I'm trying to add a replica but it's failing on step "[23/38]: creating DS
keytab" with:
[error] CalledProcessError: CalledProcessError(Command ['/usr/sbin/ipa-getkeytab',
'-k', '/etc/dirsrv/ds.keytab', '-p',
'ldap/server.example.com(a)EXAMPLE.COM', '-H',
'ldaps://server-staging.example.com'] returned non-zero exit status 9: 'Failed
to parse result: Insufficient access rights\n\nRetrying with pre-4.0 keytab retrieval
method…\nFailed to parse result: Insufficient access rights\n\nFailed to get
keytab!\nFailed to get keytab\n')
This is trying to add back an ipa server that was previously removed (for O/S major
version upgrade per the supported upgrade/migration process). Maybe the previous removal
was not complete?
After running the recommended --uninstall and then examining the principals in the master
server, I see an ldap/server.example.com(a)EXAMPLE.COM still remaining. Surely that should
not be there, correct?
So I tried to remove it, but that gave yet another error:
missing attribute "krbPrincipalName" required by object class
"ipaKrbPrincipal"
and logged the error:
ERR - oc_check_required - Entry
"krbprincipalname=ldap/server.example.com(a)EXAMPLE.COM,cn=services,cn=accounts,dc=interlinx,dc=bc,dc=ca"
missing attribute "krbPrincipalName" required by object class
"ipaKrbPrincipal"
in the journal.
So how to proceed now?
Show replies by date