[Freeipa-users] Unable to setup replica (kadmin.local: No such entry in the database)
Jonathan Dieter
jdieter at lesbg.com
Tue Sep 6 09:07:06 UTC 2016
I have a FreeIPA install with three server replicas that was originally
setup a couple years ago and, over time, has been upgraded to 4.2.4 on
Fedora 23.
I'm trying to add a fourth replica and it's failing in two places
(depending on whether I enable the CA or not). I'm assuming the
problem is that one of the upgrades didn't quite go right, and my
install is now missing something required for replication, but that's
just a guess.
Without --setup-ca:
Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
[1/8]: adding sasl mappings to the directory
[2/8]: configuring KDC
[3/8]: creating a keytab for the directory
[error] CalledProcessError: Command ''kadmin.local' '-q' 'addprinc
-randkey ldap/ipa4.lesbg.com at LOCAL.LESBG.COM' '-x' 'ipa-setup-override-
restrictions'' returned non-zero exit status 1
Looking at the logs, the error is:
2016-09-06T08:46:47Z DEBUG Process finished, return code=1
2016-09-06T08:46:47Z DEBUG stdout=Authenticating as principal root/admi
n at LOCAL.LESBG.COM with password.
2016-09-06T08:46:47Z DEBUG stderr=kadmin.local: No such entry in the
database while initializing kadmin.local interface
Full logs at:
http://lesloueizeh.com/jdieter/ipareplica-install-1.log
With --setup-ca:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
30 seconds
[1/23]: creating certificate server user
...
[15/23]: authorizing RA to modify profiles
[error] EmptyResult: no matching entry found
Full logs at:
http://lesloueizeh.com/jdieter/ipareplica-install-2.log
More information about the Freeipa-users
mailing list