<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 10/01/2014 10:20 AM, Shashi Dahal wrote:<br> </div> <blockquote cite="mid:F30B6425DE6C774FAC7A28C3D64E15F3B8F349@EchoDB01.spil.local" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <style type="text/css" id="owaParaStyle"></style> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi, <div><br> </div> <div>This is what I have. </div> <div><br> </div> <div>ipa01 - master</div> <div>ipa02 - replica</div> <div>ipa03 - replica</div> <div><br> </div> <div>ipa02 crashed, and re-setup </div> <div><br> </div> <div>I used the gpg file from master and trying to re-create the replica: </div> <div>ipa-replica-install ipa02.gpg </div> <div><br> </div> <div>gives: </div> <div><br> </div> <div> <div>The host ipa02.local.zone already exists on the master server.</div> <div>You should remove it before proceeding:</div> <div> % ipa host-del <span style="font-size: 10pt;">ipa02.local.zone</span></div> </div> <div><span style="font-size: 10pt;"><br> </span></div> <div><span style="font-size: 10pt;"><br> </span></div> <div><span style="font-size: 10pt;">I login to the master server and if I do </span>ipa-replica-manage list , it shows: <span style="font-size: 10pt;">ipa02.local.zone: master</span></div> <div>Trying to delete it with <span style="font-size: 10pt;">ipa host-del </span><span style="font-size: 10pt;">ipa02.local.zone fails saying:</span></div> <div><span style="font-size: 10pt;"> </span>ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or disabled</div> <div><br> </div> <div>ipa-replica-manage del <span style="font-size: 10pt;">ipa02.local.zone</span><span style="font-size: 10pt;"> fails saying: </span></div> <div>'ipa01.local.zone' has no replication agreement for 'ipa02.local.zone'</div> <div><br> </div> <div><br> </div> <div>I searched the mailing list and it was suggested that I should do a ldapsearch and ldapdelete. </div> <div><br> </div> <div>here is the search: </div> <div><br> </div> <div> <div>ldapsearch -LLL -x -b cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01</div> <div><br> </div> <div>dn: cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01</div> <div>objectClass: top</div> <div>objectClass: nsContainer</div> <div>cn: ipa02.local.zone</div> <div><br> </div> <div>dn: cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01</div> <div>objectClass: nsContainer</div> <div>objectClass: ipaConfigObject</div> <div>objectClass: top</div> <div>ipaConfigString: enabledService</div> <div>ipaConfigString: startOrder 10</div> <div>cn: KDC</div> <div><br> </div> <div>dn: cn=KPASSWD,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=sp</div> <div> il</div> <div>objectClass: nsContainer</div> <div>objectClass: ipaConfigObject</div> <div>objectClass: top</div> <div>ipaConfigString: enabledService</div> <div>ipaConfigString: startOrder 20</div> <div>cn: KPASSWD</div> <div><br> </div> <div>dn: cn=MEMCACHE,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=s</div> <div> pil</div> <div>objectClass: nsContainer</div> <div>objectClass: ipaConfigObject</div> <div>objectClass: top</div> <div>ipaConfigString: enabledService</div> <div>ipaConfigString: startOrder 39</div> <div>cn: MEMCACHE</div> <div><br> </div> <div>dn: cn=HTTP,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01</div> <div>objectClass: nsContainer</div> <div>objectClass: ipaConfigObject</div> <div>objectClass: top</div> <div>ipaConfigString: enabledService</div> <div>ipaConfigString: startOrder 40</div> <div>cn: HTTP</div> <div><br> </div> <div>dn: cn=DNS,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01</div> <div>objectClass: nsContainer</div> <div>objectClass: ipaConfigObject</div> <div>objectClass: top</div> <div>ipaConfigString: enabledService</div> <div>ipaConfigString: startOrder 30</div> <div>cn: DNS</div> </div> <div><br> </div> <div><br> </div> <div>I tried delete, but I get: </div> <div><br> </div> <div>ldapdelete -x -D 'cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01'</div> <div><br> </div> <div> <div>ldap_bind: Server is unwilling to perform (53)</div> <div><span class="Apple-tab-span" style="white-space:pre"></span>additional info: Unauthenticated binds are not allowed</div> </div> <div><br> </div> <div>I have located that there is -W </div> <div><br> </div> <div>ldapdelete -x -D 'cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01' -W </div> <div>it askes for LDAP Password: </div> <div><br> </div> <div>Entering the password gives: ldap_bind: Inappropriate authentication (48) </div> <div><br> </div> <div><br> </div> <div>Can anyone who faced similar issues help me on how do I fix it ? </div> <div><br> </div> <div><br> </div> <div>Cheers,</div> <div>Shashi</div> <div><br> </div> <div><br> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> I think you need to use Directory Manager's or admin's DN as a bind DN.<br> The bind DN above seems wrong.<br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.</pre> </body> </html>