On Friday, June 21, 2013 14:46:50 Rich Megginson wrote:
> On 06/21/2013 02:39 PM, Joshua J. Kugler wrote:
> > On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote:
> >> We'd need to see /var/log/ipareplica-install.log to see what the LDAP
> >> error is. If you look on the remote master DS access log it may have
> >> additional information on what was requested.
> >
> > Logs attached.
> >
> > 10.10.0.50 is the new replica.
> >
> > No metion the new replica in the error logs. At least not that I can see.
>
> 2013-06-21T20:12:12Z INFO The ipa-replica-install command failed,
> exception: PROTOCOL_ERROR: {'info': 'unsupported extended operation',
> 'desc': 'Protocol error'}
>
> This is from here:
>
> slapd-PKI-CA.access.log
> [21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from
> 10.10.0.50 to 10.10.0.4
> [21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
> [21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120
> nentries=0 etime=0
> [21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND
>
> The server cannot respond to the startTLS request - which means the
> server has not been configured for TLS/SSL.
Thanks for the quick reply!
OK...the system was set up (I assume, I wasn't here) with the standard ipa-
server-install script(s). So, it would seem that it didn't configure the PKI-
CA slapd to use SSL? Are there docs on doing that after the fact? Including
creating the SSL certs, and configuring the slapd server to use them. Being
the same host, could i use the same certs as are in use by the slapd-LAB-
WHAMCLOUD-LAB server? Do you know, off hand, the config file I would need to
tweak to put those settings in place?
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
