Hi,
Is your IPA server configured as domain level 0 or domain level 1?
If level 0, the replica installation is done in 2 steps, the preparation of a replica file on the master, and then the installation of the replica using this replica file.
If level 1, there is no preparation step for a replica file.
To get the current domain level:
ipa domainlevel-get
flo

On Mon, Feb 6, 2023 at 8:32 AM Bryan Fang via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
Hi folks,
hope you are doing well, in case of dealing with domain level 0, when run ipa-replica-install, i have to provide gpg file as one of parameters, and cannot use --dirsrv-cert-file etc. together with gpg file
'You cannot specify any of --dirsrv-cert-file, --http-cert-file, or --pkinit-cert-file together with replica file'
as your suggestion I run ipa-client-install firstly, all certificates should be placed correctly, then when I run ipa-replica-install file.gpg -d, then get below error message
ipapython.admintool: DEBUG    The ipa-replica-install command failed, exception: ScriptError: IPA client is already configured on this system.
Please uninstall it first before configuring the replica, using 'ipa-client-install --uninstall'.
ipapython.admintool: ERROR    IPA client is already configured on this system.

but certificate issue if I uninstall ipa-client, how to solve this issue?
thanks in advance!
Best regards,
Bryan
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue