Upon a FreeIPA Replica install, I am failing at: Configuring Kerberos KDC: Estimated time 30 seconds [1/9]: adding sasl mappings to the directory [2/9]: writing stash file from DS [3/9]: configuring KDC [4/9]: creating a keytab for the directory [5/9]: creating a keytab for the machine [6/9]: adding the password extension to the directory [7/9]: enable GSSAPI for replication creation of replica failed: list index out of range
Per an IRC session with Rich, it looks like ldap/[email protected]<mailto:ldap/[email protected]> is not being created at all... So when the replica slave goes to search for it, it yields an empty list and throws the python exception... Does anyone know how and when that principal should be getting created/inserted? The /var/log/ipareplica-install.log: <snipit> 2011-11-17 12:50:14,708 DEBUG stderr=ldap_initialize( ldap://authdev1.qai.example.com ) 2011-11-17 12:50:14,708 DEBUG duration: 0 seconds 2011-11-17 12:50:14,708 DEBUG [7/9]: enable GSSAPI for replication 2011-11-17 12:50:14,746 INFO Changing agreement cn=meToauthdev2.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch 2011-11-17 12:50:15,756 INFO Changing agreement cn=meToauthdev2.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config to restore original schedule 0000-2359 0123456 2011-11-17 12:50:16,787 INFO Replication Update in progress: FALSE: status: -1 Incremental update has failed and requires administrator actionSystem error: start: 0: end: 0 2011-11-17 12:50:16,791 INFO Changing agreement cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch 2011-11-17 12:50:17,802 INFO Changing agreement cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config to restore original schedule 0000-2359 0123456 2011-11-17 12:50:18,816 INFO Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 20111110000049Z: end: 20111110000049Z 2011-11-17 12:50:18,865 DEBUG list index out of range File "/usr/sbin/ipa-replica-install", line 483, in <module> main() File "/usr/sbin/ipa-replica-install", line 444, in main install_krb(config, setup_pkinit=options.setup_pkinit) File "/usr/sbin/ipa-replica-install", line 156, in install_krb setup_pkinit, pkcs12_info) File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", line 212, in create_replica self.start_creation("Configuring Kerberos KDC", 30) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 248, in start_creation method() File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", line 553, in __convert_to_gssapi_replication r_bindpw=self.dm_password) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 798, in convert_to_gssapi_replication self.gssapi_update_agreements(self.conn, r_conn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 532, in gssapi_update_agreements self.setup_krb_princs_as_replica_binddns(a, b) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 525, in setup_krb_princs_as_replica_binddns mod = [(ldap.MOD_ADD, "nsds5replicabinddn", a_pn[0].dn)] The Master server dirsrv access log: [09/Nov/2011:15:39:44 -0800] conn=28 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication manager,cn=config" [09/Nov/2011:15:39:44 -0800] conn=28 op=2 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [09/Nov/2011:15:39:44 -0800] conn=28 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:39:44 -0800] conn=28 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [09/Nov/2011:15:39:44 -0800] conn=28 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:39:44 -0800] conn=28 op=4 EXT oid="2.16.840.1.113730.3.5.12" [09/Nov/2011:15:39:44 -0800] conn=28 op=4 RESULT err=0 tag=120 nentries=0 etime=0 [09/Nov/2011:15:40:00 -0800] conn=29 fd=76 slot=76 SSL connection from 10.230.6.100 to 10.230.6.96 [09/Nov/2011:15:40:00 -0800] conn=29 SSL 256-bit AES [09/Nov/2011:15:40:00 -0800] conn=29 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [09/Nov/2011:15:40:00 -0800] conn=29 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [09/Nov/2011:15:40:00 -0800] conn=29 op=1 SRCH base="cn=config,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-directory" [09/Nov/2011:15:40:00 -0800] conn=29 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:40:01 -0800] conn=28 op=5 UNBIND [09/Nov/2011:15:40:01 -0800] conn=28 op=5 fd=75 closed - U1 [09/Nov/2011:15:40:01 -0800] conn=30 fd=75 slot=75 connection from 10.230.6.100 to 10.230.6.96 [09/Nov/2011:15:40:01 -0800] conn=30 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [09/Nov/2011:15:40:01 -0800] conn=30 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [09/Nov/2011:15:40:01 -0800] conn=30 SSL 256-bit AES [09/Nov/2011:15:40:01 -0800] conn=30 op=1 BIND dn="cn=replication manager,cn=config" method=128 version=3 [09/Nov/2011:15:40:01 -0800] conn=30 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication manager,cn=config" [09/Nov/2011:15:40:01 -0800] conn=30 op=2 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [09/Nov/2011:15:40:01 -0800] conn=30 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:40:01 -0800] conn=30 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [09/Nov/2011:15:40:01 -0800] conn=30 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:40:01 -0800] conn=30 op=4 EXT oid="2.16.840.1.113730.3.5.12" [09/Nov/2011:15:40:01 -0800] conn=30 op=4 RESULT err=0 tag=120 nentries=0 etime=0 [09/Nov/2011:15:40:02 -0800] conn=29 op=2 SRCH base="cn=config" scope=2 filter="(&(nsDS5ReplicaHost=authdev1.qai.example.com)(|(objectClass=nsDSWindowsReplicationAgreement)(objectClass=nsds5ReplicationAgreement)))" attrs=ALL [09/Nov/2011:15:40:02 -0800] conn=29 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:40:02 -0800] conn=29 op=3 MOD dn="cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" [09/Nov/2011:15:40:02 -0800] conn=29 op=3 RESULT err=0 tag=103 nentries=0 etime=0 [09/Nov/2011:15:40:03 -0800] conn=29 op=4 MOD dn="cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" [09/Nov/2011:15:40:03 -0800] conn=29 op=4 RESULT err=0 tag=103 nentries=0 etime=0 [09/Nov/2011:15:40:04 -0800] conn=29 op=5 SRCH base="cn=meToauthdev1.qai.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="cn nsds5replicaUpdateInProgress nsds5replicaLastUpdateStatus nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd" [09/Nov/2011:15:40:04 -0800] conn=29 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:40:04 -0800] conn=29 op=6 SRCH base="dc=example,dc=com" scope=2 filter="(krbPrincipalName=ldap/[email protected]<mailto:krbPrincipalName=ldap/[email protected]>)" attrs=ALL [09/Nov/2011:15:40:04 -0800] conn=29 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [09/Nov/2011:15:40:04 -0800] conn=29 op=7 UNBIND [09/Nov/2011:15:40:04 -0800] conn=29 op=7 fd=76 closed - U1 [09/Nov/2011:15:40:08 -0800] conn=30 op=5 UNBIND [09/Nov/2011:15:40:08 -0800] conn=30 op=5 fd=75 closed - U1 [09/Nov/2011:15:40:08 -0800] conn=31 fd=75 slot=75 connection from 10.230.6.100 to 10.230.6.96 [09/Nov/2011:15:40:08 -0800] conn=31 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [09/Nov/2011:15:40:08 -0800] conn=31 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [09/Nov/2011:15:40:08 -0800] conn=31 SSL 256-bit AES [09/Nov/2011:15:40:08 -0800] conn=31 op=1 BIND dn="cn=replication manager,cn=config" method=128 version=3 [09/Nov/2011:15:40:08 -0800] conn=31 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication manager,cn=config" [09/Nov/2011:15:40:08 -0800] conn=31 op=2 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [09/Nov/2011:15:40:08 -0800] conn=31 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:40:08 -0800] conn=31 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [09/Nov/2011:15:40:08 -0800] conn=31 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [09/Nov/2011:15:40:08 -0800] conn=31 op=4 EXT oid="2.16.840.1.113730.3.5.12" [09/Nov/2011:15:40:08 -0800] conn=31 op=4 RESULT err=0 tag=120 nentries=0 etime=0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jr Aquino, GCIH, GWAPT | Sr. Information Security Specialist Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 T: +1 805.690.3478 [email protected]<mailto:[email protected]> http://www.citrixonline.com [cid:[email protected]] Access Your PC or Mac From Anywhere: www.gotomypc.com Online Meetings Made Easy: www.gotomeeting.com Web Events Made Easy: www.gotowebinar.com Remote Support Made Easy: www.gotoassist.com
<<inline: image001.jpg>>
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
