Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

On 02/17/2015 12:08 AM, Rob Crittenden wrote: Steven Jones wrote: ? [root@xx ipa]# ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX SASL/GSSAPI authentication started SASL username: SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

Steven Jones wrote: Hi, I have no idea how. $ kinit admin $ ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX It should have an attribuete cACertificate;binary likely beginning with MII. If it begins with TU then it is likely double-encoded. And remember, this may be a red herring.

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

? [root@xx ipa]# ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX SASL/GSSAPI authentication started SASL username: SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base cn=CAcert,cn=ipa,cn=etc, with scope subtree # filter: (objectclass=*) #

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

Hi, I have no idea how. regards Steven From: Rob Crittenden rcrit...@redhat.com Sent: Tuesday, 17 February 2015 10:40 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

Steven Jones wrote: ? [root@xx ipa]# ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX SASL/GSSAPI authentication started SASL username: SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base cn=CAcert,cn=ipa,cn=etc, with scope subtree #

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

yep this is all double dutch to me. regards Steven From: Rob Crittenden rcrit...@redhat.com Sent: Tuesday, 17 February 2015 12:08 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] trying to get a RHEL7.1 beta second master

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

= cACertificate;binary:: TUlJQ0NUQ0NBWEtnQX8--- = :( So now what? regards Steven From: Rob Crittenden rcrit...@redhat.com Sent: Tuesday, 17 February 2015 12:08 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re:

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

Steven Jones wrote: = cACertificate;binary:: TUlJQ0NUQ0NBWEtnQX8--- Now you need to replace the contents of this double-encoded value with an actual binary value. First create the necessary file: $ openssl x509 -inform pem -outform der -in /etc/ipa/ca.crt -out /tmp/ca.der Now

Re: [Freeipa-users] trying to get a RHEL7.1 beta second master into a RHEL6.6 cluster so I can upgrade.

Steven Jones wrote: While attempting to initialise the new server I am getting, [root@xx mailto:root@vuwunicoipam001 replica-files]# ipa-replica-install --setup-dns --forwarder=10.100.32.31 --no-reverse replica-info-xxx.gpg --skip-conncheck --debug =8