Found a solution:

The first replica I built did not have the CA replication setup. So I
ran the ipa-ca-install with it's original replica file on the first
replica.

Now that system is able to generate a replica.gpg file for the new
centos7 box. The new box replicated just fine and all is well with it.

Now I can resync the ldap on the original master and fix it. Of course
the weirdness is the web gui shows data for users but the system itself
can't use that data. Maybe I should dig into the pam modules.

On Wed, 2014-08-20 at 10:10 -0400, Jim Kinney wrote:

> All,
> 
> I'm setting up a new replicated master (CentOS7) from a CentOS 6.5
> original master. I added the patch (to the freeIPA 3.3 on CentOS 7)
> from
> https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=8c98561c209d0ccaa692a335e3e9a10aec23ee0e
> to handle the 2 replication IDs bug. 
> 
> The replication fails to complete. If I exclude the connection check,
> it fails. If I leave the connection check in place, it asks for an ssh
> password for the admin@<original master host>. There is no admin user
> on that machine. The admin user is only in freeIPA.
> 
> Should there be an admin user account exposed? Did I find a config
> change between 3.0 and 3.3 releases?
> -- 
> 
> Jim Kinney
> Senior System Administrator
> Department of BioMedical Informatics
> Emory University
> jimkin...@emory.edu
> 404.712.0300
> bmi.emory.edu
> plain text document attachment (ATT00001)
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project


-- 

Jim Kinney
Senior System Administrator
Department of BioMedical Informatics
Emory University
jimkin...@emory.edu
404.712.0300
bmi.emory.edu
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to