On 12/29/2013 03:49 PM, Simo Sorce wrote:

Unfortunately you should have created the replica *before* the upgrade.

Too bad fedup didn't refuse to update and created this mess...

Have you tried downgrading all dogtag and tomcat packages to the fc18
ones ?

After some trial and error, I downgraded the following RPMs:
freeipa-admintools-3.1.5-1.fc18.x86_64
freeipa-client-3.1.5-1.fc18.x86_64
freeipa-python-3.1.5-1.fc18.x86_64
freeipa-server-3.1.5-1.fc18.x86_64
jss-4.2.6-28.fc18.x86_64
pki-ca-10.0.6-1.fc18.noarch
pki-server-10.0.6-1.fc18.noarch
pki-symkey-10.0.6-1.fc18.x86_64
pki-tools-10.0.6-1.fc18.x86_64
tomcatjss-7.0.0-5.fc18.noarch
krb5-workstation-1.10.3-17.fc18
krb5-libs-1.10.3-17.fc18
krb5-server-ldap-1.10.3-17.fc18
krb5-pkinit-1.10.3-17.fc18
krb5-server-1.10.3-17.fc18

A file needed an ownership fix:
chown pkiuser.pkiuser /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg

Now I can prepare the replica without error.

However, installing the replica fails:

Connection check OK
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
  [1/34]: creating directory server user
  [2/34]: creating directory server instance
  [3/34]: adding default schema
  [4/34]: enabling memberof plugin
  [5/34]: enabling winsync plugin
  [6/34]: configuring replication version plugin
  [7/34]: enabling IPA enrollment plugin
  [8/34]: enabling ldapi
  [9/34]: configuring uniqueness plugin
  [10/34]: configuring uuid plugin
  [11/34]: configuring modrdn plugin
  [12/34]: configuring DNS plugin
  [13/34]: enabling entryUSN plugin
  [14/34]: configuring lockout plugin
  [15/34]: creating indices
  [16/34]: enabling referential integrity plugin
  [17/34]: configuring ssl for ds instance
  [18/34]: configuring certmap.conf
  [19/34]: configure autobind for root
  [20/34]: configure new location for managed entries
  [21/34]: configure dirsrv ccache
  [22/34]: enable SASL mapping fallback
  [23/34]: restarting directory server
  [24/34]: setting up initial replication

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Unexpected error - see /var/log/ipareplica-install.log for details:
DatabaseError: Constraint violation: pre-hashed passwords are not valid

The last few lines from the install log look like:

2014-01-07T13:48:06Z DEBUG wait_for_open_ports: localhost [389] timeout 120
2014-01-07T13:48:07Z DEBUG flushing ldap://server.xxxx.com:389 from SchemaCache 2014-01-07T13:48:07Z DEBUG retrieving schema for SchemaCache url=ldap://server.xxxx.com:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x3445560> 2014-01-07T13:48:08Z DEBUG flushing ldaps://replica.xxxx.com:636 from SchemaCache 2014-01-07T13:48:08Z DEBUG retrieving schema for SchemaCache url=ldaps://replica.xxxx.com:636 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x35c22d8> 2014-01-07T13:48:09Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, in run_script
    return_value = main_function()

  File "/sbin/ipa-replica-install", line 669, in main
    ds = install_replica_ds(config)

  File "/sbin/ipa-replica-install", line 188, in install_replica_ds
    ca_file=config.dir + "/ca.crt",

File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 360, in create_replica
    self.start_creation(runtime=60)

File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 364, in start_creation
    method()

File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 373, in __setup_replica
    r_bindpw=self.dm_password)

File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 938, in setup_replication
    self.repl_man_dn, self.repl_man_passwd)

File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 909, in basic_replication_setup
    self.add_replication_manager(conn, repldn, replpw)

File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 362, in add_replication_manager
    conn.add_entry(ent)

File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1527, in add_entry
    self.conn.add_s(dn, attrs.items())

  File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
    self.gen.throw(type, value, traceback)

File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 928, in error_handler
    raise errors.DatabaseError(desc=desc, info=info)

2014-01-07T13:48:09Z DEBUG The ipa-replica-install command failed, exception: DatabaseError: Constraint violation: pre-hashed passwords are not valid

Any hint on how to fix this?

Thanks,
Thomas

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to