...
You could identify this error during tests (e.g. running a ipa command) or enrollment of a machine into LDAP, after the migration from Centos7 to Rocky8.
Example error:
| Code Block |
|---|
[root@replica-first ~]# ipa --verbose
ipa: INFO: Connection to https://replica-first.coreservices.ewc/ipa/session/json failed with <ProtocolError for replica-first.coreservices.ewc/ipa/session/json: 401 Unauthorized>
ipa: INFO: Connection to https://ldap.coreservices.ewc/ipa/session/json failed with [Errno -2] Name or service not known
ipa: ERROR: cannot connect to 'any of the configured servers': https://replica-first.coreservices.ewc/ipa/session/json, https://ldap.coreservices.ewc/ipa/session/json |
In order to fix this authentication issue:
- SSH to the current LDAP machine you have
- become root
- Run the followingÂ
Code Block python3 /usr/libexec/ipa/oddjob/org.freeipa.server.config-enable-sid --add-sids
- finally kinit with the admin user and try to run ipa commands to verify it works
...