<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Sorry, when I said “selinux is in permissive mode, but it’s the same as on the master server, so it should be the issue.” It should have read as “selinux is in permissive mode, but it’s the same as on the master
server, so it should NOT be the issue.”</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Les<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-AU"> freeipa-users-bounces@redhat.com
[mailto:freeipa-users-bounces@redhat.com] <b>On Behalf Of </b>Les Stott<br>
<b>Sent:</b> Monday, 16 December 2013 8:47 PM<br>
<b>To:</b> freeipa-users@redhat.com<br>
<b>Subject:</b> [Freeipa-users] Trouble with replica install<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.<o:p></o:p></p>
<p class="MsoNormal">Already setup master server, now trying to install replica (which I’ve done before and its worked fine).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The replica install gets all the way to the end but errors out. For the most part, it looks like it is complete, but I want to be sure there are no lingering issues.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The error I see in the log is…(domain and ip’s changed)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">------------------------<o:p></o:p></p>
<p class="MsoNormal">2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com<o:p></o:p></p>
<p class="MsoNormal">Realm: MYDOMAIN.COM<o:p></o:p></p>
<p class="MsoNormal">DNS Domain: mydomain.com<o:p></o:p></p>
<p class="MsoNormal">IPA Server: replica.mydomain.com<o:p></o:p></p>
<p class="MsoNormal">BaseDN: dc=mydomain,dc=com<o:p></o:p></p>
<p class="MsoNormal">Domain mydomain.com is already configured in existing SSSD config, creating a new one.<o:p></o:p></p>
<p class="MsoNormal">The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.<o:p></o:p></p>
<p class="MsoNormal">Configured /etc/sssd/sssd.conf<o:p></o:p></p>
<p class="MsoNormal">trying <a href="https://replica.mydomain.com/ipa/xml">https://replica.mydomain.com/ipa/xml</a><o:p></o:p></p>
<p class="MsoNormal">Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'<o:p></o:p></p>
<p class="MsoNormal">Traceback (most recent call last):<o:p></o:p></p>
<p class="MsoNormal"> File "/usr/sbin/ipa-client-install", line 2377, in <module><o:p></o:p></p>
<p class="MsoNormal"> sys.exit(main())<o:p></o:p></p>
<p class="MsoNormal"> File "/usr/sbin/ipa-client-install", line 2363, in main<o:p></o:p></p>
<p class="MsoNormal"> rval = install(options, env, fstore, statestore)<o:p></o:p></p>
<p class="MsoNormal"> File "/usr/sbin/ipa-client-install", line 2167, in install<o:p></o:p></p>
<p class="MsoNormal"> remote_env = api.Command['env'](server=True)['result']<o:p></o:p></p>
<p class="MsoNormal"> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__<o:p></o:p></p>
<p class="MsoNormal"> ret = self.run(*args, **options)<o:p></o:p></p>
<p class="MsoNormal"> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in run<o:p></o:p></p>
<p class="MsoNormal"> return self.forward(*args, **options)<o:p></o:p></p>
<p class="MsoNormal"> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in forward<o:p></o:p></p>
<p class="MsoNormal"> return self.Backend.xmlclient.forward(self.name, *args, **kw)<o:p></o:p></p>
<p class="MsoNormal"> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward<o:p></o:p></p>
<p class="MsoNormal"> raise NetworkError(uri=server, error=e.errmsg)<o:p></o:p></p>
<p class="MsoNormal">ipalib.errors.NetworkError: cannot connect to u'https://replica.mydomain.com/ipa/xml': Internal Server Error<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2013-12-16T09:26:50Z INFO File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script<o:p></o:p></p>
<p class="MsoNormal"> return_value = main_function()<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> File "/usr/sbin/ipa-replica-install", line 527, in main<o:p></o:p></p>
<p class="MsoNormal"> raise RuntimeError("Failed to configure the client")<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: RuntimeError: Failed to configure the client<o:p></o:p></p>
<p class="MsoNormal">-------------------<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Apache logs the following error at the same time…<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: couldn't check access. No groups file?: /ipa/xml, referer:
<a href="https://replica.mydomain.com/ipa/xml">https://replica.mydomain.com/ipa/xml</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I can login to the gui and it seems ok, but I’m rolling this into production so I’ve got to get it right.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m hoping this is just some bug because its an older freeipa on redhat (minimal install) etc. selinux is in permissive mode, but it’s the same as on the master server, so it should be the issue.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is this error critical? How can I fix it?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks in advance,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Les<o:p></o:p></p>
</div>
</body>
</html>