[Freeipa-users] IPA Replication not working for User and DNS
Rob Crittenden
rcritten at redhat.com
Fri Oct 30 13:35:17 UTC 2015
Yogesh Sharma wrote:
> Team,
>
> Noticed that user created on IPA Master are not replicating on Replica.
>
> Also, we create a new Zone in Master, However we do not see the same in
> replica server.
You need to figure out why ipa-inf-prd-ng2-01.klikpay.int can't contact
port 389 on ipa-inf-prd-ng2-02.klikpay.int. It may be someone threw up a
firewall without telling you, or someone tweaked the rules on either of
those boxes.
Doing re-init, force-sync, etc is always going to fail if one can't talk
to the other.
rob
>
>
> Below is the information:
>
> From Master:
>
> [root at ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
> ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> Directory Manager password:
>
> ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>:
> replica
> last init status: None
> last init ended: None
> last update status: -1 Unable to acquire replicaLDAP error: Can't
> contact LDAP server
> last update ended: None
> [root at ipa-inf-prd-ng2-01 ~]#
>
>
>
> From Replica:
>
>
> [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
> ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>
> Directory Manager password:
>
> ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>:
> replica
> last init status: None
> last init ended: None
> last update status: 0 Replica acquired successfully: Incremental
> update succeeded
> last update ended: 2015-10-30 10:36:25+00:00
> [root at ipa-inf-prd-ng2-02 ~]#
>
>
> Though it says it is replicated (last update ended), We are not seeing
> new users and the new DNS Zone which we created
>
>
> I also tried force replication, though I can not see the new Changes:
>
> [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
> ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> Directory Manager password:
>
> ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> <http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config schedule to 2358-2359 0 to force synch
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> cn=meToipa-inf-prd-ng2-02.klikpay.int
> <http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config
> [root at ipa-inf-prd-ng2-02 ~]#
>
>
> Once I do re-initialization, it gives "Can't Contact LDAP Server"
>
> [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from
> ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
> Directory Manager password:
>
> ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> <http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config schedule to 2358-2359 0 to force synch
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> cn=meToipa-inf-prd-ng2-02.klikpay.int
> <http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config
>
> [ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>]
> reports: Update failed! Status: [-1 - LDAP error: Can't contact LDAP
> server]
>
>
>
>
> /Best Regards,/
> /__________________________________________
> /
> /Yogesh Sharma
> /
> /Email: yks0000 at gmail.com <mailto:yks0000 at gmail.com> | Web: www.initd.in
> <http://www.initd.in/> /
> /
> /
> /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
>
> <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> <https://twitter.com/checkwithyogesh> <http://google.com/+YogeshSharmaOnGooglePlus>
>
>
More information about the Freeipa-users
mailing list