[Freeipa-users] adding replica centos 7 to centos 6 fails [error] ObjectclassViolation: attribute "unhashed#user#password" not allowed
Natxo Asenjo
natxo.asenjo at gmail.com
Tue Sep 13 12:39:52 UTC 2016
On Tue, Sep 13, 2016 at 2:10 PM, Natxo Asenjo <natxo.asenjo at gmail.com>
wrote:
> hi,
>
> when trying to add a replica to the Idm environment of a host running
> centos 7 (fully patched) to an existing centos 6.8 realm I get this error:
>
ok, some progress. I found this:
https://fedorahosted.org/389/ticket/470
So I went ahead and rebooted the master 6.8 kdc I was replicating from and
then it failed in the certificate server instance:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure
CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpyHV1BW''
returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation
logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki-ca-install.log
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
[error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(Replica): ERROR CA configuration
failed.
But there is no /var/log/pki-ca-install.log :
# ls -ltr /var/log/
total 1708
drwx------. 2 root root 6 Jun 10 2014 ppp
drwxr-xr-x. 2 ntp ntp 6 May 31 12:29 ntpstats
drwx------. 2 root root 6 Jul 18 17:30 httpd
drwxr-x---. 2 sssd sssd 6 Aug 2 18:58 sssd
-rw-------. 1 root root 0 Sep 13 13:19 tallylog
drwx------. 3 root root 16 Sep 13 13:19 samba
-rw-------. 1 root root 0 Sep 13 13:20 spooler
drwxr-xr-x. 2 root root 4096 Sep 13 13:23 anaconda
drwxr-x---. 2 root root 22 Sep 13 13:23 audit
drwxr-xr-x. 2 root root 22 Sep 13 13:23 tuned
drwxrwx---. 2 tomcat root 25 Sep 13 13:31 tomcat
-rw-------. 1 root root 15126 Sep 13 13:31 yum.log
-rw-------. 1 root root 8786 Sep 13 13:31 ipaupgrade.log
-rw-r--r--. 1 root root 94862 Sep 13 13:59 dmesg.old
-rw-------. 1 root root 18112 Sep 13 14:29 ipaclient-install.log
-rw-------. 1 root root 40193 Sep 13 14:29 ipaclient-uninstall.log
-rw-------. 1 root root 35796 Sep 13 14:29 ipaserver-uninstall.log
-rw-r--r--. 1 root root 94862 Sep 13 14:30 dmesg
-rw-r--r--. 1 root root 8591 Sep 13 14:30 boot.log
-rw-------. 1 root root 2587 Sep 13 14:30 cron
-rw-r--r--. 1 root root 200 Sep 13 14:30 wpa_supplicant.log
-rw-------. 1 root root 958 Sep 13 14:30 maillog
-rw-------. 1 root utmp 768 Sep 13 14:30 btmp
-rw-rw-r--. 1 root utmp 13056 Sep 13 14:30 wtmp
-rw-r--r--. 1 root root 291416 Sep 13 14:30 lastlog
-rw-------. 1 root root 7318 Sep 13 14:31 ipareplica-conncheck.log
drwxr-xr-x. 3 root root 35 Sep 13 14:31 dirsrv
drwxr-xr-x. 4 root root 4096 Sep 13 14:32 pki
-rw-------. 1 root root 87106 Sep 13 14:32 secure
-rw-------. 1 root root 742436 Sep 13 14:32 messages
-rw-------. 1 root root 202169 Sep 13 14:33 ipareplica-install.log
In the ipa-replica-install.log , though, I find this:
pkispawn : ERROR ....... Exception from Java Configuration Servlet:
500 Server Error: Internal Server Error
pkispawn : ERROR ....... ParseError: not well-formed (invalid token):
line 1, column 0:
{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Clone
does not have all the required certificates"}
Any clue?
--
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160913/53806d93/attachment.htm>
More information about the Freeipa-users
mailing list