Hi! My primary IPA-server is severely damaged. It is an old server, updated and updated and updated through time (anaconda-ks.cfg is 4 Dec 2014). I run Fedora-33 (now).
Because the installation is broken on several parts (missing certs, odd tomcat issues), I thought, lets replicate and reinstall and start over fresh-ish. New machine, ipa-replica install goes smooth for about an hour (or so) and burns down: The ipa-replica-install command failed, exception: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', '[email protected]'] returned non-zero exit status 1: 'Job for [email protected] failed because a timeout was exceeded.\nSee "systemctl status [email protected]" and "journalctl -xe" for details.\n') CalledProcessError(Command ['/bin/systemctl', 'start', '[email protected]'] returned non-zero exit status 1: 'Job for [email protected] failed because a timeout was exceeded.\nSee "systemctl status [email protected]" and "journalctl -xe" for details.\n') The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information (install log attached). Inspecting the tomcat-ca log i see: 2021-02-25 13:07:18 [main] INFO: PluginRegistry: Loading plugin registry from /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2021-02-25 13:07:18 [main] SEVERE: LdapBoundConnFactory: Unable to connect to LDAP server: Authentication failed netscape.ldap.LDAPException: Authentication failed (49) Yes, this is one of the issues I had with the main server. Somehow not trusting the tomcat client-cert anymore. Ended up with doing password auth without ssl. Is there a way to repair this, or trick the server into doing this. Or should I do a fresh start? Kind regards, Arjen Heidinga
debug.2021-02-25.log.xz
Description: application/xz
ipareplica-install.log.xz
Description: application/xz
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
