I already had to do that previously to get other things to work; I had
solved it by changing line 582 of
"::1" to "localhost" before installing the server. I did do this on
the to-be-promoted client as well, to no avail.
On Thu, Feb 23, 2017 at 4:25 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Steve Huston wrote:
>> Next stage of my testing was to make a replica of the FreeIPA server,
>> and I started by doing a 'yum install ipa-server' and then moved on to
>> adding the host to the ipaservers group. This fails every time
>> however, with the error:
>> ipa: ERROR: cannot connect to
>> (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
>> unsupported format.
>> Searches on this seem to turn up things like expired certificates, or
>> "reboot httpd" (I went ahead and rebooted the whole ipa server), but
>> nothing concrete. Suggestions? Everything (server and soon-to-be
>> replica) running RHEL7.3 with all updates.
> See the workaround in https://fedorahosted.org/freeipa/ticket/6575#comment:9
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
Princeton University | ICBM Address: 40.346344 -74.652242
345 Lewis Library |"On my ship, the Rocinante, wheeling through
Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus,
(267) 793-0852 | headlong into mystery." -Rush, 'Cygnus X-1'
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project