Bret Wortman wrote:
I tried this, but no joy:
# /usr/sbin/ipa-upgradeconfig --debug
:
:
DEBUG: caSignedLogCert.cfg
<http://bl-1.com/click/load/VWRaa1w-b0221U28CYQNlAT4-b0231> profile
validity range is 720
INFO: [Certificate renewal should stop the CA]
ERROR: Unable to find certmonger request ID for auditSigning Cert
INFO: The ipa-upgradeconfig command was successful
#
Run getcert list and sift through the output and see if you have a
request tracking for nickname auditSigningCert cert-pki-ca (or similar).
But I still can't connect to http://ipamaster/ipa/ui/; I get a 903 error
every time, and /var/log/httpd/error_log shows, in part:
[Tue Aug 13 13:07:20.786566 2013] [:error] [pid 5890] KeyError: 'ipadnszone'
[Tue Aug 13 13:07:20.786717 2013] [:error] [pid 5890] ipa: INFO:
br...@foo.net <mailto:br...@foo.net>: json_metadata(None, None,
object=u'all'): KeyError
[Tue Aug 13 13:07:21.001525 2013] [:error] [pid 5890] ipa: INFO:
br...@foo.net <mailto:br...@foo.net>: json_metadata(None, None,
command=u'all'): SUCCESS
DNS resolution, authentication and authorization all /appear/ to be
working fine.
The DNS schema was not updated properly. I'd run:
# ipa-ldap-updater --upgrade
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
