I need a fix to this problem. Or some help on what may be wrong with what I am doing. Thanks!
[29/41]: prevent time skew after initial replication ipaserver.install.service: CRITICAL Failed to load replica-prevent-time-skew.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpejRVaN -H ldapi://%2Fvar%2Frun%2Fslapd-SUBITOHQ-IT.socket -Y EXTERNAL' returned non-zero exit status 50 [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpejRVaN -H ldapi://%2Fvar%2Frun%2Fslapd-SUBITOHQ-IT.socket -Y EXTERNAL' returned non-zero exit status 50 Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
IPA VERSION - VERSION: 4.6.5, API_VERSION: 2.231 - BOTH MASTER SRV - CentosCentOS Linux release 7.7.1908 (Core) REPLICA SRV - CentOS Linux release 7.7.1908 (Core)
Fails on replica installation
Successful replica installation
ON MASTER:
ipa-server-4.6.5-11.el7.centos.3.x86_64 ipa-client-4.6.5-11.el7.centos.3.x86_64 389-ds-base-1.3.9.1-10.el7.x86_64 pki-ca-10.5.16-5.el7_7.noarch krb5-server-1.15.1-37.el7_7.2.x86_64
ON SRV REPLICA:
ipa-server-4.6.5-11.el7.centos.3.x86_64 ipa-client-4.6.5-11.el7.centos.3.x86_64 389-ds-base-1.3.9.1-12.el7_7.x86_64 pki-ca-10.5.16-5.el7_7.noarch krb5-server-1.15.1-37.el7_7.2.x86_64
PREPARE REPLICA SERVER TO CONNECT AND INSTALL TO MASTER SRV
[root@ipa-replica ~]# yum install -y freeipa-server ........... Installed: ipa-server.x86_64 0:4.6.5-11.el7.centos.3 ipa-client-install --domain=XXXX.it --realm=XXXX.IT --server=ipa.XXXX.it Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: yes Client hostname: ipa-replica.XXXX.it Realm: XXXX.IT DNS Domain: XXXX.it IPA Server: ipa.XXXX.it BaseDN: dc=XXXX,dc=it
Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds User authorized to enroll computers: admin Password for admin@XXXX.IT: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=XXXX.IT Issuer: CN=Certificate Authority,O=XXXX.IT Valid From: 2019-11-06 15:37:52 Valid Until: 2039-11-06 15:37:52
Enrolled in IPA realm XXXX.IT Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm XXXX.IT trying https://ipa.XXXX.it/ipa/json
trying https://ipa.XXXX.it/ipa/session/json
Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring XXXX.it as NIS domain. Client configuration complete. The ipa-client-install command was successful [root@ipa-replica ~]# ipa hostgroup-find ipa: ERROR: did not receive Kerberos credentials [root@ipa-replica ~]# kinit admin Password for admin@XXXX.IT: [root@ipa-replica ~]# ipa hostgroup-find
1 hostgroup matched
Host-group: ipaservers Description: IPA server hosts
Number of entries returned 1
[root@ipa-replica ~]# ipa host-find
2 hosts matched
Host name: ipa-replica.XXXX.it Principal name: host/ipa-replica.XXXX.it@XXXX.IT Principal alias: host/ipa-replica.XXXX.it@XXXX.IT SSH public key fingerprint: SHA256:tWDXd+O9oSK093tsRjOsRsEIzLNhcOgV3BQa4AbNYUw (ssh-rsa), SHA256:gOey5xX34MZfA2/z/6C/gs7AYwywo/M+FoqanI+09sc (ecdsa-sha2-nistp256), SHA256:eJAql0eAMk0K94VWpAL+5Wz5UBRBiSMDibK9w2FIlKc (ssh-ed25519)
Host name: ipa.XXXX.it Principal name: host/ipa.XXXX.it@XXXX.IT Principal alias: host/ipa.XXXX.it@XXXX.IT SSH public key fingerprint: SHA256:Y1qGK6mRlvvuVHTq0bupf8AOT35k8di7gRzi58/BOl8 (ssh-rsa), SHA256:mAYlfPzGc8Krs78gPb99VF2/zi/IkUIQFG8sZdZLcl8 (ecdsa-sha2-nistp256), SHA256:rKzJs6KhhjhnqNNT0E6dBfMZHO+zFBLoUiRaNvhvxqY (ssh-ed25519)
Number of entries returned 2
[root@ipa-replica ~]# ipa-replica-install Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 30 seconds [1/41]: creating directory server instance [2/41]: enabling ldapi [3/41]: configure autobind for root [4/41]: stopping directory server [5/41]: updating configuration in dse.ldif [6/41]: starting directory server [7/41]: adding default schema [8/41]: enabling memberof plugin [9/41]: enabling winsync plugin [10/41]: configuring replication version plugin [11/41]: enabling IPA enrollment plugin [12/41]: configuring uniqueness plugin [13/41]: configuring uuid plugin [14/41]: configuring modrdn plugin [15/41]: configuring DNS plugin [16/41]: enabling entryUSN plugin [17/41]: configuring lockout plugin [18/41]: configuring topology plugin [19/41]: creating indices [20/41]: enabling referential integrity plugin [21/41]: configuring certmap.conf [22/41]: configure new location for managed entries [23/41]: configure dirsrv ccache [24/41]: enabling SASL mapping fallback [25/41]: restarting directory server [26/41]: creating DS keytab [27/41]: ignore time skew for initial replication [28/41]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 3 seconds elapsed Update succeeded
[29/41]: prevent time skew after initial replication ipaserver.install.service: CRITICAL Failed to load replica-prevent-time-skew.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-XXXX-IT.socket -Y EXTERNAL' returned non-zero exit status 50 [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-XXXX-IT.socket -Y EXTERNAL' returned non-zero exit status 50 Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipapython.admintool: ERROR Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-XXXX-IT.socket -Y EXTERNAL' returned non-zero exit status 50 ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
2020-01-16T09:18:19Z DEBUG Logging to /var/log/ipareplica-install.log 2020-01-16T09:18:19Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'skip_schema_check': False, 'no_ntp': False, 'hidden_replica': False, 'ip_addresses': None, 'secondary_rid_base': None, 'netbios_name': None, 'mkhomedir': False, 'http_cert_files': None, 'no_pkinit': False, 'principal': None, 'no_forwarders': False, 'add_sids': False, 'keytab': None, 'ssh_trust_dns': False, 'no_msdcs': False, 'setup_kra': False, 'domain_name': None, 'setup_adtrust': False, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': False, 'no_reverse': False, 'pkinit_cert_files': None, 'unattended': False, 'skip_conncheck': False, 'auto_reverse': False, 'auto_forwarders': False, 'no_host_dns': False, 'dirsrv_cert_name': None, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'forwarders': None, 'verbose': False, 'setup_ca': False, 'servers': None, 'pkinit_cert_name': None, 'no_ssh': False, 'enable_compat': False, 'add_agents': False, 'realm_name': None, 'force_join': False, 'no_sshd': False, 'forward_policy': None, 'rid_base': None, 'quiet': False, 'setup_dns': False, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'allow_zone_overlap': False} 2020-01-16T09:18:19Z DEBUG IPA version 4.6.5-11.el7.centos.3 2020-01-16T09:18:19Z DEBUG Searching for an interface of IP address: ::1 2020-01-16T09:18:19Z DEBUG Testing local IP address: ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (interface: lo) 2020-01-16T09:18:19Z DEBUG Starting external process 2020-01-16T09:18:19Z DEBUG args=/usr/sbin/selinuxenabled 2020-01-16T09:18:19Z DEBUG Process finished, return code=0 2020-01-16T09:18:19Z DEBUG stdout= 2020-01-16T09:18:19Z DEBUG stderr= 2020-01-16T09:18:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:19Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2020-01-16T09:18:19Z DEBUG httpd is not configured 2020-01-16T09:18:19Z DEBUG kadmin is not configured 2020-01-16T09:18:19Z DEBUG dirsrv is not configured 2020-01-16T09:18:19Z DEBUG pki-tomcatd is not configured 2020-01-16T09:18:19Z DEBUG install is not configured 2020-01-16T09:18:19Z DEBUG krb5kdc is not configured 2020-01-16T09:18:19Z DEBUG ntpd is not configured 2020-01-16T09:18:19Z DEBUG named is not configured 2020-01-16T09:18:19Z DEBUG filestore is tracking no files 2020-01-16T09:18:19Z DEBUG Starting external process 2020-01-16T09:18:19Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2020-01-16T09:18:19Z DEBUG Process finished, return code=0 2020-01-16T09:18:19Z DEBUG stdout=VirtualHost configuration: *:8443 ipa-replica.xxx.it (/etc/httpd/conf.d/nss.conf:81)
2020-01-16T09:18:19Z DEBUG stderr= 2020-01-16T09:18:19Z DEBUG Starting external process 2020-01-16T09:18:19Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2020-01-16T09:18:19Z DEBUG Process finished, return code=1 2020-01-16T09:18:19Z DEBUG stdout=disabled
2020-01-16T09:18:19Z DEBUG stderr= 2020-01-16T09:18:19Z DEBUG Starting external process 2020-01-16T09:18:19Z DEBUG args=/bin/systemctl is-active chronyd.service 2020-01-16T09:18:19Z DEBUG Process finished, return code=3 2020-01-16T09:18:19Z DEBUG stdout=unknown
2020-01-16T09:18:19Z DEBUG stderr= 2020-01-16T09:18:19Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2020-01-16T09:18:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:19Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2020-01-16T09:18:19Z DEBUG importing all plugin modules in ipaserver.plugins... 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.aci 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.automember 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.automount 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.baseldap 2020-01-16T09:18:19Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.baseuser 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.batch 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.ca 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.caacl 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.cert 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.certmap 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.certprofile 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.config 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.delegation 2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.dns 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.dogtag 2020-01-16T09:18:20Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.group 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbac 2020-01-16T09:18:20Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbactest 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.host 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.idrange 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.idviews 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.internal 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.join 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.ldap2 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.location 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.migration 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.misc 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.netgroup 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.otp 2020-01-16T09:18:20Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.otptoken 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.passwd 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.permission 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.ping 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.pkinit 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.privilege 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.rabase 2020-01-16T09:18:20Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.role 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.schema 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.selfservice 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.server 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.serverrole 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.serverroles 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.service 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.session 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.stageuser 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.sudo 2020-01-16T09:18:20Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.sudorule 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.topology 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.trust 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.user 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.vault 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.virtual 2020-01-16T09:18:20Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.whoami 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2020-01-16T09:18:20Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.dns 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2020-01-16T09:18:21Z DEBUG Check if ipa-replica.xxx.it is a primary hostname for localhost 2020-01-16T09:18:21Z DEBUG Primary hostname for localhost: ipa-replica.xxx.it 2020-01-16T09:18:21Z DEBUG Search DNS for ipa-replica.xxx.it 2020-01-16T09:18:21Z DEBUG Check if ipa-replica.xxx.it is not a CNAME 2020-01-16T09:18:21Z DEBUG Check reverse address of 10.56.7.4 2020-01-16T09:18:21Z DEBUG Found reverse name: ipa-replica.xxx.it 2020-01-16T09:18:21Z DEBUG Check if ipa.xxx.it is a primary hostname for localhost 2020-01-16T09:18:21Z DEBUG Primary hostname for localhost: ipa.xxx.it 2020-01-16T09:18:21Z DEBUG Search DNS for ipa.xxx.it 2020-01-16T09:18:21Z DEBUG Check if ipa.xxx.it is not a CNAME 2020-01-16T09:18:21Z DEBUG Check reverse address of 10.56.7.5 2020-01-16T09:18:21Z DEBUG Found reverse name: ipa.xxx.it 2020-01-16T09:18:21Z DEBUG Initializing principal host/ipa-replica.xxx.it@xxx.IT using keytab /etc/krb5.keytab 2020-01-16T09:18:21Z DEBUG using ccache /tmp/krbcct6yRkx/ccache 2020-01-16T09:18:21Z DEBUG Attempt 1/1: success 2020-01-16T09:18:21Z DEBUG importing all plugin modules in ipaserver.plugins... 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.aci 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.automember 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.automount 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.baseldap 2020-01-16T09:18:21Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.baseuser 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.batch 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.ca 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.caacl 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.cert 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.certmap 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.certprofile 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.config 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.delegation 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.dns 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.dogtag 2020-01-16T09:18:21Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.group 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbac 2020-01-16T09:18:21Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbactest 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.host 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.idrange 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.idviews 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.internal 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.join 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.ldap2 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.location 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.migration 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.misc 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.netgroup 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.otp 2020-01-16T09:18:21Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.otptoken 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.passwd 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.permission 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.ping 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.pkinit 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.privilege 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.rabase 2020-01-16T09:18:21Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.role 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.schema 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.selfservice 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.server 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.serverrole 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.serverroles 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.service 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.session 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.stageuser 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.sudo 2020-01-16T09:18:21Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.sudorule 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.topology 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.trust 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.user 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.vault 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.virtual 2020-01-16T09:18:21Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.whoami 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2020-01-16T09:18:21Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.dns 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2020-01-16T09:18:22Z DEBUG failed to find session_cookie in persistent storage for principal 'host/ipa-replica.xxx.it@xxx.IT' 2020-01-16T09:18:22Z INFO trying https://ipa.xxx.it/ipa/json 2020-01-16T09:18:22Z DEBUG Created connection context.jsonclient_139649412854032 2020-01-16T09:18:22Z INFO try 1: Forwarding 'env' to json server 'https://ipa.xxx.it/ipa/json' 2020-01-16T09:18:22Z DEBUG New HTTP connection (ipa.xxx.it) 2020-01-16T09:18:22Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=BTSz0XyuEzRd7xkZM4kysKsWOkZOaERqJhzYjuyfBlhAqc4DteVEm3KNfgUdir%2fscHchNLakzdUFih4V34FJ2%2fG%2b9G7BPvtx5rynH06HfBxHzCA6FiApqL0vXTNSR9aD5QDxDKY8SJgSLvUU83NuUpvMjx7W1WdespWCUaaNr2X%2fXDnu2d2vgHXfG5KootdJ6B4CO2SyE3dpI4uVQjK2bKeJ37P6LvB%2b3g3yljV9deZ8ny4c3NaC5kpDZDDbuf6EAfNin0F%2f6rpQyNN5RaSnuA%3d%3d;path=/ipa;httponly;secure;']' 2020-01-16T09:18:22Z DEBUG storing cookie 'ipa_session=MagBearerToken=BTSz0XyuEzRd7xkZM4kysKsWOkZOaERqJhzYjuyfBlhAqc4DteVEm3KNfgUdir%2fscHchNLakzdUFih4V34FJ2%2fG%2b9G7BPvtx5rynH06HfBxHzCA6FiApqL0vXTNSR9aD5QDxDKY8SJgSLvUU83NuUpvMjx7W1WdespWCUaaNr2X%2fXDnu2d2vgHXfG5KootdJ6B4CO2SyE3dpI4uVQjK2bKeJ37P6LvB%2b3g3yljV9deZ8ny4c3NaC5kpDZDDbuf6EAfNin0F%2f6rpQyNN5RaSnuA%3d%3d;' for principal host/ipa-replica.xxx.it@xxx.IT 2020-01-16T09:18:22Z INFO try 1: Forwarding 'env' to json server 'https://ipa.xxx.it/ipa/json' 2020-01-16T09:18:22Z DEBUG HTTP connection keep-alive (ipa.xxx.it) 2020-01-16T09:18:22Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=Xa4DQXyDf2N%2bN02BRKniv2vPEEvy7HBccDQrtIFssIJ4mk8X1HUu1ewDHL6Ad8JXSoPTmnrxhRhUsViUQ7jOjcK3tUYk8PWoKNYuYnG6oRo1ZDEJKJUKMty2hP1QvNcpvunxaO6uqNFXny2qh9dUUpU9JvDd2N3dnaJQnLQ0poV3X%2fhdgWAlTWsXHrOSujY58qQD4FRQpFS6mJDETXGrnY8hCd7X7wf7o0OnLQuVBD6IYTc6g62S5B86zaS4S65U%2bWv8ugmg2v6pbCOMWhHnug%3d%3d;path=/ipa;httponly;secure;']' 2020-01-16T09:18:22Z DEBUG storing cookie 'ipa_session=MagBearerToken=Xa4DQXyDf2N%2bN02BRKniv2vPEEvy7HBccDQrtIFssIJ4mk8X1HUu1ewDHL6Ad8JXSoPTmnrxhRhUsViUQ7jOjcK3tUYk8PWoKNYuYnG6oRo1ZDEJKJUKMty2hP1QvNcpvunxaO6uqNFXny2qh9dUUpU9JvDd2N3dnaJQnLQ0poV3X%2fhdgWAlTWsXHrOSujY58qQD4FRQpFS6mJDETXGrnY8hCd7X7wf7o0OnLQuVBD6IYTc6g62S5B86zaS4S65U%2bWv8ugmg2v6pbCOMWhHnug%3d%3d;' for principal host/ipa-replica.xxx.it@xxx.IT 2020-01-16T09:18:22Z DEBUG Destroyed connection context.jsonclient_139649412854032 2020-01-16T09:18:22Z DEBUG Created connection context.ldap2_139649422986192 2020-01-16T09:18:22Z DEBUG flushing ldaps://ipa.xxx.it from SchemaCache 2020-01-16T09:18:22Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa.xxx.it conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f02a9a4b5f0> 2020-01-16T09:18:23Z DEBUG raw: domainlevel_get(version=u'2.231') 2020-01-16T09:18:23Z DEBUG domainlevel_get(version=u'2.231') 2020-01-16T09:18:23Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', version=u'2.231', host=[u'ipa-replica.xxx.it']) 2020-01-16T09:18:23Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, raw=False, version=u'2.231', no_members=True, pkey_only=False, host=(u'ipa-replica.xxx.it',)) 2020-01-16T09:18:23Z WARNING Lookup failed: Preferred host ipa-replica.xxx.it does not provide DNS. 2020-01-16T09:18:23Z DEBUG Check forward/reverse DNS resolution 2020-01-16T09:18:23Z DEBUG Search DNS server ipa.xxx.it (['10.56.7.5', '10.56.7.5', '10.56.7.5']) for ipa.xxx.it 2020-01-16T09:18:23Z DEBUG Check reverse address 10.56.7.5 (ipa.xxx.it) 2020-01-16T09:18:23Z DEBUG Address 10.56.7.5 resolves to: ipa.xxx.it.. 2020-01-16T09:18:23Z DEBUG Search DNS server ipa.xxx.it (['10.56.7.5', '10.56.7.5', '10.56.7.5']) for ipa-replica.xxx.it 2020-01-16T09:18:23Z DEBUG Check reverse address 10.56.7.4 (ipa-replica.xxx.it) 2020-01-16T09:18:23Z DEBUG Address 10.56.7.4 resolves to: ipa-replica.xxx.it.. 2020-01-16T09:18:23Z DEBUG Name ipa-replica.xxx.it resolved to set([UnsafeIPAddress('10.56.7.4')]) 2020-01-16T09:18:23Z DEBUG Searching for an interface of IP address: 10.56.7.4 2020-01-16T09:18:23Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) 2020-01-16T09:18:23Z DEBUG Testing local IP address: 10.56.7.4/255.255.255.0 (interface: ens192) 2020-01-16T09:18:23Z DEBUG Destroyed connection context.ldap2_139649422986192 2020-01-16T09:18:23Z DEBUG Starting external process 2020-01-16T09:18:23Z DEBUG args=/usr/sbin/ipa-replica-conncheck --master ipa.xxx.it --auto-master-check --realm xxx.IT --hostname ipa-replica.xxx.it --ca-cert-file /etc/ipa/ca.crt 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout= 2020-01-16T09:18:26Z DEBUG stderr=Check connection from replica to remote master 'ipa.xxx.it': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK
The following list of ports use UDP protocoland would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Check RPC connection to remote master trying https://ipa.xxx.it/ipa/session/json
Execute check on remote master
Check connection from master to remote replica 'ipa-replica.xxx.it': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK
Connection from master to replica is OK.
2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl start messagebus.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout= 2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active messagebus.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout=active
2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Start of messagebus.service complete 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl restart certmonger.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout= 2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active certmonger.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout=active
2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Restart of certmonger.service complete 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl enable certmonger.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout= 2020-01-16T09:18:26Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service.
2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=1 2020-01-16T09:18:26Z DEBUG stdout=disabled
2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active chronyd.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=3 2020-01-16T09:18:26Z DEBUG stdout=unknown
2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:26Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2020-01-16T09:18:26Z DEBUG Configuring NTP daemon (ntpd) 2020-01-16T09:18:26Z DEBUG [1/4]: stopping ntpd 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active ntpd.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout=active
2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl stop ntpd.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout= 2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Stop of ntpd.service complete 2020-01-16T09:18:26Z DEBUG duration: 0 seconds 2020-01-16T09:18:26Z DEBUG [2/4]: writing configuration 2020-01-16T09:18:26Z DEBUG Backing up system configuration file '/etc/ntp.conf' 2020-01-16T09:18:26Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2020-01-16T09:18:26Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' 2020-01-16T09:18:26Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2020-01-16T09:18:26Z DEBUG duration: 0 seconds 2020-01-16T09:18:26Z DEBUG [3/4]: configuring ntpd to start on boot 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-enabled ntpd.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout=enabled
2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl enable ntpd.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout= 2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG duration: 0 seconds 2020-01-16T09:18:26Z DEBUG [4/4]: starting ntpd 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl start ntpd.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout= 2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Starting external process 2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active ntpd.service 2020-01-16T09:18:26Z DEBUG Process finished, return code=0 2020-01-16T09:18:26Z DEBUG stdout=active
2020-01-16T09:18:26Z DEBUG stderr= 2020-01-16T09:18:26Z DEBUG Start of ntpd.service complete 2020-01-16T09:18:26Z DEBUG duration: 0 seconds 2020-01-16T09:18:26Z DEBUG Done configuring NTP daemon (ntpd). 2020-01-16T09:18:26Z DEBUG Created connection context.ldap2_139649422986192 2020-01-16T09:18:26Z DEBUG flushing ldaps://ipa.xxx.it from SchemaCache 2020-01-16T09:18:26Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa.xxx.it conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f02ae7ed050> 2020-01-16T09:18:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:27Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds 2020-01-16T09:18:27Z DEBUG [1/41]: creating directory server instance 2020-01-16T09:18:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:27Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2020-01-16T09:18:27Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' 2020-01-16T09:18:27Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2020-01-16T09:18:27Z DEBUG dn: dc=xxx,dc=it objectClass: top objectClass: domain objectClass: pilotObject dc: xxx info: IPA V2.0
2020-01-16T09:18:27Z DEBUG writing inf template 2020-01-16T09:18:27Z DEBUG [General] FullMachineName= ipa-replica.xxx.it SuiteSpotUserID= dirsrv SuiteSpotGroup= dirsrv ServerRoot= /usr/lib64/dirsrv [slapd] ServerPort= 389 ServerIdentifier= xxx-IT Suffix= dc=xxx,dc=it RootDN= cn=Directory Manager InstallLdifFile= /var/lib/dirsrv/boot.ldif inst_dir= /var/lib/dirsrv/scripts-xxx-IT
2020-01-16T09:18:27Z DEBUG calling setup-ds.pl 2020-01-16T09:18:27Z DEBUG Starting external process 2020-01-16T09:18:27Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpj4p7qw 2020-01-16T09:18:33Z DEBUG Process finished, return code=0 2020-01-16T09:18:33Z DEBUG stdout=[20/01/16:10:18:33] - [Setup] Info Your new DS instance 'xxx-IT' was successfully created. Your new DS instance 'xxx-IT' was successfully created. [20/01/16:10:18:33] - [Setup] Success Exiting . . . Log file is '-'
Exiting . . . Log file is '-'
2020-01-16T09:18:33Z DEBUG stderr= 2020-01-16T09:18:33Z DEBUG completed creating DS instance 2020-01-16T09:18:33Z DEBUG duration: 6 seconds 2020-01-16T09:18:33Z DEBUG [2/41]: enabling ldapi 2020-01-16T09:18:33Z DEBUG Starting external process 2020-01-16T09:18:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpK5bh89 -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmpCM49ie 2020-01-16T09:18:34Z DEBUG Process finished, return code=0 2020-01-16T09:18:34Z DEBUG stdout=replace nsslapd-ldapilisten: on modifying entry "cn=config" modify complete
2020-01-16T09:18:34Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )
2020-01-16T09:18:34Z DEBUG duration: 0 seconds 2020-01-16T09:18:34Z DEBUG [3/41]: configure autobind for root 2020-01-16T09:18:34Z DEBUG Starting external process 2020-01-16T09:18:34Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmp_nkFxO 2020-01-16T09:18:34Z DEBUG Process finished, return code=0 2020-01-16T09:18:34Z DEBUG stdout=add objectClass: extensibleObject top add cn: root-autobind add uidNumber: 0 add gidNumber: 0 adding new entry "cn=root-autobind,cn=config" modify complete
replace nsslapd-ldapiautobind: on modifying entry "cn=config" modify complete
replace nsslapd-ldapimaptoentries: on modifying entry "cn=config" modify complete
2020-01-16T09:18:34Z DEBUG duration: 0 seconds 2020-01-16T09:18:34Z DEBUG [4/41]: stopping directory server 2020-01-16T09:18:34Z DEBUG Starting external process 2020-01-16T09:18:34Z DEBUG args=/bin/systemctl stop dirsrv@xxx-IT.service 2020-01-16T09:18:36Z DEBUG Process finished, return code=0 2020-01-16T09:18:36Z DEBUG stdout= 2020-01-16T09:18:36Z DEBUG stderr= 2020-01-16T09:18:36Z DEBUG Stop of dirsrv@xxx-IT.service complete 2020-01-16T09:18:36Z DEBUG duration: 2 seconds 2020-01-16T09:18:36Z DEBUG [5/41]: updating configuration in dse.ldif 2020-01-16T09:18:36Z DEBUG Starting external process 2020-01-16T09:18:36Z DEBUG args=/usr/sbin/selinuxenabled 2020-01-16T09:18:36Z DEBUG Process finished, return code=0 2020-01-16T09:18:36Z DEBUG stdout= 2020-01-16T09:18:36Z DEBUG stderr= 2020-01-16T09:18:36Z DEBUG Starting external process 2020-01-16T09:18:36Z DEBUG args=/sbin/restorecon /etc/dirsrv/slapd-xxx-IT/dse.ldif 2020-01-16T09:18:36Z DEBUG Process finished, return code=0 2020-01-16T09:18:36Z DEBUG stdout= 2020-01-16T09:18:36Z DEBUG stderr= 2020-01-16T09:18:36Z DEBUG duration: 0 seconds 2020-01-16T09:18:36Z DEBUG [6/41]: starting directory server 2020-01-16T09:18:36Z DEBUG Starting external process 2020-01-16T09:18:36Z DEBUG args=/bin/systemctl start dirsrv@xxx-IT.service 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout= 2020-01-16T09:18:41Z DEBUG stderr= 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/bin/systemctl is-active dirsrv@xxx-IT.service 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=active
2020-01-16T09:18:41Z DEBUG stderr= 2020-01-16T09:18:41Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2020-01-16T09:18:41Z DEBUG waiting for port: 389 2020-01-16T09:18:41Z DEBUG SUCCESS: port: 389 2020-01-16T09:18:41Z DEBUG Start of dirsrv@xxx-IT.service complete 2020-01-16T09:18:41Z DEBUG Created connection context.ldap2_139649442352464 2020-01-16T09:18:41Z DEBUG duration: 5 seconds 2020-01-16T09:18:41Z DEBUG [7/41]: adding default schema 2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [8/41]: enabling memberof plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=replace nsslapd-pluginenabled: on add memberofgroupattr: memberUser add memberofgroupattr: memberHost modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [9/41]: enabling winsync plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa-winsync add nsslapd-pluginpath: libipa_winsync add nsslapd-plugininitfunc: ipa_winsync_plugin_init add nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature add nsslapd-pluginid: ipa-winsync add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-plugin-depends-on-type: database add ipaWinSyncRealmFilter: (objectclass=krbRealmContainer) add ipaWinSyncRealmAttr: cn add ipaWinSyncNewEntryFilter: (cn=ipaConfig) add ipaWinSyncNewUserOCAttr: ipauserobjectclasses add ipaWinSyncUserFlatten: true add ipaWinsyncHomeDirAttr: ipaHomesRootDir add ipaWinsyncLoginShellAttr: ipaDefaultLoginShell add ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup add ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) add ipaWinSyncAcctDisable: both add ipaWinSyncForceSync: true add ipaWinSyncUserAttr: uidNumber -1 gidNumber -1 adding new entry "cn=ipa-winsync,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [10/41]: configuring replication version plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Version Replication add nsslapd-pluginpath: libipa_repl_version add nsslapd-plugininitfunc: repl_version_plugin_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: off add nsslapd-pluginid: ipa_repl_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Replication version plugin add nsslapd-plugin-depends-on-type: database add nsslapd-plugin-depends-on-named: Multimaster Replication Plugin adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [11/41]: enabling IPA enrollment plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpBK05zN -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_enrollment_extop add nsslapd-pluginpath: libipa_enrollment_extop add nsslapd-plugininitfunc: ipaenrollment_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_enrollment_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Enroll hosts into the IPA domain add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=xxx,dc=it adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [12/41]: configuring uniqueness plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmph01dBB -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: krbPrincipalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbPrincipalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=xxx,dc=it add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=xxx,dc=it add uniqueness-across-all-subtrees: on adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" modify complete
add objectClass: top nsSlapdPlugin extensibleObject add cn: krbCanonicalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbCanonicalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=xxx,dc=it add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=xxx,dc=it add uniqueness-across-all-subtrees: on adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" modify complete
add objectClass: top nsSlapdPlugin extensibleObject add cn: netgroup uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=ng,cn=alt,dc=xxx,dc=it add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" modify complete
add objectClass: top nsSlapdPlugin extensibleObject add cn: ipaUniqueID uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: ipaUniqueID add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=xxx,dc=it add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=xxx,dc=it add uniqueness-across-all-subtrees: on adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" modify complete
add objectClass: top nsSlapdPlugin extensibleObject add cn: sudorule name uniqueness add nsslapd-pluginDescription: Enforce unique attribute values add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=sudorules,cn=sudo,dc=xxx,dc=it add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [13/41]: configuring uuid plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA UUID add nsslapd-pluginpath: libipa_uuid add nsslapd-plugininitfunc: ipauuid_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipauuid_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA UUID plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA UUID,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpkRGGwo -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top extensibleObject add cn: IPA Unique IDs add ipaUuidAttr: ipaUniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation)) add ipaUuidScope: dc=xxx,dc=it add ipaUuidEnforce: TRUE adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete
add objectclass: top extensibleObject add cn: IPK11 Unique IDs add ipaUuidAttr: ipk11UniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (objectclass=ipk11Object) add ipaUuidScope: dc=xxx,dc=it add ipaUuidEnforce: FALSE adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [14/41]: configuring modrdn plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA MODRDN add nsslapd-pluginpath: libipa_modrdn add nsslapd-plugininitfunc: ipamodrdn_init add nsslapd-plugintype: betxnpostoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipamodrdn_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA MODRDN plugin add nsslapd-plugin-depends-on-type: database add nsslapd-pluginPrecedence: 60 adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpM1bgin -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top extensibleObject add cn: Kerberos Principal Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbPrincipalName add ipaModRDNsuffix: @xxx.IT add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=xxx,dc=it adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete
add objectclass: top extensibleObject add cn: Kerberos Canonical Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbCanonicalName add ipaModRDNsuffix: @xxx.IT add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=xxx,dc=it adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [15/41]: configuring DNS plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top nsslapdPlugin extensibleObject add cn: IPA DNS add nsslapd-plugindescription: IPA DNS support plugin add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_dns add nsslapd-plugininitfunc: ipadns_init add nsslapd-pluginpath: libipa_dns.so add nsslapd-plugintype: preoperation add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-pluginversion: 1.0 add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA DNS,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [16/41]: enabling entryUSN plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=replace nsslapd-entryusn-global: on modifying entry "cn=config" modify complete
replace nsslapd-entryusn-import-initval: next modifying entry "cn=config" modify complete
replace nsslapd-pluginenabled: on modifying entry "cn=USN,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [17/41]: configuring lockout plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Lockout add nsslapd-pluginpath: libipa_lockout add nsslapd-plugininitfunc: ipalockout_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipalockout_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Lockout plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Lockout,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [18/41]: configuring topology plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcZDJf8 -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: IPA Topology Configuration add nsslapd-pluginPath: libtopology add nsslapd-pluginInitfunc: ipa_topo_init add nsslapd-pluginType: object add nsslapd-pluginEnabled: on add nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,dc=xxx,dc=it add nsslapd-topo-plugin-shared-replica-root: dc=xxx,dc=it o=ipaca add nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=xxx,dc=it add nsslapd-topo-plugin-startup-delay: 20 add nsslapd-pluginId: none add nsslapd-plugin-depends-on-named: ldbm database Multimaster Replication Plugin add nsslapd-pluginVersion: 1.0 add nsslapd-pluginVendor: none add nsslapd-pluginDescription: none adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [19/41]: creating indices 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=add objectClass: top nsIndex add cn: krbPrincipalName add nsSystemIndex: false add nsIndexType: eq sub add nsMatchingRule: caseIgnoreIA5Match caseExactIA5Match adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add objectClass: top nsIndex add cn: ou add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add objectClass: top nsIndex add cn: carLicense add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add objectClass: top nsIndex add cn: title add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add objectClass: top nsIndex add cn: manager add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add objectClass: top nsIndex add cn: secretary add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add objectClass: top nsIndex add cn: displayname add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add nsIndexType: sub modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add objectClass: top nsIndex add cn: uidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add objectClass: top nsIndex add cn: gidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
replace nsIndexType: eq pres modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
replace nsIndexType: eq pres modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add ObjectClass: top nsIndex add cn: fqdn add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add ObjectClass: top nsIndex add cn: macAddress add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: memberHost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: memberUser add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: sourcehost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: memberservice add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: managedby add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: memberallowcmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: memberdenycmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipasudorunas add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipasudorunasgroup add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: automountkey add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: automountMapName add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipaConfigString add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipaEnabledFlag add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipaKrbAuthzData add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipakrbprincipalalias add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipauniqueid add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipaMemberCa add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipaMemberCertProfile add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: userCertificate add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipalocation add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: krbCanonicalName add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: serverhostname add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: description add objectClass: top nsindex add nssystemindex: false add nsindextype: eq sub adding new entry "cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: l add objectClass: top nsindex add nssystemindex: false add nsindextype: eq sub adding new entry "cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: nsOsVersion add objectClass: top nsindex add nssystemindex: false add nsindextype: eq sub adding new entry "cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: nsHardwarePlatform add objectClass: top nsindex add nssystemindex: false add nsindextype: eq sub adding new entry "cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: nsHostLocation add objectClass: top nsindex add nssystemindex: false add nsindextype: eq sub adding new entry "cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: ipServicePort add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: accessRuleType add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: hostCategory add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
add cn: idnsName add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [20/41]: enabling referential integrity plugin 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:41Z DEBUG Process finished, return code=0 2020-01-16T09:18:41Z DEBUG stdout=replace nsslapd-pluginenabled: on modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" modify complete
2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [21/41]: configuring certmap.conf 2020-01-16T09:18:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2020-01-16T09:18:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2020-01-16T09:18:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2020-01-16T09:18:41Z DEBUG duration: 0 seconds 2020-01-16T09:18:41Z DEBUG [22/41]: configure new location for managed entries 2020-01-16T09:18:41Z DEBUG Starting external process 2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpyYQZIt -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:42Z DEBUG Process finished, return code=0 2020-01-16T09:18:42Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=Definitions,cn=Managed Entries,cn=etc,dc=xxx,dc=it modifying entry "cn=Managed Entries,cn=plugins,cn=config" modify complete
2020-01-16T09:18:42Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
2020-01-16T09:18:42Z DEBUG duration: 0 seconds 2020-01-16T09:18:42Z DEBUG [23/41]: configure dirsrv ccache 2020-01-16T09:18:42Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' 2020-01-16T09:18:42Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2020-01-16T09:18:42Z DEBUG Starting external process 2020-01-16T09:18:42Z DEBUG args=/usr/sbin/selinuxenabled 2020-01-16T09:18:42Z DEBUG Process finished, return code=0 2020-01-16T09:18:42Z DEBUG stdout= 2020-01-16T09:18:42Z DEBUG stderr= 2020-01-16T09:18:42Z DEBUG Starting external process 2020-01-16T09:18:42Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv 2020-01-16T09:18:42Z DEBUG Process finished, return code=0 2020-01-16T09:18:42Z DEBUG stdout= 2020-01-16T09:18:42Z DEBUG stderr= 2020-01-16T09:18:42Z DEBUG duration: 0 seconds 2020-01-16T09:18:42Z DEBUG [24/41]: enabling SASL mapping fallback 2020-01-16T09:18:42Z DEBUG Starting external process 2020-01-16T09:18:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp2cUva2 -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:42Z DEBUG Process finished, return code=0 2020-01-16T09:18:42Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: on modifying entry "cn=config" modify complete
2020-01-16T09:18:42Z DEBUG duration: 0 seconds 2020-01-16T09:18:42Z DEBUG [25/41]: restarting directory server 2020-01-16T09:18:42Z DEBUG Destroyed connection context.ldap2_139649442352464 2020-01-16T09:18:42Z DEBUG Starting external process 2020-01-16T09:18:42Z DEBUG args=/bin/systemctl --system daemon-reload 2020-01-16T09:18:42Z DEBUG Process finished, return code=0 2020-01-16T09:18:42Z DEBUG stdout= 2020-01-16T09:18:42Z DEBUG stderr= 2020-01-16T09:18:42Z DEBUG Starting external process 2020-01-16T09:18:42Z DEBUG args=/bin/systemctl restart dirsrv@xxx-IT.service 2020-01-16T09:18:48Z DEBUG Process finished, return code=0 2020-01-16T09:18:48Z DEBUG stdout= 2020-01-16T09:18:48Z DEBUG stderr= 2020-01-16T09:18:48Z DEBUG Starting external process 2020-01-16T09:18:48Z DEBUG args=/bin/systemctl is-active dirsrv@xxx-IT.service 2020-01-16T09:18:48Z DEBUG Process finished, return code=0 2020-01-16T09:18:48Z DEBUG stdout=active
2020-01-16T09:18:48Z DEBUG stderr= 2020-01-16T09:18:48Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2020-01-16T09:18:48Z DEBUG waiting for port: 389 2020-01-16T09:18:48Z DEBUG SUCCESS: port: 389 2020-01-16T09:18:48Z DEBUG Restart of dirsrv@xxx-IT.service complete 2020-01-16T09:18:48Z DEBUG Starting external process 2020-01-16T09:18:48Z DEBUG args=/bin/systemctl is-active dirsrv@xxx-IT.service 2020-01-16T09:18:48Z DEBUG Process finished, return code=0 2020-01-16T09:18:48Z DEBUG stdout=active
2020-01-16T09:18:48Z DEBUG stderr= 2020-01-16T09:18:48Z DEBUG Created connection context.ldap2_139649442352464 2020-01-16T09:18:48Z DEBUG duration: 6 seconds 2020-01-16T09:18:48Z DEBUG [26/41]: creating DS keytab 2020-01-16T09:18:48Z DEBUG raw: service_add(u'ldap/ipa-replica.xxx.it@xxx.IT', force=True, version=u'2.231') 2020-01-16T09:18:48Z DEBUG service_add(ipapython.kerberos.Principal('ldap/ipa-replica.xxx.it@xxx.IT'), force=True, all=False, raw=False, version=u'2.231', no_members=False) 2020-01-16T09:18:48Z DEBUG raw: host_show(u'ipa-replica.xxx.it', version=u'2.231') 2020-01-16T09:18:48Z DEBUG host_show(u'ipa-replica.xxx.it', rights=False, all=False, raw=False, version=u'2.231', no_members=False) 2020-01-16T09:18:48Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' 2020-01-16T09:18:48Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist 2020-01-16T09:18:48Z DEBUG Starting external process 2020-01-16T09:18:48Z DEBUG args=/usr/sbin/ipa-getkeytab -k /etc/dirsrv/ds.keytab -p ldap/ipa-replica.xxx.it@xxx.IT -H ldaps://ipa.xxx.it 2020-01-16T09:18:49Z DEBUG Process finished, return code=0 2020-01-16T09:18:49Z DEBUG stdout= 2020-01-16T09:18:49Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/dirsrv/ds.keytab
2020-01-16T09:18:49Z DEBUG duration: 0 seconds 2020-01-16T09:18:49Z DEBUG [27/41]: ignore time skew for initial replication 2020-01-16T09:18:49Z DEBUG Starting external process 2020-01-16T09:18:49Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmptm2Bru -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:18:49Z DEBUG Process finished, return code=0 2020-01-16T09:18:49Z DEBUG stdout=replace nsslapd-ignore-time-skew: on modifying entry "cn=config" modify complete
2020-01-16T09:18:49Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
2020-01-16T09:18:49Z DEBUG duration: 0 seconds 2020-01-16T09:18:49Z DEBUG [28/41]: setting up initial replication 2020-01-16T09:18:49Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-xxx-IT.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f02a8bcee60> 2020-01-16T09:18:49Z DEBUG Destroyed connection context.ldap2_139649442352464 2020-01-16T09:18:49Z DEBUG Starting external process 2020-01-16T09:18:49Z DEBUG args=/bin/systemctl --system daemon-reload 2020-01-16T09:18:49Z DEBUG Process finished, return code=0 2020-01-16T09:18:49Z DEBUG stdout= 2020-01-16T09:18:49Z DEBUG stderr= 2020-01-16T09:18:49Z DEBUG Starting external process 2020-01-16T09:18:49Z DEBUG args=/bin/systemctl restart dirsrv@xxx-IT.service 2020-01-16T09:18:56Z DEBUG Process finished, return code=0 2020-01-16T09:18:56Z DEBUG stdout= 2020-01-16T09:18:56Z DEBUG stderr= 2020-01-16T09:18:56Z DEBUG Restart of dirsrv@xxx-IT.service complete 2020-01-16T09:18:56Z DEBUG Created connection context.ldap2_139649442352464 2020-01-16T09:18:56Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2020-01-16T09:18:56Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.xxx.it:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f02a89871b8> 2020-01-16T09:18:56Z DEBUG Successfully updated nsDS5ReplicaId. 2020-01-16T09:18:56Z DEBUG Add or update replica config cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config 2020-01-16T09:18:56Z DEBUG Added replica config cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config 2020-01-16T09:18:56Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2020-01-16T09:18:56Z DEBUG Successfully updated nsDS5ReplicaId. 2020-01-16T09:18:56Z DEBUG Add or update replica config cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config 2020-01-16T09:18:56Z DEBUG Added replica config cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config 2020-01-16T09:18:56Z DEBUG Waiting for replication (ldap://ipa.xxx.it:389) cn=meToipa-replica.xxx.it,cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config (objectclass=) 2020-01-16T09:18:56Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=meToipa-replica.xxx.it,cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config'), {u'nsds5replicaLastInitStart': ['19700101000000Z'], u'nsds5replicaUpdateInProgress': ['FALSE'], u'cn': ['meToipa-replica.xxx.it'], u'objectClass': ['nsds5replicationagreement', 'top'], u'nsds5replicaLastUpdateEnd': ['19700101000000Z'], u'nsDS5ReplicaRoot': ['dc=xxx,dc=it'], u'nsDS5ReplicaHost': ['ipa-replica.xxx.it'], u'nsds5replicaLastUpdateStatus': ['Error (0) No replication sessions started since server startup'], u'nsDS5ReplicaBindMethod': ['SASL/GSSAPI'], u'nsds5ReplicaStripAttrs': ['modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'], u'nsds5replicaLastUpdateStart': ['19700101000000Z'], u'nsDS5ReplicaPort': ['389'], u'nsDS5ReplicaTransportInfo': ['LDAP'], u'description': ['me to ipa-replica.xxx.it'], u'nsds5replicareapactive': ['0'], u'nsds5replicaChangesSentSinceStartup': [''], u'nsds5replicaTimeout': ['120'], u'nsDS5ReplicatedAttributeList': ['(objectclass=) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'], u'nsds5replicaLastInitEnd': ['19700101000000Z'], u'nsDS5ReplicatedAttributeListTotal': ['(objectclass=) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount']})] 2020-01-16T09:18:56Z DEBUG Waiting for replication (ldapi://%2fvar%2frun%2fslapd-xxx-IT.socket) cn=meToipa.xxx.it,cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config (objectclass=) 2020-01-16T09:18:56Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=meToipa.xxx.it,cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config'), {u'nsds5replicaLastInitStart': ['19700101000000Z'], u'nsds5replicaUpdateInProgress': ['FALSE'], u'cn': ['meToipa.xxx.it'], u'objectClass': ['nsds5replicationagreement', 'top'], u'nsds5replicaLastUpdateEnd': ['19700101000000Z'], u'nsDS5ReplicaRoot': ['dc=xxx,dc=it'], u'nsDS5ReplicaHost': ['ipa.xxx.it'], u'nsds5replicaLastUpdateStatus': ['Error (0) No replication sessions started since server startup'], u'nsDS5ReplicaBindMethod': ['SASL/GSSAPI'], u'nsds5ReplicaStripAttrs': ['modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'], u'nsds5replicaLastUpdateStart': ['19700101000000Z'], u'nsDS5ReplicaPort': ['389'], u'nsDS5ReplicaTransportInfo': ['LDAP'], u'description': ['me to ipa.xxx.it'], u'nsds5replicareapactive': ['0'], u'nsds5replicaChangesSentSinceStartup': [''], u'nsds5replicaTimeout': ['120'], u'nsDS5ReplicatedAttributeList': ['(objectclass=) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'], u'nsds5replicaLastInitEnd': ['19700101000000Z'], u'nsDS5ReplicatedAttributeListTotal': ['(objectclass=) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount']})] 2020-01-16T09:19:01Z DEBUG duration: 11 seconds 2020-01-16T09:19:01Z DEBUG [29/41]: prevent time skew after initial replication 2020-01-16T09:19:01Z DEBUG Starting external process 2020-01-16T09:19:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL 2020-01-16T09:19:01Z DEBUG Process finished, return code=50 2020-01-16T09:19:01Z DEBUG stdout=replace nsslapd-ignore-time-skew: off modifying entry "cn=config"
2020-01-16T09:19:01Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ldap_modify: Insufficient access (50) additional info: Insufficient 'write' privilege to the 'nsslapd-ignore-time-skew' attribute of entry 'cn=config'.
2020-01-16T09:19:01Z CRITICAL Failed to load replica-prevent-time-skew.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50 2020-01-16T09:19:01Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 976, in replica_manage_time_skew self._ldap_mod("replica-prevent-time-skew.ldif", self.sub_dict) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 370, in _ldap_mod ipautil.run(args, nolog=nologlist) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 563, in run raise CalledProcessError(p.returncode, arg_string, str(output)) CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50
2020-01-16T09:19:01Z DEBUG [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50 2020-01-16T09:19:01Z DEBUG Destroyed connection context.ldap2_139649422986192 2020-01-16T09:19:01Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2020-01-16T09:19:01Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2020-01-16T09:19:01Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run return cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init.py", line 629, in main replica_install(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 408, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1451, in install fstore=fstore) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 115, in install_replica_ds setup_pkinit=not options.no_pkinit, File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 419, in create_replica self.start_creation(runtime=30) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 976, in replica_manage_time_skew self._ldap_mod("replica-prevent-time-skew.ldif", self.sub_dict) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 370, in _ldap_mod ipautil.run(args, nolog=nologlist) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 563, in run raise CalledProcessError(p.returncode, arg_string, str(output))
2020-01-16T09:19:01Z DEBUG The ipa-replica-install command failed, exception: CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50 2020-01-16T09:19:01Z ERROR Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50 2020-01-16T09:19:01Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
The failing command is:
Do you have a user with uid 0 in IPA or did you install the first IPA server with --idstart=0?
--idstart=0
Hi @cheimes,
yes I have an user call "root"
User login: root Last name: root Home directory: /home/root Login shell: /bin/false Principal name: root@xxx.IT Principal alias: root@xxx.IT UID: 0 GID: 0 Account disabled: False
That's most likely the root cause of your problem. You should not have a root user in IPA nor a user with UID 0 or GID 0. This conflicts with Directory Manager auto-bind and other features.
root
Directory Manager
Thanks you @cheimes that's work!
Thanks soo much.
Yes, using 'root' inside IPA is unsupported.
Metadata Update from @abbra: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.