[Freeipa-users] Upgrade/Migration steps
Joshua J. Kugler
joshua at azariah.com
Thu Jun 20 00:04:04 UTC 2013
Hit more glitches. As to the expired CA cert, I set the clock back, then ran
ipa-replica-prepare. That got me the bundle.
Took that to the new one.
Tried running
ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg
But that gave me:
<snip>
> Connection from replica to master is OK.
> Start listening on required ports for remote master check
> Get credentials to log in to remote master
> admin at LAB.WHAMCLOUD.COM password:
>
> Cannot acquire Kerberos ticket: kinit: Cannot read password while getting
> initial credentials
>
> Connection check failed!
> Please fix your network settings according to error messages above.
> If the check results are not valid it can be skipped with --skip-conncheck
> parameter.
I know the admin password is correct, as I just reset it. Is the connection
check really failing, or is the ipa-install-replica script not passing the
password to the kerberos client?
Next, I tried:
ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg --
skip-conncheck
But I just got:
ipa : CRITICAL CA DS schema check failed. Make sure the PKI service on
the remote master is operational.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
LDAP error: PROTOCOL_ERROR
unsupported extended operation
Siiiigh...I'm about to give up and just bring up a new system and tell
everyone their passwords got reset. :(
Ideas?
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
joshua at azariah.com - Jabber: pedahzur at gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
More information about the Freeipa-users
mailing list