After some trial and error I was finally able to get a new replica + CA 
(RHEL7.4 and ipa-server 4.5) added to our existing mixed (RHEL 6 and ipa server 
3.0 - 4.x) and the ipa-replica-install command completed successfully but now 
when I run the ipa-manage-replica -v list <host> command I see this:

# ipa-replica-manage -v list ipa5.domain.tld
Directory Manager password:

ipa1.domain.tld: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (3) Replication error acquiring replica: Unable to 
acquire replica: permission denied. The bind dn does not have permission to 
supply replication updates to the replica. Will retry later. (permission denied)
  last update ended: 1970-01-01 00:00:00+00:00

I ran the ipa-replica-manage re-initialize and it runs successfully and the 
above permission denied error goes away but the host can not be connected to 
any other replicas, it no longer sees itself as a replica or csreplica.  I 
assume this is due to the re-init.   I'm leery of trying to force it to try and 
join and potentially cause more issues.   I would appreciate any helpful 
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to