First I'll undo the oVirt/FreeIPA relationship: # engine-manage-domains -action=delete -domain=hackunix.org ... Manage Domains completed successfully
# service ovirt-engine restart oVirt works with internal domain and admin user. Now let's uninstall FreeIPA: # pkidestroy -s CA -i pki-tomcat Loading deployment configuration from /var/lib/pki/pki-tomcat/ca/registry/ca/deployment.cfg. Uninstalling CA from /var/lib/pki/pki-tomcat. pkidestroy : WARNING ....... this 'CA' entry may not be registered with security domain 'IPA'! pkidestroy : ERROR ....... updateDomainXML FAILED to delete this 'CA' entry from security domain 'IPA': '' Uninstallation complete. # rm -rf /var/log/pki/pki-tomcat # rm -rf /etc/sysconfig/pki-tomcat # rm -rf /etc/sysconfig/pki/tomcat/pki-tomcat # rm -rf /var/lib/pki/pki-tomcat # rm -rf /etc/pki/pki-tomcat # ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Unconfiguring CA ipa : CRITICAL failed to uninstall CA instance Command '/usr/sbin/pkidestroy -i pki-tomcat -s CA' returned non-zero exit status 255 Unconfiguring named Unconfiguring web server Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server Unconfiguring ipa_memcached # ipa-server-install I choose BIND integration, set my hostname, and now I get a new error: Server host name [localhost.localdomain]: ds1.hackunix.org [Errno 1] Unknown host So now I'm thinking that besides mucking with minssf I also turned on DNS for my domain, but everything in DNS should match what I started out with in /etc/hosts... Let me read what the install script is expecting here... brb On Tue, May 7, 2013 at 10:04 PM, Derek Moore <derek.p.mo...@gmail.com>wrote: > > > Did you restart all IPA services including KDC after you changed the > minssf? > > Yes, tried many combinations of restarts and reboots trying to undo the > breakage. > > I found a similar thread on here ("sudden ipa errors") where someone spent > a lot of time debugging when suddenly RH support came back with an odd fix > to krb5kdc.conf that doesn't apply to me since I'm not using a subdomain > for the realm. > > Let me start over documenting the ipa steps better, I had to patch a few > things along the way to get it to work (like the .pki to .dogtag problem on > install). > > I'll report back...
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel