to