On 05/10/2018 10:48 AM, Michael Rainey (Contractor, Code 7320) wrote:
> So there are two possibilities here. One, "cn=Replication
Manager
> cloneAgreement1-fitch.<domain>-pki-tomcat,ou=csusers,cn=config" does
> not exist on the server, or two, you are using the wrong password for
> this entry in the replication agreement.
Perhaps the password has been corrupted. The agreements appear to be
there when I run the command listed below. These systems have been
running well for the past few years before this problem started
appearing. I have run the "ipa-replica-manage re-initialize" command,
but the pki-tomcatd service still continues to fail when trying to
start the service. Are there any additional steps you recommend?
Try resetting the password for "cn=Replication Manager
cloneAgreement1-fitch.<domain>-pki-tomcat,ou=csusers,cn=config" to the
password you used in the agreement
# ldapmodify -D "cn=directory manager" -W
dn: cn=Replication Manager
cloneAgreement1-fitch.<domain>-pki-tomcat,ou=csusers,cn=config
changetype: modify
replace: userpassword
userpassword: YOUR_PASSWORD
> [root@fitch ~]# ipa-replica-manage list fitch.<domain>
> Directory Manager password:
>
> kodiak.<domain>: replica
> piston.<domain>: replica
> tierod.<domain>: replica
*Michael Rainey*
Network Representative
Naval Research Laboratory, Code 7320
Building 1009, Room C156
Stennis Space Center, MS 39529
On 05/09/2018 05:01 PM, Mark Reynolds via FreeIPA-users wrote:
> So there are two possibilities here. One, "cn=Replication Manager
> cloneAgreement1-fitch.<domain>-pki-tomcat,ou=csusers,cn=config" does
> not exist on the server, or two, you are using the wrong password for
> this entry in the replication agreement.