george he wrote:
Hello, I re-installed fedora 17 on my machine, did "yum update", and then tried to install ipa-replica on myreplica. I got the same error message as before:# ipa-replica-install --setup-ca /var/lib/ipa/replica-info-myreplica.gpg [24/30]: enabling S4U2Proxy delegation ipa : CRITICAL Failed to load replica-s4u2proxy.ldif: Command '/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpj3jpOC -x -D cn=Directory Manager -y /tmp/tmpXfgq7D' returned non-zero exit status 1 [25/30]: initializing group membership [26/30]: adding master entry ipa : CRITICAL Failed to load master-entry.ldif: Command '/usr/bin/ldapmodify -h myreplica -v -f /tmp/tmpjAXJjq -x -D cn=Directory Manager -y /tmp/tmpHEZmhv' returned non-zero exit status 1 [27/30]: configuring Posix uid/gid generation creation of replica failed: entry=dn: cn=CA,cn=my.replica.edu,cn=masters,cn=ipa,cn=etc,dc=my,dc=replica,dc=edu cn: CA ipaconfigstring: enabledService ipaconfigstring: startOrder 50 objectclass: nsContainer objectclass: ipaConfigObject Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. The same error message was displayed after running /usr/sbin/ipa-server-install --uninstall and then re-run the installation. Here is what at the end of /var/log/ipareplica-install.log: File "/sbin/ipa-replica-install", line 494, in <module> main() File "/sbin/ipa-replica-install", line 437, in main util.realm_to_suffix(config.realm_name)) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 311, in ldap_enable self.admin_conn.addEntry(entry) File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 496, in addEntry self.__handle_errors(e, arg_desc=arg_desc) File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 312, in __handle_errors raise errors.NotFound(reason=arg_desc) Any suggestions?
It would appear the previous uninstall didn't remove the CA. Did you have to run pkiremove in order to get the CA to install the second go-around?
What I would do is do the uninstall again. Do an ldapsearch on cn=my.replica.edu,cn=masters,cn=ipa,cn=etc,dc=my,dc=replica,dc=edu on another master and confirm that it is empty. If it isn't then use ldapdelete to remove that entry and its children.
Then verify that the CA is gone, see if /var/lib/pki-ca exists. If it does use pkiremove to delete the instance.
I think the next install will work. I believe the replica-s4u2proxy failure can be ignored, we have a ticket open on that.
rob _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
