Found a solution: The first replica I built did not have the CA replication setup. So I ran the ipa-ca-install with it's original replica file on the first replica.
Now that system is able to generate a replica.gpg file for the new centos7 box. The new box replicated just fine and all is well with it. Now I can resync the ldap on the original master and fix it. Of course the weirdness is the web gui shows data for users but the system itself can't use that data. Maybe I should dig into the pam modules. On Wed, 2014-08-20 at 10:10 -0400, Jim Kinney wrote: > All, > > I'm setting up a new replicated master (CentOS7) from a CentOS 6.5 > original master. I added the patch (to the freeIPA 3.3 on CentOS 7) > from > https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=8c98561c209d0ccaa692a335e3e9a10aec23ee0e > to handle the 2 replication IDs bug. > > The replication fails to complete. If I exclude the connection check, > it fails. If I leave the connection check in place, it asks for an ssh > password for the admin@<original master host>. There is no admin user > on that machine. The admin user is only in freeIPA. > > Should there be an admin user account exposed? Did I find a config > change between 3.0 and 3.3 releases? > -- > > Jim Kinney > Senior System Administrator > Department of BioMedical Informatics > Emory University > jimkin...@emory.edu > 404.712.0300 > bmi.emory.edu > plain text document attachment (ATT00001) > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Jim Kinney Senior System Administrator Department of BioMedical Informatics Emory University jimkin...@emory.edu 404.712.0300 bmi.emory.edu
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project