[Freeipa-users] freeipa replication

John Robert Mendoza jrobertm8 at yahoo.com
Tue Dec 15 10:13:17 UTC 2009 

I did this to install the master server. Before even making a replica.

John Robert Mendoza

--- On Tue, 12/15/09, John Robert Mendoza <jrobertm8 at yahoo.com> wrote:

From: John Robert Mendoza <jrobertm8 at yahoo.com>
Subject: Re: [Freeipa-users] freeipa replication
To: "Rob Crittenden" <rcritten at redhat.com>
Cc: freeipa-users at redhat.com
Date: Tuesday, 15 December, 2009, 5:55 PM

Hi Rob,

Just to let you know, I tried to again reproduce the installation. I did a clean install of Fedora 11 on a machine and updated it using yum. Then I tried to install FreeIPA on it. But strangely I had a harder time doing it.  It again outputs an error complaing about not being able to contact itself. 

here is the ipaserver-install log

2009-12-15 20:19:51,187 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2009-12-15 20:19:51,196 CRITICAL Could not connect to the Directory Server on id.example.net
2009-12-15 20:19:51,204 DEBUG {'desc': "Can't contact LDAP server"}
  File "/usr/sbin/ipa-server-install", line 609, in <module>
    sys.exit(main())

  File "/usr/sbin/ipa-server-install", line 509, in main
    krb.create_instance(ds_user,
 realm_name, host_name, domain_name, dm_password, master_password)

  File "/usr/lib/python2.6/site-packages/ipaserver/krbinstance.py", line 135, in create_instance
    self.__common_setup(ds_user, realm_name, host_name, domain_name, admin_password)

  File "/usr/lib/python2.6/site-packages/ipaserver/krbinstance.py", line 119, in __common_setup
    raise e

TIA.

John Robert Mendoza

--- On Sat, 12/12/09, Rob Crittenden <rcritten at redhat.com> wrote:

From: Rob Crittenden <rcritten at redhat.com>
Subject: Re: [Freeipa-users] freeipa replication
To: "John Robert Mendoza" <jrobertm8 at yahoo.com>
Cc: freeipa-users at redhat.com
Date: Saturday, 12 December, 2009, 2:50 AM

John Robert Mendoza wrote:
> Rob,
>
 
> I'm using freeipa 1.2.2 on a fedora 11 machine. I have successfully configured it for authentication for our services but the lack of replication makes it vulnerable for unavailability and downtime. 
> It's complaining about the replica server not being able to contact the ldap server.
> 
> This can be reproduced by:
> 
> 1. Clean install fedora 11
> 2. Install the ipa packages
> 3. Clean install fedora 11 on a "replica" server
> 4. Install the ipa packages
> 5. ipa-replica-prepare on the freeipa server
> 6. ipa-replica-install on the replica
> 
> note: both machines have DNS records.
> 
> TIA
> 

Ok, strange. On the replica server can you do something like:

% ldapsearch -x -h ipa.example.com -p 389 -b "dc=example,dc=com" uid=admin

That will confirm that the ports are available.

Can you provide the
 ipareplica-install.log?

rob


        Surf faster. 
 Internet Explorer 8 optmized for Yahoo! auto launches 2 of your favorite pages everytime you open your browser.Get IE8 here! (It's free)


      "Try the new FASTER Yahoo! Mail. Experience it today at http://ph.mail.yahoo.com"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20091215/7370a574/attachment.htm>

More information about the Freeipa-users mailing list