I am attempting to create an IPA replica. I have been stuck at this for about 3-4 months.
This is what I am at: args=['/bin/systemctl', 'restart', 'dirsrv@REALM.service'] Process finished, return code=0 stdout= stderr= Restart of dirsrv@REALM.service complete Created connection context.ldap2_xxxxxxxxxxxxxxxx Fetching nsDS5ReplicaId from master [attempt 1/5] retrieving schema for SchemaCache url=ldap://primary.example.internal:389 conn=<ldap.ldapobject.SimpleLDAPObject object at 0xXXXXXXXXXXXX> Successfully updated nsDS5ReplicaId. Add or update replica config cn=replica,cn=dc\=example\,dc\=internal,cn=mapping tree,cn=config Added replica config cn=replica,cn=dc\=example\,dc\=internal,cn=mapping tree,cn=config update_entry modlist [(2, 'nsslapd-changelogmaxage', [b'30d'])] update_entry modlist [(0, 'nsDS5ReplicaBindDN', [b'cn=ldap/primary.example.internal@REALM.EXAMPLE.INTERNAL,cn=config'])] Fetching nsDS5ReplicaId from master [attempt 1/5] Successfully updated nsDS5ReplicaId. Add or update replica config cn=replica,cn=dc\=example\,dc\=internal,cn=mapping tree,cn=config Added replica config cn=replica,cn=dc\=example\,dc\=internal,cn=mapping tree,cn=config update_entry modlist [(2, 'nsslapd-changelogmaxage', [b'30d'])] Waiting up to 300 seconds for replication (ldap://primary.example.internal:389) cn=meTosecondary.example.internal,cn=replica,cn=dc\=example\,dc\=internal,cn=mapping tree,cn=config (objectclass=*) Entry found [LDAPEntry(ipapython.dn.DN('cn=meTosecondary.example.internal,cn=replica,cn=dc\=example\,dc\=internal,cn=mapping tree,cn=config'), {... 'description': [b'me to secondary.example.internal'], ... 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'], ... 'nsDS5ReplicaLastUpdateStatusJSON': [b'{"state": "green", ... "message": "Error (0) No replication sessions started since server startup"}'], ...})] Waiting up to 300 seconds for replication (ldapi://%2Frun%2Fslapd-REALM.socket) cn=meToprimary.example.internal,cn=replica,cn=dc\=example\,dc\=internal,cn=mapping tree,cn=config (objectclass=*) Entry found [LDAPEntry(ipapython.dn.DN('cn=meToprimary.example.internal,cn=replica,cn=dc\=example\,dc\=internal,cn=mapping tree,cn=config'), {... 'description': [b'me to primary.example.internal'], ... 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'], ... 'nsDS5ReplicaLastUpdateStatusJSON': [b'{"state": "green", ... "message": "Error (0) No replication sessions started since server startup"}'], ...})] Starting replication, please wait until this has completed. Update in progress, 15 seconds elapsed [ldap://primary.example.internal:389] reports: Update failed! Status: [Error (49) - LDAP error: Invalid credentials - no response received] I obviously scrubbed my information and replaced it with placeholders. The main issue that I am getting is: Update failed! Status: [Error (49) - LDAP error: Invalid credentials - no response received] This is what I am doing: ##### STEP1: Create the FreeIPA Master ##### sudo ipa-server-install --setup-dns --no-forwarders --auto-reverse --hostname=$(hostname -f) --domain=$(hostname -d) --realm=$(hostname -d | awk '{print toupper($0)}') --netbios-name=$(hostname -d | awk -F. '{out=""; for(i=NF-1;i>=1;i--) out=out (out?"-":"") toupper($i); print substr(out,1,15)}') ##### STEP2: Add Service Account ##### ipa user-add svc --first=svc --last=svc --cn=svc --displayname='' --initials='' --gecos='' ipa hbacrule-add allow_svc --desc="Allow the service account to access any host from any host" && ipa hbacrule-mod allow_svc --hostcat=all --servicecat=all && ipa hbacrule-add-user allow_svc --users=svc && ipa hbacrule-enable allow_svc ipa hbacrule-add allow_svc --desc="Allow the service account to access any host from any host" && ipa hbacrule-mod allow_svc --hostcat=all --servicecat=all && ipa hbacrule-add-user allow_svc --users=svc && ipa hbacrule-enable allow_svc ##### STEP3: Enroll Client ##### eval $(sudo cat /root/.ipa_enroll_admin | tr -d '\r' | grep -v '^#') && sudo ipa-client-install --principal=${IPA_PRINCIPAL} --password=${IPA_SECRET} --enable-dns-updates --mkhomedir --all-ip-addresses --force-join --unattended && unset IPA_PRINCIPAL && unset IPA_SECRET ##### STEP4: Add Client to Group "ipaservers" ##### ipa hostgroup-add-member ipaservers --hosts="$host"; done ##### STEP5: Promote Replica ##### sudo ipa-replica-install --setup-dns --setup-ca --no-forwarders --verbose --unattended These are the steps DIRECTLY from the documentation on RedHat's website as well as the FreeIPA website. I have not deviated from them. I have not done anything different or special. I am using the commands above in order to simplify as much as I can since I have been installing and configuring these over and over and over again from scratch and after a certain point, I am tired of entering in all the information. If anyone has any advice or assistance. I have dug deep inside the docs and found nothing. I have searched my exact problem on Google and have gotten exactly 2 pages of results and half of them are useless and the other half are at least somewhat relevant but not what I am dealing with. Any advice or assistance would be greatly appreciated. -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
