Steven Jones wrote:
> While attempting to initialise the new server I am getting,
> 
> 
> [root@xx <mailto:root@vuwunicoipam001> replica-files]# ipa-replica-install 
> --setup-dns --forwarder=10.100.32.31 --no-reverse replica-info-xxx.gpg 
> --skip-conncheck --debug
> 
> 
> =====8><----
> packages/ipaserver/install/plugins/update_uniqueness.py'
> ipa         : DEBUG    importing plugin module 
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py'
> ipa         : DEBUG    importing plugin module 
> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py'
> ipa.ipaserver.install.installutils: DEBUG    group dirsrv exists
> ipa.ipaserver.install.installutils: DEBUG    user dirsrv exists
> ipa.ipaserver.plugins.ldap2.ldap2: DEBUG    Created connection 
> context.ldap2_59928528
> ipa.ipapython.ipaldap.SchemaCache: DEBUG    flushing 
> ldaps://vuwunicoipam002.ods.vuw.ac.nz from SchemaCache
> ipa.ipapython.ipaldap.SchemaCache: DEBUG    retrieving schema for SchemaCache 
> url=ldaps://vuwunicoipam002.ods.vuw.ac.nz 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x39d9ef0>
> error copying files: failed to decode certificate: 
> (SEC_ERROR_LIBRARY_FAILURE) security library failure.
> ipa.ipaserver.plugins.ldap2.ldap2: DEBUG    Destroyed connection 
> context.ldap2_59928528
> ipa         : DEBUG      File 
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 
> 646, in run_script
>     return_value = main_function()
> 
>   File "/sbin/ipa-replica-install", line 658, in main
>     install_ca_cert(conn, api.env.basedn, api.env.realm, cafile)
> 
>   File "/sbin/ipa-replica-install", line 227, in install_ca_cert
>     sys.exit(1)
> 
> ipa         : DEBUG    The ipa-replica-install command failed, exception: 
> SystemExit: 1
> 
> ========
> 
> 
> Any idea what is wrong please?

What a strange error. My initial thought was that it couldn't read or
parse the CA cert from the 3.0 master, but this security library error
is unexpected.

I might be sending you on a wild goose chase but take a look at the CA
cert in cn=CAcert,cn=ipa,cn=etc,$SUFFIX

There was a bug quite a while back where the cert value was
double-base64-encoded. I wouldn't expect this error from this problem
but who knows.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to