Steven Jones wrote:
8><----
starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
[21/27]: adding replication acis
[22/27]: initializing group membership
[23/27]: adding master entry
[24/27]: configuring Posix uid/gid generation
[25/27]: enabling compatibility plugin
[26/27]: tuning directory server
[27/27]: configuring directory to start on boot
done configuring dirsrv.
Configuring Kerberos KDC: Estimated time 30 seconds
[1/9]: adding sasl mappings to the directory
[2/9]: writing stash file from DS
[3/9]: configuring KDC
[4/9]: creating a keytab for the directory
[5/9]: creating a keytab for the machine
[6/9]: adding the password extension to the directory
[7/9]: enable GSSAPI for replication
creation of replica failed: list index out of range
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[root@fed14-64-ipam002 ~]#
messages log
==================
Mar 3 00:12:04 fed14-64-ipam002 kernel: [11214.180151] ns-slapd[7867]:
segfault at 0 ip 00007f
e9a7fd5de4 sp 00007fe9617e0910 error 4 in libipa_uuid.so[7fe9a7fd3000
+5000]
==================
Replica install log
==================
8><----
2011-03-03 00:12:14,977 INFO Changing agreement
cn=meTofed14-64-ipam002.ipa.ac.nz,cn=replica,cn
=dc\3Dipa\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping tree,cn=config to restore
original schedule 0000-2359
0123456
2011-03-03 00:12:15,997 INFO Replication Update in progress: FALSE:
status: 0 Replica acquired
successfully: Incremental update succeeded: start: 20110302111214Z: end:
20110302111214Z
2011-03-03 00:12:16,048 DEBUG list index out of range
File "/usr/sbin/ipa-replica-install", line 507, in<module>
main()
File "/usr/sbin/ipa-replica-install", line 468, in main
install_krb(config, setup_pkinit=options.setup_pkinit)
File "/usr/sbin/ipa-replica-install", line 216, in install_krb
setup_pkinit, pkcs12_info)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py",
line 211, in create
_replica
self.start_creation("Configuring Kerberos KDC", 30)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 283, in start_crea
tion
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py",
line 556, in __conv
ert_to_gssapi_replication
r_bindpw=self.dm_password)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 688, in conver
t_to_gssapi_replication
self.gssapi_update_agreements(self.conn, r_conn)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 458, in gssapi
_update_agreements
self.setup_krb_princs_as_replica_binddns(a, b)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 451, in setup_
krb_princs_as_replica_binddns
mod = [(ldap.MOD_ADD, "nsds5replicabinddn", a_pn[0].dn)]
====================
So how to fix?
regards
Steven
Ok, this is a new one and may be similar to other hostname issues you've
run into. Can you give me the output of this search:
ldapsearch -x -b 'dc=example,dc=com' 'krbprincipalname=ldap/*' dn
I would expect the same results from both your new replica and your
existing master but if they're different that would be good to know.
I'm going to guess that either we stored a non-fqdn or we're searching
for a non-fqdn (we'll have to infer that, I think, if you have the fqdn
stored in LDAP).
We are doing a very specific search for the principal for the hostnames
on each side of the replication agreement, I'm guessing that we're not
finding one of them and we haven't taken that into consideration. I
filed https://fedorahosted.org/freeipa/ticket/1044 for this.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
