root : DEBUG args=tar xf /tmp/tmpQ_4Prsipa/files.tar -C /tmp/tmpQ_4Prsipa
root : DEBUG stdout=
root : DEBUG stderr=
creation of replica failed: The network address 2001:db8:abab:2::21 does
not match the DNS lookup 192.168.1.21. Check /etc/hosts and ensure that
2001:db8:abab:2::21 is the IP address for ipa02.ix.test.com
root : DEBUG The network address 2001:db8:abab:2::21 does not match the
DNS lookup 192.168.1.21. Check /etc/hosts and ensure that
2001:db8:abab:2::21 is the IP address for ipa02.ix.test.com
File "/usr/sbin/ipa-ca-install", line 156, in <module>


Are these IPs pointing to the right hostnames?


Sidenote: The "ipa-repl-conncheck --replica=<replica>" script fails when IPv6 addresses is listed as name server in /etc/resolv.conf, which is the default configuration of resolv.conf after running ipa-replica-install on a host with an IPv6 global address.

Port 464 fails when both the master and the replica have IPv6 enabled:

  Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): OK
   Kerberos Kpasswd: TCP (464): FAILED
   Kerberos Kpasswd: UDP (464): OK
   HTTP Server: port 80 (80): OK
   HTTP Server: port 443(https) (443): OK

All ports except 389 fails when the master is IPv6 enabled, but the replica is only IPv4 enabled.

   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): FAILED
   Kerberos KDC: TCP (88): FAILED
   Kerberos KDC: UDP (88): FAILED
   Kerberos Kpasswd: TCP (464): FAILED
   Kerberos Kpasswd: UDP (464): FAILED
   HTTP Server: port 80 (80): FAILED
   HTTP Server: port 443(https) (443): FAILED

Switching to IPv4 only addresses in resolv.conf resolves the issue.


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to