Hi, Yes both the same rhel6.2beta.....did a yum -y ipa-replica-conncheck and there is no such package.
regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Rob Crittenden [rcrit...@redhat.com] Sent: Wednesday, 2 November 2011 8:15 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] problem with replica install Steven Jones wrote: > Hi, > > No fix for this? Are both running the same version of IPA? Does ipa-replica-conncheck exist on the master? What this does is on the replica it checks to be sure it can talk to the master. Then it starts listeners on a bunch of ports and tries to log into the master to see if it can talk to them. This second step is what is failing, it doesn't seem to be doing anything on the master at all. rob > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Steven Jones [steven.jo...@vuw.ac.nz] > Sent: Monday, 31 October 2011 1:47 p.m. > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] problem with replica install > > Couple of logs I have found..... > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Steven Jones [steven.jo...@vuw.ac.nz] > Sent: Monday, 31 October 2011 10:03 a.m. > Cc: freeipa-users@redhat.com > Subject: [Freeipa-users] problem with replica install > > Hi, > > I am getting this failure, > > [root@vuwunicoipamt02 ipa]# ipa-replica-install --setup-dns > --forwarder=130.195.85.25 --forwarder=130.195.98.151 --no-reverse > /var/lib/ipa/replica-info-vuwunicoipamt02.unix.vuw.ac.nz.gpg > Directory Manager (existing master) password: > > Run connection check to master > Check connection from replica to remote master > 'vuwunicoipamt01.unix.vuw.ac.nz': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos KDC: UDP (88): OK > Kerberos Kpasswd: TCP (464): OK > Kerberos Kpasswd: UDP (464): OK > HTTP Server: port 80 (80): OK > HTTP Server: port 443(https) (443): OK > > Connection from replica to master is OK. > Start listening on required ports for remote master check > Get credentials to log in to remote master > Password for ad...@unix.vuw.ac.nz: > Execute check on remote master > > Remote master check failed with following error message(s): > > Connection check failed! > Please fix your network settings according to error messages above. > If the check results are not valid it can be skipped with --skip-conncheck > parameter. > > On the first master my firewall ruleset is, > > > ===========8><--------master firewall ruleset-------- > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:464 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 > ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9443 > ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9444 > ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:9445 > ACCEPT tcp -- 130.195.87.247 0.0.0.0/0 tcp dpt:7389 > ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9443 > ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9444 > ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:9445 > ACCEPT tcp -- 130.195.87.248 0.0.0.0/0 tcp dpt:7389 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:88 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:464 > ==========8><------ > > Cant see what else I have missed...... > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Steven Jones [steven.jo...@vuw.ac.nz] > Sent: Monday, 31 October 2011 8:21 a.m. > To: Simo Sorce > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Unique world wide UIDS > > Hi, > > Yeah I kind of wondered after ipv4 being so well known that "we" only went to > 32bit... > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: Simo Sorce [s...@redhat.com] > Sent: Monday, 31 October 2011 3:41 a.m. > To: Steven Jones > Cc: Rob Crittenden; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Unique world wide UIDS > > I would rather lobby the Linux kernel people to give me 128bit IDs > That would solve all problems, as the chance of collision in a carefully > randomly selected 90something bit prefix are basically none. > > Simo. > > On Thu, 2011-10-27 at 20:40 +0000, Steven Jones wrote: >> Yes I can appreciate that, we have done the same thing im '500'... >> >> oops.... >> >> As an educational setup we are looking to federate worldwide, that >> means Shibboleth or similar....a unique UID per academic world wide >> might be worthwhile....there wont be 2billion >> academics...students...well i guess that would one day be a "ipv4" >> problem. >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ________________________________________ >> From: Rob Crittenden [rcrit...@redhat.com] >> Sent: Friday, 28 October 2011 9:34 a.m. >> To: Steven Jones >> Cc: Adam Young; freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] Unique world wide UIDS >> >> Steven Jones wrote: >>> Hi, >>> >>> Well if you understand Peak Oil and that the "green revolution" was >> actually truning fossil fuel into food ie we eat oil....only having >> 2billion UIDs wont be a problem. >>> >>> :/ >> >> Many, many organizations start with the same uid base, 500 or 1000. >> When >> company A buys company B there are tons and tons of uid collisions. If >> each started at a random start point then the chances of collision, >> while not zero, are much lower. >> >> Our goal wasn't to guarantee uniqueness in the universe, just to make >> integration hopefully easier in the future when namespaces are merged. >> >> rob >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > -- > Simo Sorce * Red Hat, Inc * New York > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
