[Freeipa-users] ipa replica install fails

Rajnesh Kumar Siwal rajnesh.siwal at gmail.com
Wed Feb 6 04:57:10 UTC 2013 

Still unable to start bind :-

[root at ipa2 ~]# ipa-replica-conncheck --replica ipa1.xyz.dmz
Check connection from master to remote replica 'ipa1.xyz.dmz':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): WARNING
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): WARNING
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.

Connection from master to replica is OK.

[root at ipa2 ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: STOPPED
MEMCACHE Service: STOPPED
HTTP Service: RUNNING
CA Service: STOPPED

[root at ipa2 ~]# /etc/init.d/named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [FAILED]

LOG:==
Feb  5 23:53:34 ipa2 named[22084]: sizing zone task pool based on 6 zones
Feb  5 23:53:34 ipa2 named[22084]: set up managed keys zone for view
_default, file 'dynamic/managed-keys.bind'
Feb  5 23:53:34 ipa2 named[22084]: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (Mutual
authentication failed)
Feb  5 23:53:34 ipa2 named[22084]: bind to LDAP server failed: Local error
Feb  5 23:53:34 ipa2 named[22084]: loading configuration: failure
Feb  5 23:53:34 ipa2 named[22084]: exiting (due to fatal error)
Feb  5 23:53:35 ipa2 sssd_be: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Mutual authentication failed)

---------------------------------------------------------------------------------------------------------
[root at ipa1 ~]# ipa-replica-conncheck --replica ipa2.xyz.dmz
Check connection from master to remote replica 'ipa2.xyz.dmz':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): WARNING
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): WARNING
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.

Connection from master to replica is OK.
[root at ipa1 ~]#

More information about the Freeipa-users mailing list