[Freeipa-users] CentOS 7 replica installation failing
Petr Vobornik
pvoborni at redhat.com
Thu Apr 7 11:11:26 UTC 2016
On 04/07/2016 06:12 AM, John Williams wrote:
> I've setup an initial FreeIPA instance on a CentOS 7 host. The install went
> without a hitch. I can login to the GUI with no problems. However, I am not
> able to install the replica on another CentOS 7 host. I get the following errors:
>
> [root at ipa2 ~]# ipa-replica-install --setup-ca --setup-dns --no-forwarders
> /var/lib/ipa/replica-info-ipa2.nrln.us.gpg --skip-conncheck
It was run with '--skip-conncheck'. Is there a reason? If you remove it,
what does it complain about?
In general, using --skip-conncheck should be avoided because it may hide
errors.
You could also check master server
/var/log/dirsrv/slapd-your-instance/access and errors logs if there is
some connection attempt from the replica visible.
And maybe /var/log/ipareplica-install.log contains more info.
> WARNING: conflicting time&date synchronization service 'chronyd' will
> be disabled in favor of ntpd
>
> Directory Manager (existing master) password:
>
> Existing BIND configuration detected, overwrite? [no]: yes
> Using reverse zone(s) 1.168.192.in-addr.arpa.
> Configuring NTP daemon (ntpd)
> [1/4]: stopping ntpd
> [2/4]: writing configuration
> [3/4]: configuring ntpd to start on boot
> [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server (dirsrv). Estimated time: 1 minute
> [1/38]: creating directory server user
> [2/38]: creating directory server instance
> [3/38]: adding default schema
> [4/38]: enabling memberof plugin
> [5/38]: enabling winsync plugin
> [6/38]: configuring replication version plugin
> [7/38]: enabling IPA enrollment plugin
> [8/38]: enabling ldapi
> [9/38]: configuring uniqueness plugin
> [10/38]: configuring uuid plugin
> [11/38]: configuring modrdn plugin
> [12/38]: configuring DNS plugin
> [13/38]: enabling entryUSN plugin
> [14/38]: configuring lockout plugin
> [15/38]: creating indices
> [16/38]: enabling referential integrity plugin
> [17/38]: configuring ssl for ds instance
> [18/38]: configuring certmap.conf
> [19/38]: configure autobind for root
> [20/38]: configure new location for managed entries
> [21/38]: configure dirsrv ccache
> [22/38]: enable SASL mapping fallback
> [23/38]: restarting directory server
> [24/38]: setting up initial replication
> Starting replication, please wait until this has completed.
>
> [ipa1.nrln.us] reports: Update failed! Status: [-1 - LDAP error: Can't contact
> LDAP server]
>
> [error] RuntimeError: Failed to start replication
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> ipa.ipapython.install.cli.install_tool(Replica): ERROR Failed to start
> replication
>
>
> The error message is misleading. The two hosts sit on the same subnet. All
> firewalls are off. Selinux is disabled. Here is an nmap port scan from the
> replica to the master:
>
>
> [root at ipa2 ~]# nmap ipa1
>
> Starting Nmap 6.40 ( http://nmap.org ) at 2016-04-07 00:12 EDT
> Nmap scan report for ipa1 (192.168.1.38)
> Host is up (0.000086s latency).
> rDNS record for 192.168.1.38: ipa1.nrln.us
> Not shown: 990 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 80/tcp open http
> 88/tcp open kerberos-sec
> 389/tcp open ldap
> 443/tcp open https
> 464/tcp open kpasswd5
> 636/tcp open ldapssl
> 749/tcp open kerberos-adm
> 8080/tcp open http-proxy
> 8443/tcp open https-alt
> MAC Address: 52:54:00:33:34:F0 (QEMU Virtual NIC)
>
> Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
> [root at ipa2 ~]#
>
>
> Why do I get this message?
>
> TIA!!
>
>
>
--
Petr Vobornik
More information about the Freeipa-users
mailing list