[Freeipa-users] error install replication

Dmitri Pal dpal at redhat.com
Sun Feb 8 13:46:36 UTC 2015 

On 02/08/2015 08:35 AM, alireza baghery wrote:
> iptables and firewalls stop
> and on both server execute nslookup ipasrv and nslookup replica
> output successfully
>
Please reply on the list.

Next thing I would check if the SSH command actually makes it from 
replica to master by monitoring SSH logs.
If it does not (which I think the case) then it is still a DNS problem. 
Can you please check that both servers actually resolve each other's 
name to the same IP address?

> On Sun, Feb 8, 2015 at 3:58 PM, Dmitri Pal <dpal at redhat.com 
> <mailto:dpal at redhat.com>> wrote:
>
>     On 02/08/2015 03:10 AM, alireza baghery wrote:
>>     hi
>>     i install ipa on centos 6.5
>>     and want install replica
>>     for purpose i do the following task:
>>        ipa-install-prepare --ip-address (replica) replica....
>>        (replica) namserver ipa
>>        (replica) ipa-replica-install
>>     but in Connetcon Check get ERROR
>>     =======message stdout replica=======
>>     Connection from replica to master is OK.
>>     Start listening on required ports for remote master check
>>     Get credentials to log in to remote master
>>     admin@********* password:
>>
>>     Execute check on remote master
>>
>>     Remote master check failed with following error message(s):
>>
>>     Connection check failed!
>>     Please fix your network settings according to error messages above.
>>     If the check results are not valid it can be skipped with
>>     --skip-conncheck parameter.
>>     =========message log in /var/log/ipa-replication-connection-check
>>     =====================
>>     2015-02-08T07:41:30Z DEBUG args=/usr/bin/kinit admin at IPA*****
>>     2015-02-08T07:41:30Z DEBUG stdout=Password for admin at IPA*****:
>>
>>     2015-02-08T07:41:30Z DEBUG stderr=
>>     2015-02-08T07:41:30Z DEBUG args=/usr/bin/kvno host/ipa********
>>     2015-02-08T07:41:30Z DEBUG stdout=host/ipa*****@IPA******: kvno = 2
>>
>>     2015-02-08T07:41:30Z DEBUG stderr=
>>     2015-02-08T07:41:30Z DEBUG args=/usr/bin/ssh -q -o
>>     StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null
>>     admin at ipa**** /usr/sbin/ipa-replica-conncheck --replica
>>     replica*******
>>     2015-02-08T07:41:30Z DEBUG stdout=
>>     2015-02-08T07:41:30Z DEBUG stderr=
>>     =================================
>>     tnx
>>
>>
>     Check your firewall and DNS settings.
>     One problem can be that replica incorrectly resolves master.
>     Another that FW blocks access from replica to master.
>
>     -- 
>     Thank you,
>     Dmitri Pal
>
>     Sr. Engineering Manager IdM portfolio
>     Red Hat, Inc.
>
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     Go To http://freeipa.org for more info on the project
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150208/5b48af12/attachment.htm>

More information about the Freeipa-users mailing list