[Freeipa-users] Replica without CA: implications?
Martin Kosek
mkosek at redhat.com
Wed Jun 8 08:23:09 UTC 2016
On 06/07/2016 04:10 PM, Cal Sawyer wrote:
...
> I found that installing a replica with firewalld enabled would consistently fail
> during initial replication. Disabling firewalld always allowed replication and
> later stages to complete
>
> [24/38]: setting up initial replication
> Starting replication, please wait until this has completed.
>
> [ipa.localdomain.local] reports: Update failed! Status: [-1 - LDAP error:
> Can't contact LDAP server]
This is strange. ipa-replica-install should have run the conncheck to exactly
prevent issues like this. Did you by any chance run ipa-replica-install with
--skip-conncheck option?
> The first master and all replicas are all CentOS Linux release 7.2.1511 (Core)
> with ipa-server-4.2.0-15.0.1.el7
>
>
> One other thing. if, during ipa-replica-install,+ you choose the default answer
> to the following:
>
> Existing BIND configuration detected, overwrite? [no]:
> ipa.ipapython.install.cli.install_tool(Replica): ERROR Aborting installation.
>
> Not sure if that is intended? Which BIND configuration is being detected?
This should be only trigged if you install replica with DNS (--setup-dns)
> Anyhow, up and running with 4 replicas, 2 of which will be split off to a
> failover instance of ESXi in the future. When it works, it's a joy
>
> Now back to getting these Mac clients to play nicely with IPA ...
>
> thanks for the help and advice
Thanks for sharing the results.
Martin
More information about the Freeipa-users
mailing list