[Freeipa-users] problem with replica install
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Nov 1 18:59:32 UTC 2011
Hi,
No fix for this?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Monday, 31 October 2011 1:47 p.m.
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] problem with replica install
Couple of logs I have found.....
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Monday, 31 October 2011 10:03 a.m.
Cc: freeipa-users at redhat.com
Subject: [Freeipa-users] problem with replica install
Hi,
I am getting this failure,
[root at vuwunicoipamt02 ipa]# ipa-replica-install --setup-dns --forwarder=130.195.85.25 --forwarder=130.195.98.151 --no-reverse /var/lib/ipa/replica-info-vuwunicoipamt02.unix.vuw.ac.nz.gpg
Directory Manager (existing master) password:
Run connection check to master
Check connection from replica to remote master 'vuwunicoipamt01.unix.vuw.ac.nz':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): OK
HTTP Server: port 80 (80): OK
HTTP Server: port 443(https) (443): OK
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Password for admin at UNIX.VUW.AC.NZ:
Execute check on remote master
Remote master check failed with following error message(s):
Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
On the first master my firewall ruleset is,
===========8><--------master firewall ruleset--------
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:464
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636
ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9443
ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9444
ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9445
ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:7389
ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9443
ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9444
ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9445
ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:7389
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:88
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:464
==========8><------
Cant see what else I have missed......
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Monday, 31 October 2011 8:21 a.m.
To: Simo Sorce
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Unique world wide UIDS
Hi,
Yeah I kind of wondered after ipv4 being so well known that "we" only went to 32bit...
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Simo Sorce [simo at redhat.com]
Sent: Monday, 31 October 2011 3:41 a.m.
To: Steven Jones
Cc: Rob Crittenden; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Unique world wide UIDS
I would rather lobby the Linux kernel people to give me 128bit IDs
That would solve all problems, as the chance of collision in a carefully
randomly selected 90something bit prefix are basically none.
Simo.
On Thu, 2011-10-27 at 20:40 +0000, Steven Jones wrote:
> Yes I can appreciate that, we have done the same thing im '500'...
>
> oops....
>
> As an educational setup we are looking to federate worldwide, that
> means Shibboleth or similar....a unique UID per academic world wide
> might be worthwhile....there wont be 2billion
> academics...students...well i guess that would one day be a "ipv4"
> problem.
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Friday, 28 October 2011 9:34 a.m.
> To: Steven Jones
> Cc: Adam Young; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Unique world wide UIDS
>
> Steven Jones wrote:
> > Hi,
> >
> > Well if you understand Peak Oil and that the "green revolution" was
> actually truning fossil fuel into food ie we eat oil....only having
> 2billion UIDs wont be a problem.
> >
> > :/
>
> Many, many organizations start with the same uid base, 500 or 1000.
> When
> company A buys company B there are tons and tons of uid collisions. If
> each started at a random start point then the chances of collision,
> while not zero, are much lower.
>
> Our goal wasn't to guarantee uniqueness in the universe, just to make
> integration hopefully easier in the future when namespaces are merged.
>
> rob
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list