[Freeipa-users] Re: Replica install: LDAP error: Can't contact LDAP server - no response received

Fri, 06 Jan 2023 05:24:33 -0800 


It does work without --force-join, but I still keep having this:

Hostname (freeipa02.francis.local) does not have A/AAAA record.
Failed to update DNS records.
Missing A/AAAA record(s) for host freeipa02.francis.local: 10.120.41.21.
Missing reverse record(s) for address(es): 10.120.41.21.

And when starting replication:


Lookup failed: Preferred host freeipa02.francis.local does not provide 
DNS.
Could not resolve hostname freeipa02.francis.local using DNS. Clients 
may not function properly. Please check your DNS setup. (Note that this 
check queries IPA DNS directly and ignores /etc/hosts.)



Joining is not creating the DNS entries. I got this error even when 
adding DNS records beforehand.


Best,

Francis

On 2023-01-06 14:14, Rafael Jeffman via FreeIPA-users wrote:


On Fri, Jan 6, 2023 at 9:40 AM Francis Augusto Medeiros-Logeay via 
FreeIPA-users <[email protected]> wrote:


Hi,


I am trying to create a replica, but somehow I keep getting this 
error:


[26/39]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 14 seconds elapsed
[ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
(-1) - LDAP error: Can't contact LDAP server - no response received]


I am joining it this way:

sudo ipa-replica-install -w mypass -n ipa.local --server
free02.ipa.local --hostname freeipa02.francis.local  --ntp-pool

ntp.uio.no [1] --force-join --setup-dns --auto-forwarders 
--skip-conncheck


What can I do to investigate it?


I see that the 389 port is reachable from the server on which I want 
to

install a replica.

Any tips would be welcome!


I'd start with /varr/log/ipareplica-install.log on the replica node.

I would also not use --force-join and --skip-conncheck, unless I really
need, as they might mask other issues.

Rafael

It d



Links:
------
[1] http://ntp.uio.no
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue






















					Reply via email to