Shree wrote:
1) I have got a step furthur. My replica is not running CA Service. To
achieve this I had to remove the existing cert with this command
pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca -force
Now the replica looks like this
skarulkar@ldap2 tmp]$ sudo ipactl status
[sudo] password for skarulkar:
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[skarulkar@ldap2 tmp]$
The tracking failed with:
2014-02-18T20:20:43Z DEBUG stdout=Error initializing Kerberos library:
Improper format of Kerberos configuration file.
It looks like it failed on this for most if not all the tracking. What
does /etc/krb5.conf look like?
2) I am still not able to add client using ipa-client-install using the
replica.
The temporary krb5.conf that is used during enrollment has
dns_lookup_kdc=True so it is probably trying to contact the other KDC
and failing.
What is the output of:
$ rpm -q ipa-client
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users