Re: [Freeipa-users] Cannot create replica after previous broken replica install

Sat, 26 May 2012 16:30:46 -0700 

Tomasz 'Zen' Napierała wrote:

Hi,

I'm trying to install replica server that prevously failed to initialize.
Host ldap-s1 - first server
Host ldap-s2 - reinstalled server

After ipa-replica-install on ldap-s2, I got:
Connection check OK
The host ldap-s2.xxx already exists on the master server. Depending on your 
configuration, you may perform the following:

Remove the replication agreement, if any:
     % ipa-replica-manage del ldap-s2.xxx
Remove the host entry:
     % ipa host-del ldap-s2.xxx

So I tried to do that, but:
ipa-replica-manage del ldap-s2.xxx
Unable to delete replica ldap-s2.xxx: {'desc': "Can't contact LDAP server"}

ldap-s1 tried to connect to ldap-s2 but obviously failed.
Then I did:
ipa host-del ldap-s2.xxx
---------------------------------
Deleted host "ldap-s2.xxx"
---------------------------------

I prepared replica faile again, scped it to ldap-s2 and ran ipa-replica-install 
again:
[…]
   [16/29]: configuring ssl for ds instance
   [17/29]: configuring certmap.conf
   [18/29]: configure autobind for root
   [19/29]: configure new location for managed entries
   [20/29]: restarting directory server
   [21/29]: setting up initial replication
Starting replication, please wait until this has completed.
[ldap-s1.xxx] reports: Update failed! Status: [-2  - System error]
creation of replica failed: Failed to start replication

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

During the attempt I got this on ldap-s1
[26/May/2012:19:24:04 +0000] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
[26/May/2012:19:24:07 +0000] slapd_ldap_sasl_interactive_bind - Error: could 
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local 
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
Minor code may provide more information (Server ldap/ldap-s2.xxx@XXX not found 
in Kerberos database)) errno 2 (No such file or directory)

and
[root@ldap-s1 ~]# ipa-replica-manage del ldap-s2.xxx
Unable to delete replica ldap-s2.xxx: {'info': 'SASL(-1): generic failure: 
GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information 
(Server ldap/ldap-s2.xxx@XXX not found in Kerberos database)', 'desc': 'Local 
error'}

Anyone has any ideas how to fix that??

Regards,


ipa-replica-manage del --force ldap-s2.xxx
You'll want to restart the dirsrv service on ldap-s1 before attemping to re-install ldap-s2. 

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to