[Freeipa-users] Error setting up Replication: ldap service principals is missing. Replication agreement cannot be converted
Kilian Ries
mail at kilian-ries.de
Wed Apr 13 09:25:49 UTC 2016
Does nobody have an idea whats the problem here?
Thanks
Kilian
________________________________
Von: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> im Auftrag von Kilian Ries <mail at kilian-ries.de>
Gesendet: Mittwoch, 6. April 2016 10:41
An: freeipa-users at redhat.com
Betreff: [Freeipa-users] Error setting up Replication: ldap service principals is missing. Replication agreement cannot be converted
Hello,
i have an existing FreeIPA installation (4.2.0) on CentOS 7.2 and i'm trying to add an replication partner.
During the installation i got the following error:
###
Restarting the directory and certificate servers
Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
[1/8]: adding sasl mappings to the directory
[2/8]: configuring KDC
[3/8]: creating a keytab for the directory
[4/8]: creating a keytab for the machine
[5/8]: adding the password extension to the directory
[6/8]: enable GSSAPI for replication
[error] RuntimeError: One of the ldap service principals is missing. Replication agreement cannot be converted.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR One of the ldap service principals is missing. Replication agreement cannot be converted.
###
The installation Log shows the following:
###
2016-04-06T08:22:34Z INFO Getting ldap service principals for conversion: (krbprincipalname=ldap/auth02.intern.eu at INTERN.EU) and (krbprincipalname=ldap/auth01.intern.eu at INTERN.EU)
2016-04-06T08:22:34Z DEBUG Unable to find entry for (krbprincipalname=ldap/auth02.intern.eu at INTERN.EU) on auth01.intern.eu:636
2016-04-06T08:22:34Z INFO Setting agreement cn=meToauth01.intern.eu,cn=replica,cn=dc\=intern\,dc\=customer-virt\,dc\=eu,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
2016-04-06T08:22:35Z INFO Deleting schedule 2358-2359 0 from agreement cn=meToauth01.intern.eu,cn=replica,cn=dc\=intern\,dc\=customer-virt\,dc\=eu,cn=mapping tree,cn=config
2016-04-06T08:22:36Z INFO Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 0: end: 0
2016-04-06T08:22:36Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", line 438, in __convert_to_gssapi_replication
r_bindpw=self.dm_password)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1104, in convert_to_gssapi_replication
self.gssapi_update_agreements(self.conn, r_conn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 797, in gssapi_update_agreements
self.setup_krb_princs_as_replica_binddns(a, b)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 767, in setup_krb_princs_as_replica_binddns
(a_dn, b_dn) = self.get_replica_principal_dns(a, b, retries=100)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 751, in get_replica_principal_dns
raise RuntimeError(error)
RuntimeError: One of the ldap service principals is missing. Replication agreement cannot be converted.
2016-04-06T08:22:36Z DEBUG [error] RuntimeError: One of the ldap service principals is missing. Replication agreement cannot be converted.
2016-04-06T08:22:36Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 311, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 281, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 303, in execute
for nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 343, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 333, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 524, in _configure
executor.next()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 343, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 333, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
for nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 879, in main
install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 295, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 586, in install
krb = install_krb(config, setup_pkinit=not options.no_pkinit)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 93, in install_krb
setup_pkinit, pkcs12_info)
File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", line 214, in create_replica
self.start_creation(runtime=30)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", line 438, in __convert_to_gssapi_replication
r_bindpw=self.dm_password)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1104, in convert_to_gssapi_replication
self.gssapi_update_agreements(self.conn, r_conn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 797, in gssapi_update_agreements
self.setup_krb_princs_as_replica_binddns(a, b)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 767, in setup_krb_princs_as_replica_binddns
(a_dn, b_dn) = self.get_replica_principal_dns(a, b, retries=100)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 751, in get_replica_principal_dns
raise RuntimeError(error)
2016-04-06T08:22:36Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: One of the ldap service principals is missing. Replication agreement cannot be converted.
2016-04-06T08:22:36Z ERROR One of the ldap service principals is missing. Replication agreement cannot be converted.
###
Can anybody help me?
Thanks
Greets
Kilian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160413/8d50454d/attachment.htm>
More information about the Freeipa-users
mailing list