Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica (which I've done
before and its worked fine).
The replica install gets all the way to the end but errors out. For the most
part, it looks like it is complete, but I want to be sure there are no
The error I see in the log is...(domain and ip's changed)
2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
DNS Domain: mydomain.com
IPA Server: replica.mydomain.com
Domain mydomain.com is already configured in existing SSSD config, creating a
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 2377, in <module>
File "/usr/sbin/ipa-client-install", line 2363, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 2167, in install
remote_env = api.Command['env'](server=True)['result']
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in
ret = self.run(*args, **options)
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in run
return self.forward(*args, **options)
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in
return self.Backend.xmlclient.forward(self.name, *args, **kw)
File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
raise NetworkError(uri=server, error=e.errmsg)
ipalib.errors.NetworkError: cannot connect to
u'https://replica.mydomain.com/ipa/xml': Internal Server Error
2013-12-16T09:26:50Z INFO File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614,
return_value = main_function()
File "/usr/sbin/ipa-replica-install", line 527, in main
raise RuntimeError("Failed to configure the client")
2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception:
RuntimeError: Failed to configure the client
Apache logs the following error at the same time...
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:
couldn't check access. No groups file?: /ipa/xml, referer:
I can login to the gui and it seems ok, but I'm rolling this into production so
I've got to get it right.
I'm hoping this is just some bug because its an older freeipa on redhat
(minimal install) etc. selinux is in permissive mode, but it's the same as on
the master server, so it should be the issue.
Is this error critical? How can I fix it?
Thanks in advance,
Freeipa-users mailing list