[Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server

[Natxo Asenjo]

hi,

On Tue, Sep 13, 2016 at 9:36 PM, Endi Sukma Dewata <edewata at redhat.com>
wrote:

> On 9/12/2016 9:35 PM, Endi Sukma Dewata wrote:
>
>> On 9/9/2016 2:46 PM, Georgios Kafataridis wrote:
>>
>>> I've tried that but still the same result.
>>>
>>> [root at ipa-server /]# ldapsearch -D "cn=directory manager" -W -p 389 -h
>>> localhost -b "uid=admin,ou=people,o=ipaca"
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <uid=admin,ou=people,o=ipaca> with scope subtree
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # search result
>>> search: 2
>>> result: 32 No such object
>>>
>>
>> Hi,
>>
>> The master's logs indicate there's an authentication issue.
>>
>> Could you search the whole directory to find the admin user?
>> $ ldapsearch ... -b "o=ipaca" "(uid=admin)"
>>
>> Try also other suffixes that you have in the DS.
>>
>> If you find it, try to authenticate against DS directly as the admin
>> user. If the authentication fails, try resetting the password.
>>
>
> I believe there is actually another DS instance on CentOS 6.8 running on
> port 7389, so make sure you check that too. If the admin user is indeed
> missing, it will need to be recreated, assigned a password and certificate,
> and added to the appropriate groups.
>
> See also: http://pki.fedoraproject.org/wiki/IPA_PKI_Users
>


I am having this problem too (see thread with subject " adding replica
centos 7 to centos 6 fails [error] ObjectclassViolation: attribute
"unhashed#user#password" not allowed"

If the usercertificate attribute of this user is expired, could this be the
cause of these problems?

I can login with the password as user uid=admin,ou=people,o=ipaca, but the
certificate expired 2014-10-28

-- 
regards,
Natxo



-- 
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160914/590d9e2b/attachment.htm>