[Freeipa-users] Problem with replication
Louis Francoeur
Louis.Francoeur at esignlive.com
Fri Aug 12 14:10:18 UTC 2016
Since the rpm update to ipa-server-dns-4.2.0-15.0.1.el7.centos.18.x86_64 (running on Centos 7),
most of my replication started to failed with:
last update status: -1 Incremental update has failed and requires administrator actionLDAP error: Can't contact LDAP server
Then setup contains about 10 ipa servers in 5 different locations.
But i went and ran an ipa-replica-conncheck i get this:
# ipa-replica-conncheck --replica server.domain.local
Check connection from master to remote replica 'server.domain.local':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): WARNING
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): WARNING
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.
Connection from master to replica is OK.
I even ran the following without issue:
# kinit -kt /etc/dirsrv/ds.keytab ldap/`hostname`
# klist
# ldapsearch -Y GSSAPI -h `hostname` -b "" -s base
# ldapsearch -Y GSSAPI -h the.other.master.fqdn -b "" -s base
Not really sure what to check for next?
Any hint?
Thanks
Louis Francoeur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/bb59b89d/attachment.htm>
More information about the Freeipa-users
mailing list