-----BEGIN PGP SIGNED MESSAGE-----
Well it hasn't been all the pretty trying to move from RHEL 6.5 to
I have two servers providing my ipa instances ipa and ipa2. Given that
I don't have a great deal of spare capacity the plan was to remove
ipa2 from the replication agreement, modify DNS so that only IPA was
available in SRV logs (IPA does not manage DNS at this point, was
waiting for DNSSEC). As well, I would change my sudo-ldap config files
to point to ipa and remove ipa2.
Well that all worked well, installed RHEL 7 on the system and began
working through the steps in the upgrade guide.
First major problem was running into this bug:
ValueError: nsDS5ReplicaId has 2 values, one expected.
Went and patched the replication.py file to get around that issue, and
we moved on.
Next up is my current issue: Exception from Java Configuration
Servlet: Clone does not have all the required certificates.
I suspect this is because I am running the CA as a subordinate to an
AD CS instance, but I am unsure at this point.
It has been a haul to get here, despite the short explanation. It
seems that my primary ipa instance is working on only a hit or miss
basis for kerberos tickets which has made all this a bit of a pain.
You can kinit as admin once it will fail unable to find KDC, try again
another three times, it will work. I have even modified the krb5.conf
file to point directly at the server, thus bypassing DNS SRV lookups,
however, that hasn't worked.
Point is, any help would be appreciated on the aforementioned error.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project