Ricardo Mendes via FreeIPA-users wrote: > Hi Rob, once again thank you for your time and effort following up on this. > > First and regarding the --skip-conncheck the answer is no, I'm not using skip > conncheck. > The process I'm using to add the replica is: > 1. ipa-client-install > 2. on ns1 add ns3 to ipaservers group > 3. ipa-replica-install --setup-ca --setup-dns --forwarder=208.67.222.222 > > (we use OpenDNS as global forwarder with forward only policy) > > Regarding the version error, I investigated a little further to discover that > ns2 was having a replication disagreement with ns1, so I ran `ipa > topologysegment-reinitialize' and fixed that. > > After doing so I restarted the process. I came across the same error. I also > checked the logs for dirsrv again. I'm putting the results on pastebin I > believe it will be easier to read, hope you don't mind. > > from NS3 ipareplica-install: https://pastebin.com/Ymehai80 > from dirsrv logs: https://pastebin.com/PEVraXL4 > > I included the log from all the servers.
It still looks like there are replication issues. I think I'd try the install again with 389-ds plugin-level debugging enabled. This is going to spam your log but it will provide more information on what the DNA plugin is doing. ipa-server-install --<options> --dirsrv-config-file=update.ldif Where update.ldif consists of: dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 65536 The log level comes from https://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#troubleshooting These values are additive so if you want to add replication debugging as well add 8192. I have the feeling that it is getting no remote values at all hence it has no range to apply. But this should confirm it. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
