<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 03/09/2015 03:35 PM, Steven Jones
wrote:<br>
</div>
<blockquote cite="mid:1425936805454.63030@vuw.ac.nz" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Any idea what is going on here please?</p>
<p><br>
</p>
<p>==========</p>
<pre class="pcmTextBlock browserNotIE ng-binding">[<a moz-do-not-send="true" target="_blank" href="mailto:root@vuwunicoipam004">root@vuwunicoipam004</a> ipa-certs]# ipa-replica-install --setup-dns --forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg --skip-conncheck
Checking forwarders, please wait ...
WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in answers
Please fix forwarder configuration to enable DNSSEC support.
(For BIND 9 add directive "dnssec-enable yes;" to "options {}")
WARNING: DNSSEC validation will be disabled</pre>
</div>
</blockquote>
<br>
I don't know if this is a problem, so I will leave it to our DNS
gurus to answer.<br>
<br>
<blockquote cite="mid:1425936805454.63030@vuw.ac.nz" type="cite">
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<pre class="pcmTextBlock browserNotIE ng-binding">
Directory Manager (existing master) password:
Adding [10.100.32.50 vuwunicoipam004.ods.vuw.ac.nz] to your /etc/hosts file
Using reverse zone(s) 32.100.10.in-addr.arpa.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/35]: creating directory server user
[2/35]: creating directory server instance
[3/35]: adding default schema
[4/35]: enabling memberof plugin
[5/35]: enabling winsync plugin
[6/35]: configuring replication version plugin
[7/35]: enabling IPA enrollment plugin
[8/35]: enabling ldapi
[9/35]: configuring uniqueness plugin
[10/35]: configuring uuid plugin
[11/35]: configuring modrdn plugin
[12/35]: configuring DNS plugin
[13/35]: enabling entryUSN plugin
[14/35]: configuring lockout plugin
[15/35]: creating indices
[16/35]: enabling referential integrity plugin
[17/35]: configuring ssl for ds instance
[18/35]: configuring certmap.conf
[19/35]: configure autobind for root
[20/35]: configure new location for managed entries
[21/35]: configure dirsrv ccache
[22/35]: enable SASL mapping fallback
[23/35]: restarting directory server
[24/35]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 128 seconds elapsed
[vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [10 Total update abortedLDAP error: Referral]</pre>
</div>
</blockquote>
<br>
If the client got back a referral, it means the replica was being
re-initialized at this time. Sounds like either the client is not
checking to see if the initialization is complete, or the server is
reporting back erroneously that initialization is complete.<br>
<br>
<blockquote cite="mid:1425936805454.63030@vuw.ac.nz" type="cite">
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<pre class="pcmTextBlock browserNotIE ng-binding">
[error] RuntimeError: Failed to start replication
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Failed to start replication
[<a moz-do-not-send="true" target="_blank" href="mailto:root@vuwunicoipam004">root@vuwunicoipam004</a> ipa-certs]#
========
</pre>
<p>No firewalls are active and the network is a simple vyos
virtual router.</p>
<p><br>
</p>
<p>=====</p>
<pre class="pcmTextBlock browserNotIE ng-binding">[<a moz-do-not-send="true" target="_blank" href="mailto:root@vuwunicoipam002">root@vuwunicoipam002</a> etc]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[<a moz-do-not-send="true" target="_blank" href="mailto:root@vuwunicoipam002">root@vuwunicoipam002</a> etc]#
=====
=====
<pre class="pcmTextBlock browserNotIE ng-binding">Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[<a moz-do-not-send="true" target="_blank" href="mailto:root@vuwunicoipam004">root@vuwunicoipam004</a> ipa-certs]#
=====
</pre>
</pre>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper"
style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:; margin:0">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<p>regards</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family:
"Calibri","sans-serif";"
class="MsoNormal">
Steven </p>
</div>
</div>
</div>
</div>
</div>
<div style="color: rgb(33, 33, 33);">
<div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>