[Freeipa-users] replica install - Insufficient 'add' privilege ?
Martin Babinsky
mbabinsk at redhat.com
Fri Feb 10 12:45:49 UTC 2017
On 02/10/2017 01:29 PM, lejeczek wrote:
> hi everyone,
>
> I'm trying something mundane(can't think why, how my setup would be
> special/different) - replica installation - but I hit this:
>
> [42/44]: activating extdom plugin
> [43/44]: tuning directory server
> [44/44]: configuring directory to start on boot
> Done configuring directory server (dirsrv).
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> ipa.ipapython.install.cli.install_tool(Replica): ERROR Insufficient
> access: Insufficient 'add' privilege to add the entry
> 'cn=NTP,cn=work3.whale.private,cn=masters,cn=ipa,cn=etc,dc=whale,dc=private'.
> ipa.ipapython.install.cli.install_tool(Replica): ERROR The
> ipa-replica-install command failed. See /var/log/ipareplica-install.log
> for more information
>
> $and logs tail:
>
> 2017-02-10T12:20:46Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-WHALE-PRIVATE.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7999290>
> 2017-02-10T12:20:47Z DEBUG Destroyed connection context.ldap2_84192272
> 2017-02-10T12:20:47Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> execute
> return_value = self.run()
> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
> 318, in run
> cfgr.run()
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 310, in run
> self.execute()
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 332, in execute
> for nothing in self._executor():
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 372, in __runner
> self._handle_exception(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 394, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 362, in __runner
> step()
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 359, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 586, in _configure
> next(executor)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 372, in __runner
> self._handle_exception(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 449, in _handle_exception
> self.__parent._handle_exception(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 394, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 446, in _handle_exception
> super(ComponentBase, self)._handle_exception(exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 394, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 362, in __runner
> step()
> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 359, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
> line 63, in _install
> for nothing in self._installer(self.parent):
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 1714, in main
> promote(self)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 364, in decorated
> func(installer)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 1425, in promote
> remote_api.env.realm)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ntpinstance.py",
> line 43, in ntp_ldap_enable
> ntp.ldap_enable('NTP', fqdn, None, base_dn)
> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 512, in ldap_enable
> self.admin_conn.add_entry(entry)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1492, in add_entry
> self.conn.add_s(str(entry.dn), list(attrs.items()))
> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> self.gen.throw(type, value, traceback)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 971, in error_handler
> raise errors.ACIError(info=info)
>
> 2017-02-10T12:20:47Z DEBUG The ipa-replica-install command failed,
> exception: ACIError: Insufficient access: Insufficient 'add' privilege
> to add the entry
> 'cn=NTP,cn=work3.whale.private,cn=masters,cn=ipa,cn=etc,dc=whale,dc=private'.
> 2017-02-10T12:20:47Z ERROR Insufficient access: Insufficient 'add'
> privilege to add the entry
> 'cn=NTP,cn=work3.whale.private,cn=masters,cn=ipa,cn=etc,dc=whale,dc=private'.
> 2017-02-10T12:20:47Z ERROR The ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for more information
>
> would you share some thoughts?
> many thanks,
> L.
>
>
We need to know more details about the replica installation, is it
domain level 0? Domain level 1? In domain level 1, do you enroll as
admin user or using a privileged host account? Did you re-run the
installation? Maybe there is some stale ccache present on your system.
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list