On 11/01/18 20:28, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:

On 11/01/18 17:12, Florence Blanc-Renaud wrote:
I must admit that I'm getting lost among all the errors... Can you
summarize your topology (for instance server A installed as first IPA
master, then server B successfully configured as a replica, then
server C where I tried to run ipa-replica-install but the command
failed).

This way we'll be able to sort out the various issues.

Thanks,
Flo
Ok, dirsrv errors just in case,
all the server logged during replica failed installation:

$ tailf /var/log/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/errors
[11/Jan/2018:18:01:51.302445627 +0000] - ERR - NSMMReplicationPlugin -
bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x"
(dzien:389) - Replication bind with GSSAPI auth failed: LDAP error 49
(Invalid credentials) ()
[11/Jan/2018:18:01:51.366234558 +0000] - INFO - NSMMReplicationPlugin -
bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x"
(dzien:389): Replication bind with GSSAPI auth resumed
[11/Jan/2018:18:01:52.914160480 +0000] - INFO - NSMMReplicationPlugin -
repl5_tot_run - Beginning total update of replica
"agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)".
[11/Jan/2018:18:01:57.349282726 +0000] - INFO - NSMMReplicationPlugin -
repl5_tot_run - Finished total update of replica
"agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)". Sent 554
entries.
[11/Jan/2018:18:02:02.381314331 +0000] - WARN - NSMMReplicationPlugin -
acquire_replica - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x"
(dzien:389): Unable to receive the response for a startReplication
extended operation to consumer (Can't contact LDAP server). Will retry
later.
[11/Jan/2018:18:02:05.449923136 +0000] - INFO - NSMMReplicationPlugin -
bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x"
(dzien:389): Replication bind with GSSAPI auth resumed
Are you absolutely sure the network ports are open in both directions?

You aren't using the --skip-conncheck argument are you?

rob


I'm double posting.. beware
Jesus freaking Christ.. (this comes after I produced a whole litany of of bad words in my own language), sorry.
It almost drove me insane! no, really!

all these problems, all these errors, all because of my root's umask 027 Now having replica installed, I'll see how two servers behave in my simple domain.

Guys, make it a very first check in installer code and make that installer fail, and.. push out a new release with that little fix like... yesterday(do not wait till it's properly fixed) You can still save lives! :)
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to