Re: [Freeipa-users] New install, unsupported format?

2017-02-28 Thread Steve Huston
On Tue, Feb 28, 2017 at 4:26 AM, Standa Laznicka wrote: > On 02/27/2017 04:51 PM, Steve Huston wrote: >> It seems there might be two issues here; the one I originally reported >> was that the ipa-server packages installed on a client machine are >> unable to talk to the

Re: [Freeipa-users] New install, unsupported format?

2017-02-28 Thread Standa Laznicka
On 02/27/2017 04:51 PM, Steve Huston wrote: On Mon, Feb 27, 2017 at 5:56 AM, Standa Laznicka wrote: Sorry for the hold up. Two questions - is this domain level 1 or 0 (you can run `ipa domainlevel-get` on the master if you don't know)? Did you have a client installed prior

Re: [Freeipa-users] New install, unsupported format?

2017-02-27 Thread Steve Huston
On Mon, Feb 27, 2017 at 5:56 AM, Standa Laznicka wrote: > Sorry for the hold up. Two questions - is this domain level 1 or 0 (you can > run `ipa domainlevel-get` on the master if you don't know)? Did you have a > client installed prior to ipa-replica-install? It's level 1.

Re: [Freeipa-users] New install, unsupported format?

2017-02-27 Thread Standa Laznicka
On 02/24/2017 08:38 PM, Steve Huston wrote: So, I tried a different tack. Took my bare VM configured as an IPA client, did a 'yum install ipa-server' and edited the cainstance.py file to fix the IPv6 issue. Then, without adding the host to ipaservers in the webui, I simply tried to promote it:

Re: [Freeipa-users] New install, unsupported format?

2017-02-24 Thread Steve Huston
So, I tried a different tack. Took my bare VM configured as an IPA client, did a 'yum install ipa-server' and edited the cainstance.py file to fix the IPv6 issue. Then, without adding the host to ipaservers in the webui, I simply tried to promote it: # kinit admin Password for

Re: [Freeipa-users] New install, unsupported format?

2017-02-24 Thread Steve Huston
On Fri, Feb 24, 2017 at 2:31 AM, Standa Laznicka wrote: > Hello, > I don't quite understand your situation - have the error happened during an > addition of the host to the "ipaservers" group or during replica > installation? It was during the addition of the host. In fact,

Re: [Freeipa-users] New install, unsupported format?

2017-02-23 Thread Standa Laznicka
Hello, I don't quite understand your situation - have the error happened during an addition of the host to the "ipaservers" group or during replica installation? Certutil is a wonderful piece of software that returns "(SEC_ERROR_LEGACY_DATABASE)" in about 90% of most common cases but I have

Re: [Freeipa-users] New install, unsupported format?

2017-02-23 Thread Steve Huston
I already had to do that previously to get other things to work; I had solved it by changing line 582 of /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py from "::1" to "localhost" before installing the server. I did do this on the to-be-promoted client as well, to no avail. On

Re: [Freeipa-users] New install, unsupported format?

2017-02-23 Thread Rob Crittenden
Steve Huston wrote: > Next stage of my testing was to make a replica of the FreeIPA server, > and I started by doing a 'yum install ipa-server' and then moved on to > adding the host to the ipaservers group. This fails every time > however, with the error: > > ipa: ERROR: cannot connect to >