Hey there - I¹m working a FreeIPA box (ipa-server-3.0.0-42) - Our original PKI ³master² was nuked a while ago and I have a suspicion that none of the other ³master² freeipa replicas were ³promoted² (sorry for the over-use of ³ )
So we went ahead and ran through these instructions and are currently in a weird state: http://www.freeipa.org/page/IPA_2x_Certificate_Renewal krb5 won¹t start and the getcert list command is returning CA_UNREACHABLE krb5kdc: Server error - while fetching master key K/M for realm status: CA_UNREACHABLE ca-error: Error setting up ccache for "host" service on client using default keytab: Cannot contact any KDC for realm So I don¹t think I can promote another master/replica ? Thanks, Mike
smime.p7s
Description: S/MIME cryptographic signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
