[Freeipa-users] Replica Server's ipactl does not control named after reinstallation

Sina Owolabi notify.sina at gmail.com
Sat Jan 10 09:41:20 UTC 2015 

I've run ipa-dns-install after the fact now, and named is setup.
Strange, it used to work without me having to do this manually
(whenever I needed to take down a replica).
However when I ran dnsconfig-mod on the new replica, I get:

 ipa dnsconfig-mod
ipa: ERROR: cert validation failed for
"CN=services01.mydom.com,O=MYDOM.COM" ((SEC_ERROR_UNTRUSTED_ISSUER)
Peer's certificate issuer has been marked as not trusted by the user.)
ipa: ERROR: cert validation failed for
"CN=services.mydom.com,O=MYDOM.COM" ((SEC_ERROR_UNTRUSTED_ISSUER)
Peer's certificate issuer has been marked as not trusted by the user.)
ipa: ERROR: cannot connect to Gettext('any of the configured servers',
domain='ipa', localedir=None): https://services01.mydom.com/ipa/xml,
https://services.mydom.com/ipa/xml

On Sat, Jan 10, 2015 at 10:22 AM, Sina Owolabi <notify.sina at gmail.com> wrote:
> I did run it with --setup-dns.
>
> [root at services01 ~]# ipa-replica-install --setup-dns
> --forwarder=8.8.8.8 --forwarder=8.8.4.4
> replica-info-services01.mydom.com.gpg
>
> How can I fix this, please?
>
> On Fri, Jan 9, 2015 at 8:33 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>> Sina Owolabi wrote:
>>> Hi List,
>>>
>>> I've seen this happen on two occasions, now, in two different
>>> environments, one with RHEL6.6 and RHEL 6.3.
>>>
>>> I have issues with a replica sever, I delete the replication
>>> agreement, remove the server from ipa dns, run ipa-server-install
>>> --uninstall -U.
>>> Reboot the server, create new replication settings from the existing
>>> master, and restore the replica.
>>> Running ipactl status, I see:
>>>
>>>  ipactl status
>>> Directory Service: RUNNING
>>> KDC Service: RUNNING
>>> KPASSWD Service: RUNNING
>>> MEMCACHE Service: RUNNING
>>> HTTP Service: RUNNING
>>>
>>> No DNS service listed. Named is not running.
>>>
>>> ipactl restart
>>> Restarting Directory Service
>>> Shutting down dirsrv:
>>>     MYDOM-COM...                                    [  OK  ]
>>> Starting dirsrv:
>>>     MYDOM-COM...                                    [  OK  ]
>>> Restarting KDC Service
>>> Stopping Kerberos 5 KDC:                                   [  OK  ]
>>> Starting Kerberos 5 KDC:                                   [  OK  ]
>>> Restarting KPASSWD Service
>>> Stopping Kerberos 5 Admin Server:                          [  OK  ]
>>> Starting Kerberos 5 Admin Server:                          [  OK  ]
>>> Restarting MEMCACHE Service
>>> Stopping ipa_memcached:                                    [  OK  ]
>>> Starting ipa_memcached:                                    [  OK  ]
>>> Restarting HTTP Service
>>> Stopping httpd:                                            [  OK  ]
>>> Starting httpd:                                            [  OK  ]
>>>
>>> Checking on named:
>>>  service named status
>>> rndc: connect failed: 127.0.0.1#953: connection refused
>>> named is stopped
>>> # service named start
>>> Starting named:                                            [  OK  ]
>>> # service named status
>>> version: 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1
>>> CPUs found: 2
>>> worker threads: 2
>>> number of zones: 19
>>> debug level: 0
>>> xfers running: 0
>>> xfers deferred: 0
>>> soa queries in progress: 0
>>> query logging is OFF
>>> recursive clients: 0/0/1000
>>> tcp clients: 0/100
>>> server is up and running
>>> named (pid  25017) is running...
>>>
>>> But it does not resolve. Please what is happening and how can I fix this?
>>> I don't know what logs to provide, but please let me know what is
>>> necessary and I'll make them available.
>>
>> Bind is an optional service. You can either configure it at the time you
>> install replica using the --setup-dns option or afterward using
>> ipa-dns-install.
>>
>> rob
>>

More information about the Freeipa-users mailing list