On 12/5/18 3:12 PM, Marc Wiatrowski wrote:
hello flo,
I attached the log to only you... Wasn't sure if there was anything in
there that wasn't ok to go to the whole list.
Hi Marc,
(adding the list in cc)
indeed the error happens in a code path that wasn't fixed. Could you
open a new pagure ticket (
https://pagure.io/freeipa/new_issue)? Please
attach the end of the logs, after the line
[28/41]: setting up initial replication
(you can replace your domain name with XX).
thanks,
flo
thanks for looking!
Marc
On Wed, Dec 5, 2018 at 3:55 AM Florence Blanc-Renaud <flo(a)redhat.com
<mailto:flo@redhat.com>> wrote:
On 12/4/18 9:55 PM, Marc Wiatrowski via FreeIPA-users wrote:
> I'm trying to migrate a CentOS 6 IPA setup to CentOS 7. Both
are fully
> updated CentOS 6.10 (ipa-server-3.0.0-51) and CentOS 7.6
> (ipa-server-4.6.4-10)
>
> I've been following:
>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
>
> I ran copy-schema-to-ca.py on centos6 and created the replica
info file
> without any issues. But then:
>
> [root@centos7]$ ipa-replica-install
> /var/lib/ipa/replica-info-centos7.gpg --setup-ca --ip-address
> 192.168.1.1 --setup-dns --no-forwarders
> Directory Manager (existing master) password:
>
> Run connection check to master
> admin(a)DOMAIN.NET <mailto:admin@DOMAIN.NET>
<mailto:admin@DOMAIN.NET <mailto:admin@DOMAIN.NET>> password:
> Connection check OK
> Adding [192.168.1.1
centos7.domain.net
<
http://centos7.domain.net> <
http://centos7.domain.net>] to
> your /etc/hosts file
> Configuring NTP daemon (ntpd)
> [1/4]: stopping ntpd
> [2/4]: writing configuration
> [3/4]: configuring ntpd to start on boot
> [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server (dirsrv). Estimated time: 30 seconds
> [1/41]: creating directory server instance
> [2/41]: enabling ldapi
> ....
> [27/41]: ignore time skew for initial replication
> [28/41]: setting up initial replication
> [error] DatabaseError: Server is unwilling to perform:
modification
> of attribute nsds5replicabinddngroupcheckinterval is not allowed in
> replica entry
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> ipapython.admintool: ERROR Server is unwilling to perform:
> modification of attribute nsds5replicabinddngroupcheckinterval is
not
> allowed in replica entry
> ipapython.admintool: ERROR The ipa-replica-install command
failed.
> See /var/log/ipareplica-install.log for more information
>
> centos6:/var/log/dirsrv/slapd/errors:
> [04/Dec/2018:14:58:13 -0500] NSMMReplicationPlugin -
> replica_config_modify: modification of attribute
> nsds5replicabinddngroupcheckinterval is not allowed in replica entry
>
> The ipareplica-install.log contains the same errors at the end.
I have
> googled and seen similar issues but the solutions span from fixed
> already in a previous release to not having an answer in the
thread. It
> appears CentOS 6 shouldn't have this attribute and that should be
ok?
> but fails all the same.
>
> Any suggestions?
Hi Marc,
can you provide the full content of ipareplica-install.log? The exact
stack trace will help me check if we forgot some places when fixing the
issue.
Thanks,
flo
> Thank you in advance,
> Marc
>
> _______________________________________________
> FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>