george he wrote:
Hello,
I re-installed fedora 17 on my machine, did "yum update", and then tried
to install ipa-replica on myreplica. I got the same error message as
before:
# ipa-replica-install --setup-ca /var/lib/ipa/replica-info-myreplica.gpg
[24/30]: enabling S4U2Proxy delegation
ipa : CRITICAL Failed to load replica-s4u2proxy.ldif: Command
'/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpj3jpOC -x -D
cn=Directory Manager -y /tmp/tmpXfgq7D' returned non-zero exit status 1
[25/30]: initializing group membership
[26/30]: adding master entry
ipa : CRITICAL Failed to load master-entry.ldif: Command
'/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpjAXJjq -x -D
cn=Directory Manager -y /tmp/tmpHEZmhv' returned non-zero exit status 1
[27/30]: configuring Posix uid/gid generation
creation of replica failed: entry=dn:
cn=CA,cn=my.replica.edu,cn=masters,cn=ipa,cn=etc,dc=my,dc=replica,dc=edu
cn: CA
ipaconfigstring: enabledService
ipaconfigstring: startOrder 50
objectclass: nsContainer
objectclass: ipaConfigObject
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
The same error message was displayed after running
/usr/sbin/ipa-server-install --uninstall
and then re-run the installation. Here is what at the end of
/var/log/ipareplica-install.log:
File "/sbin/ipa-replica-install", line 494, in <module>
main()
File "/sbin/ipa-replica-install", line 437, in main
util.realm_to_suffix(config.realm_name))
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 311, in ldap_enable
self.admin_conn.addEntry(entry)
File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
496, in addEntry
self.__handle_errors(e, arg_desc=arg_desc)
File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
312, in __handle_errors
raise errors.NotFound(reason=arg_desc)
Any suggestions?
It would appear the previous uninstall didn't remove the CA. Did you
have to run pkiremove in order to get the CA to install the second
go-around?
What I would do is do the uninstall again. Do an ldapsearch on
cn=my.replica.edu,cn=masters,cn=ipa,cn=etc,dc=my,dc=replica,dc=edu on
another master and confirm that it is empty. If it isn't then use
ldapdelete to remove that entry and its children.
Then verify that the CA is gone, see if /var/lib/pki-ca exists. If it
does use pkiremove to delete the instance.
I think the next install will work. I believe the replica-s4u2proxy
failure can be ignored, we have a ticket open on that.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users