Re: [Freeipa-users] IPA domain level is 1, so replica prepare fails (new installation)
Thank you David. From: David Kupka Sent: Wednesday, March 22, 2017 12:06 AM To: Z D Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] IPA domain level is 1, so replica prepare fails (new installation) On Wed, Mar 22, 2017 at 04:38:58AM +, Z D wrote: > Hallo, I have a problem to prepare the replica. > > Environment: > > OS: Newly installed EL7.3 > > IPA Server: Newly installed ipa-server 4.4.0 > > The error: > > # ipa-replica-prepare > Replica creation using 'ipa-replica-prepare' to generate replica file > is supported only in 0-level IPA domain. > The current IPA domain level is 1 and thus the replica must > be created by promoting an existing IPA client. > To set up a replica use the following procedure: > 1.) set up a client on the host using 'ipa-client-install' > 2.) promote the client to replica running 'ipa-replica-install' > *without* replica file specified > 'ipa-replica-prepare' is allowed only in domain level 0 > The ipa-replica-prepare command failed. > > Any explanation for this and possible resolution, thanks, Zarko > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project You can also look into RHEL documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html -- David Kupka -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA domain level is 1, so replica prepare fails (new installation)
On Wed, Mar 22, 2017 at 04:38:58AM +, Z D wrote: > Hallo, I have a problem to prepare the replica. > > Environment: > > OS: Newly installed EL7.3 > > IPA Server: Newly installed ipa-server 4.4.0 > > The error: > > # ipa-replica-prepare > Replica creation using 'ipa-replica-prepare' to generate replica file > is supported only in 0-level IPA domain. > The current IPA domain level is 1 and thus the replica must > be created by promoting an existing IPA client. > To set up a replica use the following procedure: > 1.) set up a client on the host using 'ipa-client-install' > 2.) promote the client to replica running 'ipa-replica-install' > *without* replica file specified > 'ipa-replica-prepare' is allowed only in domain level 0 > The ipa-replica-prepare command failed. > > Any explanation for this and possible resolution, thanks, Zarko > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project You can also look into RHEL documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html -- David Kupka signature.asc Description: PGP signature -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA domain level is 1, so replica prepare fails (new installation)
On Wed, Mar 22, 2017 at 04:38:58AM +, Z D wrote: > Hallo, I have a problem to prepare the replica. > > Environment: > > OS: Newly installed EL7.3 > > IPA Server: Newly installed ipa-server 4.4.0 > > The error: > > # ipa-replica-prepare > Replica creation using 'ipa-replica-prepare' to generate replica file > is supported only in 0-level IPA domain. > The current IPA domain level is 1 and thus the replica must > be created by promoting an existing IPA client. > To set up a replica use the following procedure: > 1.) set up a client on the host using 'ipa-client-install' > 2.) promote the client to replica running 'ipa-replica-install' > *without* replica file specified > 'ipa-replica-prepare' is allowed only in domain level 0 > The ipa-replica-prepare command failed. > > Any explanation for this and possible resolution, thanks, Zarko > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project Hello Zarko, as already described in the output you've posted ipa-replica-prepare is no longer used when domain level is above 0. Since domain level 1 new replica is first joined to FreeIPA domain as client using ipa-client-install and then promoted to replica using ipa-replica-install. You can find out more about Replica Promotion on design page [1]. [1] https://www.freeipa.org/page/V4/Replica_Promotion -- David Kupka signature.asc Description: PGP signature -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
