Nicholas Cross via FreeIPA-users wrote: > My apologies, it has been a long day trying to debug this. > > pastebin link to debug logs. https://pastebin.com/U1igJWST
Is this log a snippet from ipareplica-install.log or from ipa-replica-conncheck? It looks like the hostname that is being evaluated by conncheck in the call from ipa-replica-install doesn't match the configured host value in /etc/ipa/default.conf (or the system fqdn if that isn't present). rob > > versions replica 4.10.1-6. master 4.10.0-8 > > # replica > [root@ipa011 ~]# rpm -qa | grep ipa | sort > almalinux-logos-ipa-90.5.1-1.1.el9.noarch > ipa-client-4.10.1-6.el9.x86_64 > ipa-client-common-4.10.1-6.el9.noarch > ipa-common-4.10.1-6.el9.noarch > ipa-healthcheck-0.12-1.el9.noarch > ipa-healthcheck-core-0.12-1.el9.noarch > ipa-selinux-4.9.8-7.el9_0.noarch > ipa-server-4.10.1-6.el9.x86_64 > ipa-server-common-4.10.1-6.el9.noarch > ipa-server-dns-4.10.1-6.el9.noarch > libipa_hbac-2.8.2-2.el9.x86_64 > python3-ipaclient-4.10.1-6.el9.noarch > python3-ipalib-4.10.1-6.el9.noarch > python3-ipaserver-4.10.1-6.el9.noarch > python3-libipa_hbac-2.8.2-2.el9.x86_64 > sssd-ipa-2.8.2-2.el9.x86_64 > > #master > [root@ipa010 ~]# rpm -qa | grep ipa | sort > almalinux-logos-ipa-90.5.1-1.1.el9.noarch > ipa-client-4.10.0-8.el9_1.x86_64 > ipa-client-common-4.10.0-8.el9_1.noarch > ipa-common-4.10.0-8.el9_1.noarch > ipa-healthcheck-0.9-9.el9.noarch > ipa-healthcheck-core-0.9-9.el9.noarch > ipa-selinux-4.9.8-7.el9_0.noarch > ipa-server-4.10.0-8.el9_1.x86_64 > ipa-server-common-4.10.0-8.el9_1.noarch > ipa-server-dns-4.10.0-8.el9_1.noarch > libipa_hbac-2.7.3-4.el9_1.3.x86_64 > python3-ipaclient-4.10.0-8.el9_1.noarch > python3-ipalib-4.10.0-8.el9_1.noarch > python3-ipaserver-4.10.0-8.el9_1.noarch > python3-libipa_hbac-2.7.3-4.el9_1.3.x86_64 > sssd-ipa-2.7.3-4.el9_1.3.x86_64 > > Connection check prior to install > > [root@ipa011 ~]# ipa-replica-conncheck --master=ipa010.ad.companyx.fm > --auto-master-check --realm=AD.companyx.FM --principal=cccccccc > Check connection from replica to remote master 'ipa010.ad.companyx.fm': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos Kpasswd: TCP (464): OK > HTTP Server: Unsecure port (80): OK > HTTP Server: Secure port (443): OK > > The following list of ports use UDP protocol and would need to be > checked manually: > Kerberos KDC: UDP (88): SKIPPED > Kerberos Kpasswd: UDP (464): SKIPPED > > Connection from replica to master is OK. > Start listening on required ports for remote master check > Get credentials to log in to remote master > [email protected] password: > > Check RPC connection to remote master > Could not connect to the remote host: 'Env' object has no attribute 'domain' > Retrying using SSH... > Check SSH connection to remote master > Execute check on remote master > Check connection from master to remote replica 'ipa011.ad.companyx.fm': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos KDC: UDP (88): OK > Kerberos Kpasswd: TCP (464): OK > Kerberos Kpasswd: UDP (464): OK > HTTP Server: Unsecure port (80): OK > HTTP Server: Secure port (443): OK > > Connection from master to replica is OK. > > > Any help would be appreciated. > > Nick > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
