[Freeipa-users] error trying to re-setup ipa replica

Dmitri Pal dpal at redhat.com
Wed Oct 1 16:53:01 UTC 2014 

On 10/01/2014 10:20 AM, Shashi Dahal wrote:
> Hi,
>
> This is what I have.
>
> ipa01 - master
> ipa02 - replica
> ipa03 - replica
>
> ipa02 crashed, and re-setup
>
> I used the gpg file from master and trying to re-create the replica:
> ipa-replica-install  ipa02.gpg
>
> gives:
>
> The host ipa02.local.zone already exists on the master server.
> You should remove it before proceeding:
>     % ipa host-del ipa02.local.zone
>
>
> I login to the master server and if I do ipa-replica-manage  list , it 
> shows: ipa02.local.zone: master
> Trying to delete it with ipa host-del ipa02.local.zone  fails saying:
> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted 
> or disabled
>
> ipa-replica-manage del ipa02.local.zone  fails saying:
> 'ipa01.local.zone' has no replication agreement for 'ipa02.local.zone'
>
>
> I searched the mailing list and it was suggested that I should do a 
> ldapsearch and ldapdelete.
>
> here is the search:
>
> ldapsearch -LLL -x -b 
> cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
>
> dn: cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
> objectClass: top
> objectClass: nsContainer
> cn: ipa02.local.zone
>
> dn: cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
> objectClass: nsContainer
> objectClass: ipaConfigObject
> objectClass: top
> ipaConfigString: enabledService
> ipaConfigString: startOrder 10
> cn: KDC
>
> dn: cn=KPASSWD,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=sp
>  il
> objectClass: nsContainer
> objectClass: ipaConfigObject
> objectClass: top
> ipaConfigString: enabledService
> ipaConfigString: startOrder 20
> cn: KPASSWD
>
> dn: cn=MEMCACHE,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=s
>  pil
> objectClass: nsContainer
> objectClass: ipaConfigObject
> objectClass: top
> ipaConfigString: enabledService
> ipaConfigString: startOrder 39
> cn: MEMCACHE
>
> dn: cn=HTTP,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
> objectClass: nsContainer
> objectClass: ipaConfigObject
> objectClass: top
> ipaConfigString: enabledService
> ipaConfigString: startOrder 40
> cn: HTTP
>
> dn: cn=DNS,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
> objectClass: nsContainer
> objectClass: ipaConfigObject
> objectClass: top
> ipaConfigString: enabledService
> ipaConfigString: startOrder 30
> cn: DNS
>
>
> I tried delete, but I get:
>
> ldapdelete -x -D 
> 'cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01'
>
> ldap_bind: Server is unwilling to perform (53)
> additional info: Unauthenticated binds are not allowed
>
> I have located that there is -W
>
> ldapdelete -x -D 
> 'cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01' -W
> it askes for LDAP Password:
>
> Entering the password gives: ldap_bind: Inappropriate authentication (48)
>
>
> Can anyone who faced similar issues help me on how do I fix it ?
>
>
> Cheers,
> Shashi
>
>
>
>
I think you need to use Directory Manager's or admin's DN as a bind DN.
The bind DN above seems wrong.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141001/767747f8/attachment.htm>

More information about the Freeipa-users mailing list