root : DEBUG args=tar xf /tmp/tmpQ_4Prsipa/files.tar -C
/tmp/tmpQ_4Prsipa
root : DEBUG stdout=
root : DEBUG stderr=
creation of replica failed: The network address 2001:db8:abab:2::21 does
not match the DNS lookup 192.168.1.21. Check /etc/hosts and ensure that
2001:db8:abab:2::21 is the IP address for ipa02.ix.test.com
root : DEBUG The network address 2001:db8:abab:2::21 does not match the
DNS lookup 192.168.1.21. Check /etc/hosts and ensure that
2001:db8:abab:2::21 is the IP address for ipa02.ix.test.com
File "/usr/sbin/ipa-ca-install", line 156, in <module>
Are these IPs pointing to the right hostnames?
Sidenote: The "ipa-repl-conncheck --replica=<replica>" script fails when
IPv6 addresses is listed as name server in /etc/resolv.conf, which is
the default configuration of resolv.conf after running
ipa-replica-install on a host with an IPv6 global address.
Port 464 fails when both the master and the replica have IPv6 enabled:
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): FAILED
Kerberos Kpasswd: UDP (464): OK
HTTP Server: port 80 (80): OK
HTTP Server: port 443(https) (443): OK
All ports except 389 fails when the master is IPv6 enabled, but the
replica is only IPv4 enabled.
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): FAILED
Kerberos KDC: TCP (88): FAILED
Kerberos KDC: UDP (88): FAILED
Kerberos Kpasswd: TCP (464): FAILED
Kerberos Kpasswd: UDP (464): FAILED
HTTP Server: port 80 (80): FAILED
HTTP Server: port 443(https) (443): FAILED
Switching to IPv4 only addresses in resolv.conf resolves the issue.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
