Joshua J. Kugler wrote:
On Wednesday, June 19, 2013 16:34:31 Joshua J. Kugler wrote:
Check SSH connection to remote master
Execute check on remote master
Remote master check failed with following error message(s):
bash: /usr/sbin/ipa-replica-conncheck: No such file or directory
Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck
OK, so it didn't click that it was trying to run ipa-replica-conncheck on the
other machine, and that the error message was on the other machine.
But, skipping the connection check, I'm still getting this:
# ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg --
Directory Manager (existing master) password:
ipa : CRITICAL CA DS schema check failed. Make sure the PKI service on
the remote master is operational.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
LDAP error: PROTOCOL_ERROR
unsupported extended operation
I even brought over /etc/ipa/ca.crt file and did this:
export LDAPTLS_CACERT=/etc/ipa/ca.crt; ipa-replica-install --setup-ca -N
Same error message.
I'm lost. Help?
This is unrelated to passing in the CA certificate.
We'd need to see /var/log/ipareplica-install.log to see what the LDAP
error is. If you look on the remote master DS access log it may have
additional information on what was requested.
In 2.2 IPA and the CA each have separate 389-ds instances to store the
LDAP data. They are combined in 3.1 which may be what the schema error
What exact version is your current master and what are you trying to
create a replica to?
Freeipa-users mailing list