Bret Wortman wrote:
I tried this, but no joy:

# /usr/sbin/ipa-upgradeconfig --debug
DEBUG: caSignedLogCert.cfg
<> profile
validity range is 720
INFO: [Certificate renewal should stop the CA]
ERROR: Unable to find certmonger request ID for auditSigning Cert
INFO: The ipa-upgradeconfig command was successful

Run getcert list and sift through the output and see if you have a request tracking for nickname auditSigningCert cert-pki-ca (or similar).

But I still can't connect to http://ipamaster/ipa/ui/; I get a 903 error
every time, and /var/log/httpd/error_log shows, in part:

[Tue Aug 13 13:07:20.786566 2013] [:error] [pid 5890] KeyError: 'ipadnszone'
[Tue Aug 13 13:07:20.786717 2013] [:error] [pid 5890] ipa: INFO: <>: json_metadata(None, None,
object=u'all'): KeyError
[Tue Aug 13 13:07:21.001525 2013] [:error] [pid 5890] ipa: INFO: <>: json_metadata(None, None,
command=u'all'): SUCCESS

DNS resolution, authentication and authorization all /appear/ to be
working fine.

The DNS schema was not updated properly. I'd run:

# ipa-ldap-updater --upgrade


Freeipa-users mailing list

Reply via email to