Hi Markus, On Mon, Feb 19, 2024 at 9:07 AM Markus Rexhepi-Lindberg via FreeIPA-users < [email protected]> wrote:
> Hi Florence, > > Thanks for looking into this I appreciate it very much! > > > ``` > master# ldapsearch -xLLL -o ldif-wrap=no -D "cn=directory manager" -W -s > sub -b cn=config objectclass=nsds5replicationagreement dn > Enter LDAP Password: > dn: > cn=meTose-rhidm03x.se.example.com,cn=replica,cn=dc\3Dlnx\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping > tree,cn=config > > dn: > cn=meTousidc1-rhidm01x.idc1.us.example.com,cn=replica,cn=dc\3Dlnx\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping > tree,cn=config > > dn: > cn=se-rhidm02x.se.example.com-to-se-rhidm01x.se.example.com,cn=replica,cn=dc\3Dlnx\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping > tree,cn=config > > dn: > cn=se-rhidm02x.se.example.com-to-se-rhidm04x.se.example.com,cn=replica,cn=dc\3Dlnx\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping > tree,cn=config > > dn: cn=caTose-rhidm03x.se.example.com,cn=replica,cn=o\3Dipaca,cn=mapping > tree,cn=config > > dn: > cn=se-rhidm02x.se.example.com-to-se-rhidm01x.se.example.com,cn=replica,cn=o\3Dipaca,cn=mapping > tree,cn=config > > dn: > cn=se-rhidm02x.se.example.com-to-se-rhidm04x.se.example.com,cn=replica,cn=o\3Dipaca,cn=mapping > tree,cn=config > ``` > > On the master "meTousidc1-rhidm01x.idc1.us.example.com" is there after > running ipa-replica install <...> from the replica. This has been found > after all my install attempts and I have been removing that entry using. > > ``` > master# ldapmodify -x -D "cn=directory manager" -W <<EOF > dn: > cn=meTousidc1-rhidm01x.idc1.us.example.com,cn=replica,cn=dc\3Dlnx\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping > tree,cn=config > changetype: delete > EOF > ``` > > I tried a clean install as per your suggestion but it fails in the same > way. Worth to note that `ipa server-del <replica fqdn>` was not > possible since I could not find the replica using `ipa server-find`. > Maybe that indicates an issue? > > When running the `ipa-replica-install <...>` command I get the > following error and warning. > > ``` > Could not resolve hostname se-rhidm03x.se.example.com using DNS. Clients > may not function properly. Please check your DNS setup. (Note that this > check queries IPA DNS directly and ignores /etc/hosts.) > Continue? [no]: yes > ... > WARNING: 2 existing users or groups do not have a SID identifier assigned. > Installer can run a task to have ipa-sidgen Directory Server plugin > generate > the SID identifier for all these users. Please note, in case of a high > number of users and groups, the operation might lead to high replication > traffic and performance degradation. Refer to ipa-adtrust-install(1) man > page > for details. > > Do you want to run the ipa-sidgen task? [no]: no > ``` > > What I do to install the replica is first manually installing it as a > client, adding it to the ipaservers hostgroup and then running the > `ipa-replica-install <...>` command. > > ``` > replica# ipa-client-install --domain lnx.example.com --force-join > --mkhomedir --no-ntp --principal idmsrvjoin --realm LNX.EXAMPLE.COM > > master# ipa hostgroup-add-member ipaservers --hosts > usidc1-rhidm01x.idc1.us.example.com > > replica# ipa-replica-install --verbose --setup-dns --forwarder 10.0.2.200 > --forwarder 10.0.2.201 --forwarder 10.0.2.202 --setup-ca > ``` > > I tried sending an e-mail with the following files in a tar ball, but > it seems to not have been accepted due to the its large size. I have > published them on my own website instead, hope that works. > > master ds389 access: > https://www.rexhepi-lindberg.com/iparepl/master/access > master ds389 errors: > https://www.rexhepi-lindberg.com/iparepl/master/errors > replica ds389 access: > https://www.rexhepi-lindberg.com/iparepl/replica/access > replica ds389 errors: > https://www.rexhepi-lindberg.com/iparepl/replica/errors > replica-install.log > <https://www.rexhepi-lindberg.com/iparepl/replica/errorsreplica-install.log>: > https://www.rexhepi-lindberg.com/iparepl/replica/ipareplica-install.log > > Can you check your DNS configuration? From the logs on the master ( se-rhidm03x.se.example.com), it seems the master is listening on IP address 10.0.13.*145*, but the replica is resolving the master as 10.0.13.*146*. Maybe you have a conflicting entry in /etc/hosts on the replica. flo -- > Markus > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
