Hi, I have no idea how.
regards Steven ________________________________________ From: Rob Crittenden <rcrit...@redhat.com> Sent: Tuesday, 17 February 2015 10:40 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade. Steven Jones wrote: > While attempting to initialise the new server I am getting, > > > [root@xx <mailto:root@vuwunicoipam001> replica-files]# ipa-replica-install > --setup-dns --forwarder=10.100.32.31 --no-reverse replica-info-xxx.gpg > --skip-conncheck --debug > > > =====8><---- > packages/ipaserver/install/plugins/update_uniqueness.py' > ipa : DEBUG importing plugin module > '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py' > ipa : DEBUG importing plugin module > '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py' > ipa.ipaserver.install.installutils: DEBUG group dirsrv exists > ipa.ipaserver.install.installutils: DEBUG user dirsrv exists > ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection > context.ldap2_59928528 > ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing > ldaps://vuwunicoipam002.ods.vuw.ac.nz from SchemaCache > ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache > url=ldaps://vuwunicoipam002.ods.vuw.ac.nz > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x39d9ef0> > error copying files: failed to decode certificate: > (SEC_ERROR_LIBRARY_FAILURE) security library failure. > ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection > context.ldap2_59928528 > ipa : DEBUG File > "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line > 646, in run_script > return_value = main_function() > > File "/sbin/ipa-replica-install", line 658, in main > install_ca_cert(conn, api.env.basedn, api.env.realm, cafile) > > File "/sbin/ipa-replica-install", line 227, in install_ca_cert > sys.exit(1) > > ipa : DEBUG The ipa-replica-install command failed, exception: > SystemExit: 1 > > ======== > > > Any idea what is wrong please? What a strange error. My initial thought was that it couldn't read or parse the CA cert from the 3.0 master, but this security library error is unexpected. I might be sending you on a wild goose chase but take a look at the CA cert in cn=CAcert,cn=ipa,cn=etc,$SUFFIX There was a bug quite a while back where the cert value was double-base64-encoded. I wouldn't expect this error from this problem but who knows. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project