Rainer Duffner via FreeIPA-users wrote: > > >> Am 22.11.2020 um 22:57 schrieb Rainer Duffner via FreeIPA-users >> <[email protected]>: >> >> Hi, >> >> I’m trying to install FreeIPA on CentOS 8.2 with the ansible-freeipa module. >> >> After a few hiccups, it seems to work now. >> >> I want to run three masters in the end. >> >> Using the cluster-playbook, it looks like (from the Topology-Graph in the >> Web-GUI) that I end up with something like this: >> >> >> 3 < -- > 1 < -- > 2 >> >> Which seems to indicate that 3 does not talk to 2. >> >> From the documentation, it looks like I want/need replication agreements >> between 1+2, 1+3 and 2+3 so that if 1 is down, 2 and 3 can still be updated >> and talk to each other. >> >> > > > > Following up to this, I tried using the command-line: > > On first server: > > [root@ipa-ansible1 ~]# ipa-replica-manage list > Directory Manager password: > > ipa-ansible1.ipa.example.org: master > ipa-ansible3.ipa.example.org: master > ipa-ansible2.ipa.example.org: master > > > [root@ipa-ansible1 ~]# ipa-replica-manage list ipa-ansible1.ipa.example.org > Directory Manager password: > > ipa-ansible2.ipa.example.org: replica > ipa-ansible3.ipa.example.org: replica > > However, on the other servers: > > [root@ipa-ansible2 ~]# ipa-replica-manage list > Directory Manager password: > > Re-run /usr/sbin/ipa-replica-manage with --verbose option to get more > information > Unexpected error: Insufficient access: Invalid credentials Invalid credentials > > > [root@ipa-ansible3 ~]# ipa-replica-manage list > Directory Manager password: > > Re-run /usr/sbin/ipa-replica-manage with --verbose option to get more > information > Unexpected error: Insufficient access: Invalid credentials Invalid credentials > > > > I also cannot view the replication agreements of server2 and 3 from server1 > (same error message). > > > What am I missing here? > > Other than the IPADNARangeCheck warning, I get no problems on server2 and > server3 by ipa-healthcheck.
Did you re-run the commands with --verbose as suggested? rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
