I have a FreeIPA install with three server replicas that was originally setup a couple years ago and, over time, has been upgraded to 4.2.4 on Fedora 23.
I'm trying to add a fourth replica and it's failing in two places (depending on whether I enable the CA or not). I'm assuming the problem is that one of the upgrades didn't quite go right, and my install is now missing something required for replication, but that's just a guess. Without --setup-ca: Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds [1/8]: adding sasl mappings to the directory [2/8]: configuring KDC [3/8]: creating a keytab for the directory [error] CalledProcessError: Command ''kadmin.local' '-q' 'addprinc -randkey ldap/[email protected]' '-x' 'ipa-setup-override- restrictions'' returned non-zero exit status 1 Looking at the logs, the error is: 2016-09-06T08:46:47Z DEBUG Process finished, return code=1 2016-09-06T08:46:47Z DEBUG stdout=Authenticating as principal root/admi [email protected] with password. 2016-09-06T08:46:47Z DEBUG stderr=kadmin.local: No such entry in the database while initializing kadmin.local interface Full logs at: http://lesloueizeh.com/jdieter/ipareplica-install-1.log With --setup-ca: Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/23]: creating certificate server user ... [15/23]: authorizing RA to modify profiles [error] EmptyResult: no matching entry found Full logs at: http://lesloueizeh.com/jdieter/ipareplica-install-2.log -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
