<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 02/08/2015 08:35 AM, alireza baghery
wrote:<br>
</div>
<blockquote
cite="mid:CAPyvVhzmUo8JAt_bN1L7T+LeS-bySFN4kxQFPF5W807ASUr5og@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>iptables and firewalls stop<br>
</div>
<div>and on both server execute nslookup ipasrv and nslookup
replica<br>
</div>
<div>output successfully<br>
</div>
</div>
<div class="gmail_extra"><br>
</div>
</blockquote>
Please reply on the list.<br>
<br>
Next thing I would check if the SSH command actually makes it from
replica to master by monitoring SSH logs.<br>
If it does not (which I think the case) then it is still a DNS
problem. Can you please check that both servers actually resolve
each other's name to the same IP address? <br>
<br>
<blockquote
cite="mid:CAPyvVhzmUo8JAt_bN1L7T+LeS-bySFN4kxQFPF5W807ASUr5og@mail.gmail.com"
type="cite">
<div class="gmail_extra">
<div class="gmail_quote">On Sun, Feb 8, 2015 at 3:58 PM, Dmitri
Pal <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div class="h5">
<div>On 02/08/2015 03:10 AM, alireza baghery wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>
<div>hi<br>
</div>
i install ipa on centos 6.5<br>
</div>
and want install replica <br>
</div>
for purpose i do the following task:<br>
</div>
ipa-install-prepare --ip-address
(replica) replica....<br>
</div>
(replica) namserver ipa<br>
</div>
(replica) ipa-replica-install <br>
</div>
but in Connetcon Check get ERROR<br>
<div>=======message stdout replica=======<br>
Connection from replica to master is OK.<br>
Start listening on required ports for remote
master check<br>
Get credentials to log in to remote master<br>
admin@********* password:<br>
<br>
Execute check on remote master<br>
<br>
Remote master check failed with following error
message(s):<br>
<br>
Connection check failed!<br>
Please fix your network settings according to
error messages above.<br>
If the check results are not valid it can be
skipped with --skip-conncheck parameter.<br>
</div>
<div>=========message log in
/var/log/ipa-replication-connection-check
=====================<br>
</div>
<div>2015-02-08T07:41:30Z DEBUG
args=/usr/bin/kinit admin@IPA*****<br>
2015-02-08T07:41:30Z DEBUG stdout=Password for
admin@IPA*****:<br>
<br>
2015-02-08T07:41:30Z DEBUG stderr=<br>
2015-02-08T07:41:30Z DEBUG args=/usr/bin/kvno
host/ipa********<br>
2015-02-08T07:41:30Z DEBUG
stdout=host/ipa*****@IPA******: kvno = 2<br>
<br>
2015-02-08T07:41:30Z DEBUG stderr=<br>
2015-02-08T07:41:30Z DEBUG args=/usr/bin/ssh -q
-o StrictHostKeychecking=no -o
UserKnownHostsFile=/dev/null admin@ipa****
/usr/sbin/ipa-replica-conncheck --replica
replica*******<br>
2015-02-08T07:41:30Z DEBUG stdout=<br>
2015-02-08T07:41:30Z DEBUG stderr=<br>
=================================<br>
</div>
<div>tnx <br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
</div>
</div>
Check your firewall and DNS settings.<br>
One problem can be that replica incorrectly resolves
master. Another that FW blocks access from replica to
master.<span class="HOEnZb"><font color="#888888"><br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</font></span></div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a moz-do-not-send="true" href="http://freeipa.org"
target="_blank">http://freeipa.org</a> for more info on
the project<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>