Hey there - 

I¹m working a FreeIPA box (ipa-server-3.0.0-42) - Our original PKI ³master²
was nuked a while ago and I have a suspicion that none of the other ³master²
freeipa replicas were ³promoted² (sorry for the over-use of ³ )

So we went ahead and ran through these instructions and are currently in a
weird state:

krb5 won¹t start and the getcert list command is returning CA_UNREACHABLE

krb5kdc: Server error - while fetching master key K/M for realm

ca-error: Error setting up ccache for "host" service on client using default
keytab: Cannot contact any KDC for realm

So I don¹t think I can promote another master/replica ?



Attachment: smime.p7s
Description: S/MIME cryptographic signature

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to