Hi, I am getting this failure,
[root@vuwunicoipamt02 ipa]# ipa-replica-install --setup-dns --forwarder=130.195.85.25 --forwarder=130.195.98.151 --no-reverse /var/lib/ipa/replica-info-vuwunicoipamt02.unix.vuw.ac.nz.gpg Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'vuwunicoipamt01.unix.vuw.ac.nz': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: port 80 (80): OK HTTP Server: port 443(https) (443): OK Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Password for [email protected]: Execute check on remote master Remote master check failed with following error message(s): Connection check failed! Please fix your network settings according to error messages above. If the check results are not valid it can be skipped with --skip-conncheck parameter. On the first master my firewall ruleset is, ===========8><--------master firewall ruleset-------- ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:464 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9443 ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9444 ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9445 ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:7389 ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9443 ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9444 ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9445 ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:7389 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:88 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:464 ==========8><------ Cant see what else I have missed...... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: [email protected] [[email protected]] on behalf of Steven Jones [[email protected]] Sent: Monday, 31 October 2011 8:21 a.m. To: Simo Sorce Cc: [email protected] Subject: Re: [Freeipa-users] Unique world wide UIDS Hi, Yeah I kind of wondered after ipv4 being so well known that "we" only went to 32bit... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Simo Sorce [[email protected]] Sent: Monday, 31 October 2011 3:41 a.m. To: Steven Jones Cc: Rob Crittenden; [email protected] Subject: Re: [Freeipa-users] Unique world wide UIDS I would rather lobby the Linux kernel people to give me 128bit IDs That would solve all problems, as the chance of collision in a carefully randomly selected 90something bit prefix are basically none. Simo. On Thu, 2011-10-27 at 20:40 +0000, Steven Jones wrote: > Yes I can appreciate that, we have done the same thing im '500'... > > oops.... > > As an educational setup we are looking to federate worldwide, that > means Shibboleth or similar....a unique UID per academic world wide > might be worthwhile....there wont be 2billion > academics...students...well i guess that would one day be a "ipv4" > problem. > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: Rob Crittenden [[email protected]] > Sent: Friday, 28 October 2011 9:34 a.m. > To: Steven Jones > Cc: Adam Young; [email protected] > Subject: Re: [Freeipa-users] Unique world wide UIDS > > Steven Jones wrote: > > Hi, > > > > Well if you understand Peak Oil and that the "green revolution" was > actually truning fossil fuel into food ie we eat oil....only having > 2billion UIDs wont be a problem. > > > > :/ > > Many, many organizations start with the same uid base, 500 or 1000. > When > company A buys company B there are tons and tons of uid collisions. If > each started at a random start point then the chances of collision, > while not zero, are much lower. > > Our goal wasn't to guarantee uniqueness in the universe, just to make > integration hopefully easier in the future when namespaces are merged. > > rob > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
