Joshua J. Kugler wrote:
On Wednesday, June 19, 2013 16:34:31 Joshua J. Kugler wrote:
Check SSH connection to remote master
Execute check on remote master
Remote master check failed with following error message(s):
bash: /usr/sbin/ipa-replica-conncheck: No such file or directory
Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck
parameter.
OK, so it didn't click that it was trying to run ipa-replica-conncheck on the
other machine, and that the error message was on the other machine.
But, skipping the connection check, I'm still getting this:
# ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg --
skip-conncheck
Directory Manager (existing master) password:
ipa : CRITICAL CA DS schema check failed. Make sure the PKI service on
the remote master is operational.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
LDAP error: PROTOCOL_ERROR
unsupported extended operation
I even brought over /etc/ipa/ca.crt file and did this:
export LDAPTLS_CACERT=/etc/ipa/ca.crt; ipa-replica-install --setup-ca -N
replica-info-ipan.lab.whamcloud.com.gpg --skip-conncheck
Same error message.
I'm lost. Help?
This is unrelated to passing in the CA certificate.
We'd need to see /var/log/ipareplica-install.log to see what the LDAP
error is. If you look on the remote master DS access log it may have
additional information on what was requested.
In 2.2 IPA and the CA each have separate 389-ds instances to store the
LDAP data. They are combined in 3.1 which may be what the schema error
means.
What exact version is your current master and what are you trying to
create a replica to?
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
