Hi all,

I'm trying to set up a FreeIPA replica on a new Fedora 16 VM.
The process fails when ipa-replica-install starts checking for connectivity from the master server side towards the new replica.


   # ipa-replica-install -N
   /var/lib/ipa/replica-info-ldaps01.example.com.gpg
   [... lines of output ...]
   Execute check on remote master

   Remote master check failed with following error message(s):

   Connection check failed!
   Please fix your network settings according to error messages above.
   If the check results are not valid it can be skipped with
   --skip-conncheck parameter.


Running the connectivity check on its own from the server gives me the following output:

   Check connection from master to remote replica 'ldaps01.example.com':
       Directory Service: Unsecure port (389): FAILED
       Directory Service: Secure port (636): FAILED
       Kerberos KDC: TCP (88): FAILED
       Kerberos KDC: UDP (88): OK
       Kerberos Kpasswd: TCP (464): FAILED
       Kerberos Kpasswd: UDP (464): OK
       HTTP Server: Unsecure port (80): FAILED
       HTTP Server: Secure port (443): FAILED
   Port check failed! Inaccessible port(s): 389, 636, 88, 464, 80, 443


To actually see what's going on, I run 'netstat -tuan' to see what ports are open while ipa-replica-install waits for me to type my admin password (just before the remote master check):

   [root@ldaps01 ~]# netstat -tuan
   Active Internet connections (servers and established)
   Proto Recv-Q Send-Q Local Address               Foreign
   Address             State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.98.10:22 192.168.10.128:12548 ESTABLISHED tcp 0 48 192.168.98.10:22 192.168.10.128:12597 ESTABLISHED tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::464 :::* LISTEN tcp 0 0 :::88 :::* LISTEN tcp 0 0 :::443 :::* LISTEN tcp 0 0 :::636 :::* LISTEN tcp 0 0 :::389 :::* LISTEN
   udp        0      0 192.168.98.10:123           0.0.0.0:*
   udp        0      0 127.0.0.1:123               0.0.0.0:*
   udp        0      0 0.0.0.0:123                 0.0.0.0:*
   udp        0      0 :::464                      :::*
   udp        0      0 :::88                       :::*
   udp        0      0 :::123                      :::*

It seems that the replica procedure automatically binds to IPv6 addresses (although I've disabled IPv6 on eth0 and on loopback, remove IPv6 entries from /etc/hosts and /etc/resolve.conf).

NTP listens on both ipv4 and ipv6 locahost but that's because I choose to handle it a separate service on its own.

FreeIPA server is 2.1.4-5 on both ldap (master) and ldaps01 (slave).

Regards,
Dimitris

--
Dimitris Tsompanidis

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to