[Freeipa-users] trouble creating a replica in the cloud

Dmitri Pal dpal at redhat.com
Wed Feb 12 18:10:51 UTC 2014 

On 02/11/2014 05:02 PM, Todd Maugh wrote:
> Hey Guys,
>
> So I have my master and replica up in my datacenter.
>
> I have a client, I have a winsync agreement, I have a password sync.
>
> It's working lovely.
>
> So Now I have spun up an AWS instance of redh hat 6.5  (same as my 
> master and first replica)
>
> I run the ipa replica and it fails
>
>
> ipa-replica-install --setup-ca --setup-dns --no-forwarders 
> /var/lib/ipa/replica-info-se-idm-03.boingo.com.gpg
> Directory Manager (existing master) password:
>
> Run connection check to master
> Check connection from replica to remote master 'se-idm-01.boingo.com':
>    Directory Service: Unsecure port (389): OK
>    Directory Service: Secure port (636): OK
>    Kerberos KDC: TCP (88): OK
>    Kerberos Kpasswd: TCP (464): OK
>    HTTP Server: Unsecure port (80): OK
>    HTTP Server: Secure port (443): OK
>    PKI-CA: Directory Service port (7389): OK
>
> The following list of ports use UDP protocol and would need to be
> checked manually:
>    Kerberos KDC: UDP (88): SKIPPED
>    Kerberos Kpasswd: UDP (464): SKIPPED
>
> Connection from replica to master is OK.
> Start listening on required ports for remote master check
> Get credentials to log in to remote master
> admin at BOINGO.COM password:
>
> Execute check on remote master
> Check connection from master to remote replica 'se-idm-03.boingo.com':
>    Directory Service: Unsecure port (389): OK
>    Directory Service: Secure port (636): OK
>    Kerberos KDC: TCP (88): OK
>    Kerberos KDC: UDP (88): OK
>    Kerberos Kpasswd: TCP (464): OK
>    Kerberos Kpasswd: UDP (464): OK
>    HTTP Server: Unsecure port (80): OK
>    HTTP Server: Secure port (443): OK
>    PKI-CA: Directory Service port (7389): OK
>
> Connection from master to replica is OK.
>
> Connection check OK
> Configuring NTP daemon (ntpd)
>   [1/4]: stopping ntpd
>   [2/4]: writing configuration
>   [3/4]: configuring ntpd to start on boot
>   [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server for the CA (pkids): Estimated time 30 seconds
>   [1/3]: creating directory server user
>   [2/3]: creating directory server instance
> ipa         : CRITICAL failed to create ds instance Command 
> '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpo9ROF3' 
> returned non-zero exit status 1
>   [3/3]: restarting directory server
> ipa         : CRITICAL Failed to restart the directory server. See the 
> installation log for details.
> Done configuring directory server for the CA (pkids).
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> Can't contact LDAP server
>
>
> I check the log file and this is what I get
>
> 2014-02-11T19:55:48Z DEBUG calling setup-ds.pl
> 2014-02-11T19:57:53Z DEBUG args=/usr/sbin/setup-ds.pl --silent 
> --logfile - -f /tmp/tmpo9ROF3
> 2014-02-11T19:57:53Z DEBUG stdout=[11/Feb/2014:14:57:53 -0500] 
> createprlistensockets - PR_Bind() on All Interfaces port 7389 failed: 
> Netscape Portable Runtime error -5966 (Access Denied.)
> [11/Feb/2014:14:57:53 -0500] createprlistensockets - PR_Bind() on All 
> Interfaces port 7389 failed: Netscape Portable Runtime error -5966 
> (Access Denied.)
> [14/02/11:14:57:53] - [Setup] Info Could not start the directory 
> server using command '/usr/lib64/dirsrv/slapd-PKI-IPA/start-slapd'.  
> The last line from the error log was '[11/Feb/2014:14:57:53 -0500] create
> prlistensockets - PR_Bind() on All Interfaces port 7389 failed: 
> Netscape Portable Runtime error -5966 (Access Denied.)
> '.  Error: Unknown error 256
> Could not start the directory server using command 
> '/usr/lib64/dirsrv/slapd-PKI-IPA/start-slapd'.  The last line from the 
> error log was '[11/Feb/2014:14:57:53 -0500] createprlistensockets - 
> PR_Bind() on All
> Interfaces port 7389 failed: Netscape Portable Runtime error -5966 
> (Access Denied.)
> '.  Error: Unknown error 256
> [14/02/11:14:57:53] - [Setup] Fatal Error: Could not create directory 
> server instance 'PKI-IPA'.
> Error: Could not create directory server instance 'PKI-IPA'.
> [14/02/11:14:57:53] - [Setup] Fatal Exiting . . .
> Log file is '-'
>
> Exiting . . .
> Log file is '-'
>
>
>
>
> Please help
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Bind failed. This usually happens when the system has an identity crisis 
and tries to bind to the interface that is not there.


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140212/7f29f2fd/attachment.htm>

More information about the Freeipa-users mailing list