[Freeipa-users] How to remove the CA cert from an IDM replica
Todd Maugh
tmaugh at boingo.com
Wed Mar 12 22:03:52 UTC 2014
skipping the con check due to a clock skew error
________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Wednesday, March 12, 2014 2:39 PM
To: Todd Maugh; Simo Sorce; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] How to remove the CA cert from an IDM replica
Todd Maugh wrote:
> Im seeing this error:
>
> where is the install log located
>
> [root at idm-rep02-w1c-aws ipa]# ipa-replica-install --setup-ca /var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg --skip-conncheck
> Directory Manager (existing master) password:
>
> Configuring NTP daemon (ntpd)
> [1/4]: stopping ntpd
> [2/4]: writing configuration
> [3/4]: configuring ntpd to start on boot
> [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> A CA is already configured on this system.
# /usr/bin/pkiremove -pki_instance_root=/var/lib
-pki_instance_name=pki-ca --force
> [root at idm-rep02-w1c-aws ipa]# ipa-replica-install /var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg --skip-conncheck
> Directory Manager (existing master) password:
>
> Configuring NTP daemon (ntpd)
> [1/4]: stopping ntpd
> [2/4]: writing configuration
> [3/4]: configuring ntpd to start on boot
> [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server (dirsrv): Estimated time 1 minute
> [1/31]: creating directory server user
> [2/31]: creating directory server instance
> [3/31]: adding default schema
> [4/31]: enabling memberof plugin
> [5/31]: enabling winsync plugin
> [6/31]: configuring replication version plugin
> [7/31]: enabling IPA enrollment plugin
> [8/31]: enabling ldapi
> [9/31]: disabling betxn plugins
> [10/31]: configuring uniqueness plugin
> [11/31]: configuring uuid plugin
> [12/31]: configuring modrdn plugin
> [13/31]: enabling entryUSN plugin
> [14/31]: configuring lockout plugin
> [15/31]: creating indices
> [16/31]: enabling referential integrity plugin
> [17/31]: configuring ssl for ds instance
> [18/31]: configuring certmap.conf
> [19/31]: configure autobind for root
> [20/31]: configure new location for managed entries
> [21/31]: restarting directory server
> [22/31]: setting up initial replication
> Starting replication, please wait until this has completed.
> [idm-master-els.ops.boingo.com] reports: Update failed! Status: [-1 - LDAP error: Can't contact LDAP server]
Why are you skipping the conncheck? It looks like there is a firewall issue.
rob
More information about the Freeipa-users
mailing list