lejeczek via FreeIPA-users wrote:
> 
> 
> On 11/01/18 17:12, Florence Blanc-Renaud wrote:
>> I must admit that I'm getting lost among all the errors... Can you
>> summarize your topology (for instance server A installed as first IPA
>> master, then server B successfully configured as a replica, then
>> server C where I tried to run ipa-replica-install but the command
>> failed).
>>
>> This way we'll be able to sort out the various issues.
>>
>> Thanks,
>> Flo 
> 
> Ok, dirsrv errors just in case,
> all the server logged during replica failed installation:
> 
> $ tailf /var/log/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/errors
> [11/Jan/2018:18:01:51.302445627 +0000] - ERR - NSMMReplicationPlugin -
> bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x"
> (dzien:389) - Replication bind with GSSAPI auth failed: LDAP error 49
> (Invalid credentials) ()
> [11/Jan/2018:18:01:51.366234558 +0000] - INFO - NSMMReplicationPlugin -
> bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x"
> (dzien:389): Replication bind with GSSAPI auth resumed
> [11/Jan/2018:18:01:52.914160480 +0000] - INFO - NSMMReplicationPlugin -
> repl5_tot_run - Beginning total update of replica
> "agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)".
> [11/Jan/2018:18:01:57.349282726 +0000] - INFO - NSMMReplicationPlugin -
> repl5_tot_run - Finished total update of replica
> "agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)". Sent 554
> entries.
> [11/Jan/2018:18:02:02.381314331 +0000] - WARN - NSMMReplicationPlugin -
> acquire_replica - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x"
> (dzien:389): Unable to receive the response for a startReplication
> extended operation to consumer (Can't contact LDAP server). Will retry
> later.
> [11/Jan/2018:18:02:05.449923136 +0000] - INFO - NSMMReplicationPlugin -
> bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x"
> (dzien:389): Replication bind with GSSAPI auth resumed

Are you absolutely sure the network ports are open in both directions?

You aren't using the --skip-conncheck argument are you?

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to