[Freeipa-users] adding replica centos 7 to centos 6 fails [error] ObjectclassViolation: attribute "unhashed#user#password" not allowed

Natxo Asenjo natxo.asenjo at gmail.com
Tue Sep 13 12:39:52 UTC 2016 

On Tue, Sep 13, 2016 at 2:10 PM, Natxo Asenjo <natxo.asenjo at gmail.com>
wrote:

> hi,
>
> when trying to add a replica to the Idm environment of a host running
> centos 7 (fully patched) to an existing centos 6.8 realm I get this error:
>

ok, some progress. I found this:

https://fedorahosted.org/389/ticket/470

So I went ahead and rebooted the master 6.8 kdc I was replicating from and
then it failed in the certificate server instance:


ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure
CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpyHV1BW''
returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation
logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki-ca-install.log
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    CA configuration
failed.


But there is no /var/log/pki-ca-install.log :

# ls -ltr /var/log/
total 1708
drwx------. 2 root   root      6 Jun 10  2014 ppp
drwxr-xr-x. 2 ntp    ntp       6 May 31 12:29 ntpstats
drwx------. 2 root   root      6 Jul 18 17:30 httpd
drwxr-x---. 2 sssd   sssd      6 Aug  2 18:58 sssd
-rw-------. 1 root   root      0 Sep 13 13:19 tallylog
drwx------. 3 root   root     16 Sep 13 13:19 samba
-rw-------. 1 root   root      0 Sep 13 13:20 spooler
drwxr-xr-x. 2 root   root   4096 Sep 13 13:23 anaconda
drwxr-x---. 2 root   root     22 Sep 13 13:23 audit
drwxr-xr-x. 2 root   root     22 Sep 13 13:23 tuned
drwxrwx---. 2 tomcat root     25 Sep 13 13:31 tomcat
-rw-------. 1 root   root  15126 Sep 13 13:31 yum.log
-rw-------. 1 root   root   8786 Sep 13 13:31 ipaupgrade.log
-rw-r--r--. 1 root   root  94862 Sep 13 13:59 dmesg.old
-rw-------. 1 root   root  18112 Sep 13 14:29 ipaclient-install.log
-rw-------. 1 root   root  40193 Sep 13 14:29 ipaclient-uninstall.log
-rw-------. 1 root   root  35796 Sep 13 14:29 ipaserver-uninstall.log
-rw-r--r--. 1 root   root  94862 Sep 13 14:30 dmesg
-rw-r--r--. 1 root   root   8591 Sep 13 14:30 boot.log
-rw-------. 1 root   root   2587 Sep 13 14:30 cron
-rw-r--r--. 1 root   root    200 Sep 13 14:30 wpa_supplicant.log
-rw-------. 1 root   root    958 Sep 13 14:30 maillog
-rw-------. 1 root   utmp    768 Sep 13 14:30 btmp
-rw-rw-r--. 1 root   utmp  13056 Sep 13 14:30 wtmp
-rw-r--r--. 1 root   root 291416 Sep 13 14:30 lastlog
-rw-------. 1 root   root   7318 Sep 13 14:31 ipareplica-conncheck.log
drwxr-xr-x. 3 root   root     35 Sep 13 14:31 dirsrv
drwxr-xr-x. 4 root   root   4096 Sep 13 14:32 pki
-rw-------. 1 root   root  87106 Sep 13 14:32 secure
-rw-------. 1 root   root 742436 Sep 13 14:32 messages
-rw-------. 1 root   root 202169 Sep 13 14:33 ipareplica-install.log

In the ipa-replica-install.log , though, I find this:

pkispawn    : ERROR    ....... Exception from Java Configuration Servlet:
500 Server Error: Internal Server Error
pkispawn    : ERROR    ....... ParseError: not well-formed (invalid token):
line 1, column 0:
{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Clone
does not have all the required certificates"}

Any clue?



-- 
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160913/53806d93/attachment.htm>

More information about the Freeipa-users mailing list