[Freeipa-users] IPA replica server rebuilding failed with 'Invalid credentials' error.
David Copperfield
cao2dan at yahoo.com
Tue May 8 04:01:18 UTC 2012
Temporarily fixed by myself. -- remove replica ipareplica02 by FORCE again and again on IPA master, until the replica doesn't show up when run 'ipa-replica-manage list'.
Could some one at Redhat IPA project please give a step-by-step how to remove a IPA replica, and how to add it back -- reimage and rebuild --. Thanks.
[root at ipamaster .ssh]# ipa-replica-manage list
ipareplica01.example.com: master
ipareplica02.example.com: master
ipamaster.example.com: master
[root at ipamaster .ssh]#
[root at ipamaster .ssh]# ipa-replica-manage del ipareplica02.example.com --force
Unable to connect to replica ipareplica02.example.com, forcing removal
'ipamaster.example.com' has no replication agreement for 'ipareplica02.example.com'
'ipareplica01.example.com' has no replication agreement for 'ipareplica02.example.com'
[root at ipamaster .ssh]# ipa-replica-manage list
ipareplica01.example.com: master
ipamaster.example.com: master
[root at ipamaster .ssh]#
--David
________________________________
From: David Copperfield <cao2dan at yahoo.com>
To: "freeipa-users at redhat.com" <freeipa-users at redhat.com>; "dpal at redhat.com" <dpal at redhat.com>; E Deon Lackey <dlackey at redhat.com>
Sent: Monday, May 7, 2012 8:41 PM
Subject: Re: IPA replica server rebuilding failed with 'Invalid credentials' error.
Debug output is attached as well.
....
root : DEBUG [21/29]: setting up initial replication
[21/29]: setting up initial replication
root : DEBUG args=/sbin/service dirsrv restart JIGSAW-COM
root : DEBUG stdout=Shutting down dirsrv:
JIGSAW-COM... [ OK ]
Starting dirsrv:
JIGSAW-COM... [ OK ]
root : DEBUG stderr=
Starting replication, please wait until this has completed.
[ipamaster.qe9.jigsaw.com] reports: Update failed! Status: [49 - LDAP error: Invalid credentials]
creation of replica failed: Failed to start replication
root : DEBUG Failed to start replication
File "/usr/sbin/ipa-replica-install", line 482, in <module>
main()
File "/usr/sbin/ipa-replica-install", line 433, in main
ds = install_replica_ds(config)
File "/usr/sbin/ipa-replica-install", line 135, in install_replica_ds
pkcs12_info)
File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 284, in create_replica
self.start_creation("Configuring directory server", 60)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 248, in start_creation
method()
File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py", line 297, in __setup_replica
r_bindpw=self.dm_password)
File "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py", line 694, in setup_replication
raise RuntimeError("Failed to start replication")
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
--Guolin
________________________________
From: David Copperfield <cao2dan at yahoo.com>
To: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Sent: Monday, May 7, 2012 8:38 PM
Subject: IPA replica server rebuilding failed with 'Invalid credentials' error.
I have a IPA replica server with disk problems, and then it is reimaged and rebuild. But when the IPA replica function is rebuilt, it reports the following problem:
[root at ipareplica02 ipa]# ipa-replica-install --no-ntp /var/lib/ipa/replica-info-ipareplica02.example.com.gpg
...
[21/29]: setting up initial replication
Starting replication, please wait until this has completed.
[ipamaster.example.com] reports: Update failed! Status: [49 - LDAP error: Invalid credentials]
...
Before I run the replica rebuilding step on IPA replica, I already run 'ipa-replica-manage disconn ipareplica01.example.com' on IPA master, and delete the host entry for ipareplica02 as well.
Did I missed any steps above? Please help. Thanks.
--David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120507/a70072a3/attachment.htm>
More information about the Freeipa-users
mailing list