Hello,I'm reinstalling a replica FreeIPA server in a CA-less environment. I'm looked online and found: https://www.redhat.com/archives/freeipa-users/2016-December/msg00391.html which is similar (or exactly the problem), but theres no solid resolution. I recopied /etc/ipa/ca.crt to the new server from an existing ipa server. [root@cro-lv-ipa-01 log]# ipa --version VERSION: 4.5.0, API_VERSION: 2.228 [root@cro-lv-ipa-01 log]# cat /etc/centos-release CentOS Linux release 7.4.1708 (Core)
Not sure what to do. Really appreciate any help. Many thanksJames
Below is a snip from log files:Dec 14 15:34:34 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:34.546670082 +0000] - NOTICE - NSMMReplicationPlugin - multimaster_be_state_change - Replica dc=int,dc=DOMAIN,dc=com is going offline; disabling replication Dec 14 15:34:34 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:34.756581200 +0000] - INFO - dblayer_instance_start - Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database Dec 14 15:34:35 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 1 Dec 14 15:34:35 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 2 Dec 14 15:34:35 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 3 Dec 14 15:34:37 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:37.608407982 +0000] - INFO - import_monitor_threads - import userRoot: Workers finished; cleaning up... Dec 14 15:34:37 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:37.845823301 +0000] - INFO - import_monitor_threads - import userRoot: Workers cleaned up. Dec 14 15:34:37 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:37.862303717 +0000] - INFO - import_main_offline - import userRoot: Indexing complete. Post-processing... Dec 14 15:34:37 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:37.879128392 +0000] - INFO - import_main_offline - import userRoot: Generating numsubordinates (this may take several minutes to complete)... Dec 14 15:34:37 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:37.926416316 +0000] - INFO - import_main_offline - import userRoot: Generating numSubordinates complete. Dec 14 15:34:37 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:37.937805159 +0000] - INFO - ldbm_get_nonleaf_ids - import userRoot: Gathering ancestorid non-leaf IDs... Dec 14 15:34:37 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:37.954558879 +0000] - INFO - ldbm_get_nonleaf_ids - import userRoot: Finished gathering ancestorid non-leaf IDs. Dec 14 15:34:37 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:37.988095437 +0000] - INFO - ldbm_ancestorid_new_idl_create_index - import userRoot: Creating ancestorid index (new idl)... Dec 14 15:34:38 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:38.037871941 +0000] - INFO - ldbm_ancestorid_new_idl_create_index - import userRoot: Created ancestorid index (new idl). Dec 14 15:34:38 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:38.054977988 +0000] - INFO - import_main_offline - import userRoot: Flushing caches... Dec 14 15:34:38 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:38.071740106 +0000] - INFO - import_main_offline - import userRoot: Closing files... Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.087512816 +0000] - INFO - import_main_offline - import userRoot: Import complete. Processed 2258 entries in 5 seconds. (451.60 entries/sec) Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.108388854 +0000] - ERR - ipa-topology-plugin - ipa_topo_be_state_change - backend userRoot is coming online; checking domain level and init shared topology Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.144415357 +0000] - NOTICE - NSMMReplicationPlugin - multimaster_be_state_change - Replica dc=int,dc=DOMAIN,dc=com is coming online; enabling replication Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 1 Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.194223235 +0000] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=int,dc=DOMAIN,dc=com--no CoS Templates found, which should be added before the CoS Definition. Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 1 Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 1 Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 1 Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.216305850 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI client step 2 Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.241702245 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.266861361 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.292000163 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.317009177 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.342161229 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.367108163 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.392166650 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.417292219 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.442364745 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.467486445 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.492482419 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.517678450 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.542783571 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.567929627 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.592914991 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.631596834 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.651414870 +0000] - ERR - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=int,dc=DOMAIN,dc=com does not exist Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.763358682 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding the replication changelog RUV, this may take several minutes... Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.785332575 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding replication changelog RUV complete. Result 0 (Success) Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.818877061 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding the replication changelog RUV, this may take several minutes... Dec 14 15:34:39 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:34:39.852136491 +0000] - NOTICE - NSMMReplicationPlugin - changelog program - _cl5ConstructRUV - Rebuilding replication changelog RUV complete. Result 0 (Success) Dec 14 15:34:40 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 1 Dec 14 15:34:40 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 2 Dec 14 15:34:40 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: GSSAPI server step 3 Dec 14 15:35:00 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:35:00.564199045 +0000] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: server configuration missing Dec 14 15:35:00 cro-lv-ipa-01.int.DOMAIN.com ns-slapd[19065]: [14/Dec/2017:15:35:00.589577811 +0000] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: cannot create replica
freeipa-users@lists.fedorahosted.org