Tank you very much for your response.
Adding debugging to /etc/ipa/server.conf did not add any additional
information, but I discovered that -d flag to
ipa-replica-install gives a lot of information.
After a lot of weird stuff, problems and son on, I decided to scratch the
entire server completely and start all over.
Now the replica is working again. Server must have had a brain damage at some
JN Data A/S * Havsteensvej 4 * 4000 Roskilde
Telefon 63 63 63 63/ Fax 63 63 63 64
From: Florence Blanc-Renaud [mailto:f...@redhat.com]
Sent: 25. april 2017 10:30
To: Bjarne Blichfeldt <b...@jndata.dk>; email@example.com
Subject: Re: [Freeipa-users] ipa-replica-install failes on setup-ca
On 04/24/2017 09:37 AM, Bjarne Blichfeldt wrote:
> We had problems with one idm replica complaining about different ldap
1/ you may find more information about the CA installation failure in
To enable debug logs, you can create the file /etc/ipa/server.conf:
$ cat /etc/ipa/server.conf
debug = True
2/ the error in httpd/error_log may indicate that your certificate expired,
could you check if all the certificates are still valid?
$ sudo certutil -L -d /etc/httpd/alias/ -n Server-Cert | grep Not
Not Before: Thu Apr 20 15:03:40 2017
Not After : Sun Apr 21 15:03:40 2019
3/ I recall CA install issues when an old /root/cacert.p12 was left on a
replica between uninstall and install. Can you try to delete this file and
re-try the ipa-replica-install?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project