<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 02/11/2014 05:02 PM, Todd Maugh wrote:
<blockquote
cite="mid:6FB698E172A95F49BE009B36D56F53E2270E40@EXCHMB1-ELS.BWINC.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">Hey Guys,<br>
<br>
So I have my master and replica up in my datacenter.<br>
<br>
I have a client, I have a winsync agreement, I have a password
sync.<br>
<br>
It's working lovely.<br>
<br>
So Now I have spun up an AWS instance of redh hat 6.5 (same as
my master and first replica)<br>
<br>
I run the ipa replica and it fails<br>
<br>
<br>
ipa-replica-install --setup-ca --setup-dns --no-forwarders
/var/lib/ipa/replica-info-se-idm-03.boingo.com.gpg
<br>
Directory Manager (existing master) password: <br>
<br>
Run connection check to master<br>
Check connection from replica to remote master
'se-idm-01.boingo.com':<br>
Directory Service: Unsecure port (389): OK<br>
Directory Service: Secure port (636): OK<br>
Kerberos KDC: TCP (88): OK<br>
Kerberos Kpasswd: TCP (464): OK<br>
HTTP Server: Unsecure port (80): OK<br>
HTTP Server: Secure port (443): OK<br>
PKI-CA: Directory Service port (7389): OK<br>
<br>
The following list of ports use UDP protocol and would need to
be<br>
checked manually:<br>
Kerberos KDC: UDP (88): SKIPPED<br>
Kerberos Kpasswd: UDP (464): SKIPPED<br>
<br>
Connection from replica to master is OK.<br>
Start listening on required ports for remote master check<br>
Get credentials to log in to remote master<br>
<a class="moz-txt-link-abbreviated" href="mailto:admin@BOINGO.COM">admin@BOINGO.COM</a> password: <br>
<br>
Execute check on remote master<br>
Check connection from master to remote replica
'se-idm-03.boingo.com':<br>
Directory Service: Unsecure port (389): OK<br>
Directory Service: Secure port (636): OK<br>
Kerberos KDC: TCP (88): OK<br>
Kerberos KDC: UDP (88): OK<br>
Kerberos Kpasswd: TCP (464): OK<br>
Kerberos Kpasswd: UDP (464): OK<br>
HTTP Server: Unsecure port (80): OK<br>
HTTP Server: Secure port (443): OK<br>
PKI-CA: Directory Service port (7389): OK<br>
<br>
Connection from master to replica is OK.<br>
<br>
Connection check OK<br>
Configuring NTP daemon (ntpd)<br>
[1/4]: stopping ntpd<br>
[2/4]: writing configuration<br>
[3/4]: configuring ntpd to start on boot<br>
[4/4]: starting ntpd<br>
Done configuring NTP daemon (ntpd).<br>
Configuring directory server for the CA (pkids): Estimated time
30 seconds<br>
[1/3]: creating directory server user<br>
[2/3]: creating directory server instance<br>
ipa : CRITICAL failed to create ds instance Command
'/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpo9ROF3'
returned non-zero exit status 1<br>
[3/3]: restarting directory server<br>
ipa : CRITICAL Failed to restart the directory server.
See the installation log for details.<br>
Done configuring directory server for the CA (pkids).<br>
<br>
Your system may be partly configured.<br>
Run /usr/sbin/ipa-server-install --uninstall to clean up.<br>
Can't contact LDAP server<br>
<br>
<br>
I check the log file and this is what I get<br>
<br>
2014-02-11T19:55:48Z DEBUG calling setup-ds.pl<br>
2014-02-11T19:57:53Z DEBUG args=/usr/sbin/setup-ds.pl --silent
--logfile - -f /tmp/tmpo9ROF3<br>
2014-02-11T19:57:53Z DEBUG stdout=[11/Feb/2014:14:57:53 -0500]
createprlistensockets - PR_Bind() on All Interfaces port 7389
failed: Netscape Portable Runtime error -5966 (Access Denied.)<br>
[11/Feb/2014:14:57:53 -0500] createprlistensockets - PR_Bind()
on All Interfaces port 7389 failed: Netscape Portable Runtime
error -5966 (Access Denied.)<br>
[14/02/11:14:57:53] - [Setup] Info Could not start the directory
server using command
'/usr/lib64/dirsrv/slapd-PKI-IPA/start-slapd'. The last line
from the error log was '[11/Feb/2014:14:57:53 -0500] create<br>
prlistensockets - PR_Bind() on All Interfaces port 7389 failed:
Netscape Portable Runtime error -5966 (Access Denied.)<br>
'. Error: Unknown error 256<br>
Could not start the directory server using command
'/usr/lib64/dirsrv/slapd-PKI-IPA/start-slapd'. The last line
from the error log was '[11/Feb/2014:14:57:53 -0500]
createprlistensockets - PR_Bind() on All
<br>
Interfaces port 7389 failed: Netscape Portable Runtime error
-5966 (Access Denied.)<br>
'. Error: Unknown error 256<br>
[14/02/11:14:57:53] - [Setup] Fatal Error: Could not create
directory server instance 'PKI-IPA'.<br>
Error: Could not create directory server instance 'PKI-IPA'.<br>
[14/02/11:14:57:53] - [Setup] Fatal Exiting . . .<br>
Log file is '-'<br>
<br>
Exiting . . .<br>
Log file is '-'<br>
<br>
<br>
<br>
<br>
Please help<br>
<br>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
Bind failed. This usually happens when the system has an identity
crisis and tries to bind to the interface that is not there.<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>