[Freeipa-users] Replica creation problem - IPv6?
Dimitris Tsompanidis
dimitris.tsompanidis at comeon.com
Thu Mar 15 13:36:51 UTC 2012
Hi all,
I'm trying to set up a FreeIPA replica on a new Fedora 16 VM.
The process fails when ipa-replica-install starts checking for
connectivity from the master server side towards the new replica.
# ipa-replica-install -N
/var/lib/ipa/replica-info-ldaps01.example.com.gpg
[... lines of output ...]
Execute check on remote master
Remote master check failed with following error message(s):
Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with
--skip-conncheck parameter.
Running the connectivity check on its own from the server gives me the
following output:
Check connection from master to remote replica 'ldaps01.example.com':
Directory Service: Unsecure port (389): FAILED
Directory Service: Secure port (636): FAILED
Kerberos KDC: TCP (88): FAILED
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): FAILED
Kerberos Kpasswd: UDP (464): OK
HTTP Server: Unsecure port (80): FAILED
HTTP Server: Secure port (443): FAILED
Port check failed! Inaccessible port(s): 389, 636, 88, 464, 80, 443
To actually see what's going on, I run 'netstat -tuan' to see what ports
are open while ipa-replica-install waits for me to type my admin
password (just before the remote master check):
[root at ldaps01 ~]# netstat -tuan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign
Address State
tcp 0 0 0.0.0.0:22
0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25
0.0.0.0:* LISTEN
tcp 0 0 192.168.98.10:22
192.168.10.128:12548 ESTABLISHED
tcp 0 48 192.168.98.10:22
192.168.10.128:12597 ESTABLISHED
tcp 0 0 :::80
:::* LISTEN
tcp 0 0 :::464
:::* LISTEN
tcp 0 0 :::88
:::* LISTEN
tcp 0 0 :::443
:::* LISTEN
tcp 0 0 :::636
:::* LISTEN
tcp 0 0 :::389
:::* LISTEN
udp 0 0 192.168.98.10:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp 0 0 :::464 :::*
udp 0 0 :::88 :::*
udp 0 0 :::123 :::*
It seems that the replica procedure automatically binds to IPv6
addresses (although I've disabled IPv6 on eth0 and on loopback, remove
IPv6 entries from /etc/hosts and /etc/resolve.conf).
NTP listens on both ipv4 and ipv6 locahost but that's because I choose
to handle it a separate service on its own.
FreeIPA server is 2.1.4-5 on both ldap (master) and ldaps01 (slave).
Regards,
Dimitris
--
Dimitris Tsompanidis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120315/69e532c7/attachment.htm>
More information about the Freeipa-users
mailing list