[Freeipa-users] ipa-client-install fails on replica because of kinit cannot contact any KDC

Rob Crittenden rcritten at redhat.com
Fri Feb 14 19:40:09 UTC 2014


Shree wrote:
> 1) 7839 TCP is open between the master and replica, do I need 7389 udp
> also?  What about clients and replica?
> I have the following ports opened and tested between master and replica.
> --> 389 (TCP), 636 (TCP), 88 (TCP), 464 (TCP), 80 (TCP), 443 (TCP), 7389
> (TCP)
> and  88 (UDP)  464 (UDP)
> Do I need any more ports opened, I have to work with another team to get
> this done, so it will help having all the information.

No, this list is enough. Still, it can't connect to it. Seeing the 
failure output from the connection check might be useful, or at least 
confirm the same.

> 2)I see you skip the connection check, what was failing? :-- Yes my
> replica install fails unless I user --skip connection check. I have
> tested the connection with the ports mentioned during the install.

I don't know what to say, the logs pretty clearly indicate that it can't 
connect on port 7389.

> 3) In the ipareplica-install log this is reported:
>
> Failed to setup the replication for cloning. :--- Yes but what is the
> solution?

Fix the firewall.

>
> 4) And in the debug log:
>
> :- Also what is the solution for the Java.io error?

Same thing. One failure cascades to another.

rob




More information about the Freeipa-users mailing list