-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Well it hasn't been all the pretty trying to move from RHEL 6.5 to RHEL 7.
I have two servers providing my ipa instances ipa and ipa2. Given that I don't have a great deal of spare capacity the plan was to remove ipa2 from the replication agreement, modify DNS so that only IPA was available in SRV logs (IPA does not manage DNS at this point, was waiting for DNSSEC). As well, I would change my sudo-ldap config files to point to ipa and remove ipa2. Well that all worked well, installed RHEL 7 on the system and began working through the steps in the upgrade guide. First major problem was running into this bug: https://fedorahosted.org/freeipa/ticket/4375 ValueError: nsDS5ReplicaId has 2 values, one expected. Went and patched the replication.py file to get around that issue, and we moved on. Next up is my current issue: Exception from Java Configuration Servlet: Clone does not have all the required certificates. I suspect this is because I am running the CA as a subordinate to an AD CS instance, but I am unsure at this point. It has been a haul to get here, despite the short explanation. It seems that my primary ipa instance is working on only a hit or miss basis for kerberos tickets which has made all this a bit of a pain. You can kinit as admin once it will fail unable to find KDC, try again another three times, it will work. I have even modified the krb5.conf file to point directly at the server, thus bypassing DNS SRV lookups, however, that hasn't worked. Point is, any help would be appreciated on the aforementioned error. - -Erinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJT1EbkAAoJEFg7BmJL2iPOscwH/1ghb+CrY0raAanuTGbITL7R eTuJKEPbHB3bfSo0Qt3gBKsOQiCo3vsX26LqmKVOPudNUlI4G49kqqPfrUjxoBuN XrCRWcInTKA0pfzPuIKzueSinYR+d1x48J2tJkMovdYJwn8VaYoxadYaBFinj8/X UFTBr7QWH0HO+/gIhyvfA5/V/0OHqNa+EbVuu61FlfjxYNSYLKPU2UDhXeV0T9DJ R9MgeEPh7XUdhhiAIV9ccyqchS1kzWKALEetNJNDdZafuAhQOY/5LNyPYiZ8CVu4 yX3875zp4Rz8EDud9vVTfMTWGONVJ5LsEnr5NtBAyfDW5R8SM5HQUVI46vlsaJw= =CJP5 -----END PGP SIGNATURE----- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
