On 12-03-15 8:36 AM, "Dimitris Tsompanidis"
<dimitris.tsompani...@comeon.com> wrote:
> Hi all,
>
> I'm trying to set up a FreeIPA replica on a new Fedora 16 VM.
> The process fails when ipa-replica-install starts checking for connectivity
> from the master server side towards the new replica.
>
>
> # ipa-replica-install -N /var/lib/ipa/replica-info-ldaps01.example.com.gpg
> [... lines of output ...]
> Execute check on remote master
>
> Remote master check failed with following error message(s):
>
> Connection check failed!
> Please fix your network settings according to error messages above.
> If the check results are not valid it can be skipped with --skip-conncheck
> parameter.
>
>
> Running the connectivity check on its own from the server gives me the
> following output:
>
> Check connection from master to remote replica 'ldaps01.example.com':
> Directory Service: Unsecure port (389): FAILED
> Directory Service: Secure port (636): FAILED
> Kerberos KDC: TCP (88): FAILED
> Kerberos KDC: UDP (88): OK
> Kerberos Kpasswd: TCP (464): FAILED
> Kerberos Kpasswd: UDP (464): OK
> HTTP Server: Unsecure port (80): FAILED
> HTTP Server: Secure port (443): FAILED
> Port check failed! Inaccessible port(s): 389, 636, 88, 464, 80, 443
>
>
> To actually see what's going on, I run 'netstat -tuan' to see what ports are
> open while ipa-replica-install waits for me to type my admin password (just
> before the remote master check):
>
> [root@ldaps01 ~]# netstat -tuan
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> LISTEN
> tcp 0 0 192.168.98.10:22 192.168.10.128:12548
> ESTABLISHED
> tcp 0 48 192.168.98.10:22 192.168.10.128:12597
> ESTABLISHED
> tcp 0 0 :::80 :::*
> LISTEN
> tcp 0 0 :::464 :::*
> LISTEN
> tcp 0 0 :::88 :::*
> LISTEN
> tcp 0 0 :::443 :::*
> LISTEN
> tcp 0 0 :::636 :::*
> LISTEN
> tcp 0 0 :::389 :::*
> LISTEN
> udp 0 0 192.168.98.10:123 0.0.0.0:*
> udp 0 0 127.0.0.1:123 0.0.0.0:*
> udp 0 0 0.0.0.0:123 0.0.0.0:*
> udp 0 0 :::464 :::*
> udp 0 0 :::88 :::*
> udp 0 0 :::123 :::*
>
> It seems that the replica procedure automatically binds to IPv6 addresses
> (although I've disabled IPv6 on eth0 and on loopback, remove IPv6 entries from
> /etc/hosts and /etc/resolve.conf).
>
> NTP listens on both ipv4 and ipv6 locahost but that's because I choose to
> handle it a separate service on its own.
>
> FreeIPA server is 2.1.4-5 on both ldap (master) and ldaps01 (slave).
>
> Regards,
> Dimitris
>
The problem may be your firewall rules. run
sudo /sbin/service iptables status
to see the list of active firewall rules.
Make sure that the list of open ports includes those in this ticket
https://fedorahosted.org/freeipa/ticket/2110
Regards,
Kelvin
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users