dan.finkelst...@high5games.com wrote:
This advice has gotten me much further, thanks. We didn't have an HBAC
rule for admin and, now with it in place, connection checks and other
commands appear to be working that haven't worked before. I'm still
getting caught on the CA portion of the replica
dan.finkelst...@high5games.com wrote:
By the way, I want to mention the conncheck: if I don't skip it, it
tries to ssh into the master IPA instance as 'admin@', rather
than the user (root), and fails. All other parts of the connectivity
check work, however. Why does it try to access the master
By the way, I want to mention the conncheck: if I don't skip it, it tries to
ssh into the master IPA instance as 'admin@', rather than the user
(root), and fails. All other parts of the connectivity check work, however. Why
does it try to access the master as a Kerberos principal instead of the
Swing and a miss: when setting up the replicas, we always use the —setup-ca and
end the command with the replica gpg file, but it's the —setup-ca that fails
as per the earlier messages. If we proceed without —setup-ca, it's fine. I'll
try it without skipping the connection check, but I don't
dan.finkelst...@high5games.com wrote:
Swing and a miss: when setting up the replicas, we always use the
setup-ca and end the command with the replica gpg file, but it's the
setup-ca that fails as per the earlier messages. If we proceed without
setup-ca, it's fine. I'll try it without
dan.finkelst...@high5games.com wrote:
A further update: when I try to install the CA component, it erroneously
says that the CA is installed:
root@ipa ~]# ipa-ca-install --skip-conncheck --debug
[ snip ]
ipa : DEBUGThe ipa-ca-install command failed, exception:
SystemExit: CA is
Hi Rob,
There's a few logs in there, I'm not sure which is most informative. Here are
some sections from what I think are relevant logs:
/var/log/pki/pki-tomcat/localhost.log:
Jun 01, 2016 12:16:34 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet
dan.finkelst...@high5games.com wrote:
Hi Sebastian,
Unfortunately, that doesn't seem to be it and reinstalling the replica
with setup-ca failed again with the same errors. I've included relevant
sections of the logs.
/var/log/ipareplica-install.log:
016-06-02T10:43:16Z DEBUG Starting
Hi Sebastian,
Unfortunately, that doesn't seem to be it and reinstalling the replica with
—setup-ca failed again with the same errors. I've included relevant sections of
the logs.
/var/log/ipareplica-install.log:
016-06-02T10:43:16Z DEBUG Starting external process
2016-06-02T10:43:16Z DEBUG
Hi Dan,
I had a similar problem when updating my FreeIPA. In my case it turned
out that the certificates that get bundled with the replica preparation
file were expired. This is due to the /root/cacert.p12 file not being
updated during the preparation process until FreeIPA 3.2.2
The file can be
10 matches
Mail list logo
