Hi, Can you paste the logs from ipa-ca-install? They may help understand if the command failed while creating the keytab or while using it. flo
On Thu, Jun 26, 2025 at 10:08 AM Andreas Binapfl via FreeIPA-users < [email protected]> wrote: > All machines use > ipa --version > VERSION: 4.12.2, API_VERSION: 2.254 > > OracleLinux9 for all of them (i also tried OEL10 for the new server. Same > behavior) > 5.15.0-309.180.4.el9uek.x86_64 > > When i run journaltl and grep for ipa i do not get an error when i install > the ca > (The only error is a step before while installing replica " ERR - > ipa-topology-plugin - ipa_topo_util_get_entry: unable to read entry > (cn=S3.pns.local-to-S1.DOMAIN.LOCAL,cn=domain,cn=topology,cn=ipa,cn=etc,dc=pnd,dc=local): > error 32") > > ipareplica-ca-install on S3 only shows some errors not finding some > certificates, followed by importing them. > pki-ca-spawn look similar. Directory Server CA cert not found, followed by > importing it. > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
