SHARE
TWEET

freeipa-2.lab.lan replication setup

a guest May 25th, 2018 38 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [root@freeipa-2 fedora]# ipa-replica-install
  2. WARNING: conflicting time&date synchronization service 'chronyd' will
  3. be disabled in favor of ntpd
  4.  
  5. Password for admin@LAB.LAN:
  6. Run connection check to master
  7. Connection check OK
  8. Configuring NTP daemon (ntpd)
  9.   [1/4]: stopping ntpd
  10.   [2/4]: writing configuration
  11.   [3/4]: configuring ntpd to start on boot
  12.   [4/4]: starting ntpd
  13. Done configuring NTP daemon (ntpd).
  14. Configuring directory server (dirsrv). Estimated time: 30 seconds
  15.   [1/41]: creating directory server instance
  16.   [2/41]: enabling ldapi
  17.   [3/41]: configure autobind for root
  18.   [4/41]: stopping directory server
  19.   [5/41]: updating configuration in dse.ldif
  20.   [6/41]: starting directory server
  21.   [7/41]: adding default schema
  22.   [8/41]: enabling memberof plugin
  23.   [9/41]: enabling winsync plugin
  24.   [10/41]: configuring replication version plugin
  25.   [11/41]: enabling IPA enrollment plugin
  26.   [12/41]: configuring uniqueness plugin
  27.   [13/41]: configuring uuid plugin
  28.   [14/41]: configuring modrdn plugin
  29.   [15/41]: configuring DNS plugin
  30.   [16/41]: enabling entryUSN plugin
  31.   [17/41]: configuring lockout plugin
  32.   [18/41]: configuring topology plugin
  33.   [19/41]: creating indices
  34.   [20/41]: enabling referential integrity plugin
  35.   [21/41]: configuring certmap.conf
  36.   [22/41]: configure new location for managed entries
  37.   [23/41]: configure dirsrv ccache
  38.   [24/41]: enabling SASL mapping fallback
  39.   [25/41]: restarting directory server
  40.   [26/41]: creating DS keytab
  41.   [27/41]: ignore time skew for initial replication
  42.   [28/41]: setting up initial replication
  43. Starting replication, please wait until this has completed.
  44. Update in progress, 6 seconds elapsed
  45. Update succeeded
  46.  
  47.   [29/41]: prevent time skew after initial replication
  48.   [30/41]: adding sasl mappings to the directory
  49.   [31/41]: updating schema
  50.   [32/41]: setting Auto Member configuration
  51.   [33/41]: enabling S4U2Proxy delegation
  52.   [34/41]: initializing group membership
  53.   [35/41]: adding master entry
  54.   [36/41]: initializing domain level
  55.   [37/41]: configuring Posix uid/gid generation
  56.   [38/41]: adding replication acis
  57.   [39/41]: activating sidgen plugin
  58.   [40/41]: activating extdom plugin
  59.   [41/41]: configuring directory to start on boot
  60. Done configuring directory server (dirsrv).
  61. Configuring Kerberos KDC (krb5kdc)
  62.   [1/5]: configuring KDC
  63.   [2/5]: adding the password extension to the directory
  64.   [3/5]: creating anonymous principal
  65.   [4/5]: starting the KDC
  66.   [5/5]: configuring KDC to start on boot
  67. Done configuring Kerberos KDC (krb5kdc).
  68. Configuring kadmin
  69.   [1/2]: starting kadmin
  70.   [2/2]: configuring kadmin to start on boot
  71. Done configuring kadmin.
  72. Configuring directory server (dirsrv)
  73.   [1/3]: configuring TLS for DS instance
  74.   [error] RuntimeError: Certificate issuance failed (CA_REJECTED)
  75. Your system may be partly configured.
  76. Run /usr/sbin/ipa-server-install --uninstall to clean up.
  77.  
  78. ipapython.admintool: ERROR    Certificate issuance failed (CA_REJECTED)
  79. ipapython.admintool: ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more in
  80. formation
  81. [root@freeipa-2 fedora]# ipa-getcert list
  82. Number of certificates and requests being tracked: 1.
  83. Request ID '20180525141223':
  84.         status: CA_REJECTED
  85.         ca-error: Server at https://freeipa-2.lab.lan/ipa/xml failed request, will retry: -504 (HTTP POST to URL 'htt
  86. ps://freeipa-2.lab.lan/ipa/xml' failed.  libcurl failed even to execute the HTTP transaction, explaining:  Failed to
  87. connect to freeipa-2.lab.lan port 443: Connection refused).
  88.         stuck: yes
  89.         key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-LAB-LAN',nickname='Server-Cert',token='NSS Certifica
  90. te DB',pinfile='/etc/dirsrv/slapd-LAB-LAN/pwdfile.txt'
  91.         certificate: type=NSSDB,location='/etc/dirsrv/slapd-LAB-LAN',nickname='Server-Cert'
  92.         CA: IPA
  93.         issuer:
  94.         subject:
  95.         expires: unknown
  96.         pre-save command:
  97.         post-save command: /usr/libexec/ipa/certmonger/restart_dirsrv LAB-LAN
  98.         track: yes
  99.         auto-renew: yes
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top