[Freeipa-users] Problem with replication

Ludwig Krispenz lkrispen at redhat.com
Fri Aug 12 15:17:59 UTC 2016 

On 08/12/2016 04:10 PM, Louis Francoeur wrote:
>
> Since the rpm update to 
> ipa-server-dns-4.2.0-15.0.1.el7.centos.18.x86_64 (running on Centos 7),
>
>
> most of my replication started to failed with:
>
what do you mean by "most of", if some servers still work and others 
don't is there something different ?
>
>
> last update status: -1 Incremental update has failed and requires 
> administrator actionLDAP error: Can't contact LDAP server
>
what is in the error log of directory server ? Identify one broken 
replication connection and check both supplier and consumer side
>
>
> Then setup contains about 10 ipa servers in 5 different locations.
>
>
> But i went and ran an ipa-replica-conncheck i get this:
>
>
> # ipa-replica-conncheck --replica server.domain.local
> Check connection from master to remote replica 'server.domain.local':
>    Directory Service: Unsecure port (389): OK
>    Directory Service: Secure port (636): OK
>    Kerberos KDC: TCP (88): OK
>    Kerberos KDC: UDP (88): WARNING
>    Kerberos Kpasswd: TCP (464): OK
>    Kerberos Kpasswd: UDP (464): WARNING
>    HTTP Server: Unsecure port (80): OK
>    HTTP Server: Secure port (443): OK
> The following UDP ports could not be verified as open: 88, 464
> This can happen if they are already bound to an application
> and ipa-replica-conncheck cannot attach own UDP responder.
>
> Connection from master to replica is OK.
>
>
>
> I even ran the following without issue:
>
>     # kinit -kt /etc/dirsrv/ds.keytab ldap/`hostname`
>     # klist
>     # ldapsearch -Y GSSAPI -h `hostname` -b "" -s base
>     # ldapsearch -Y GSSAPI -h the.other.master.fqdn -b "" -s base
>
> Not really sure what to check for next?
>
> Any hint?
>
>
> Thanks
>
> Louis Francoeur
>
>
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/75c3192c/attachment.htm>

More information about the Freeipa-users mailing list