because Im trying to clean out the old "memory" of the ex-replica first...I have to do that before I can re-add it for some reason.
All I have is the manual so Im doing my best to repair a system that seems unstable....so I was advised to make a new replica key as the original one used to initially make a replication agreement was no good. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Rob Crittenden [rcrit...@redhat.com] Sent: Thursday, 14 June 2012 10:08 a.m. To: Steven Jones Cc: firstname.lastname@example.org Subject: Re: [Freeipa-users] Replication problems with having more than one replica? Steven Jones wrote: > steps > > ============== > 1) Fresh replica key > 2) attempt to join with the ipa-manage-replica key command this fails > 3) Check the 2nd servers dirsrv is running (service dirsrv status), if not > start it with service dirsrv start > 4) run ipa-replica-manage force-sync -from ipa1 on ipa2 > 5) Check the 2nd servers dirsrv is still running > 6) On Ipa1 (the master) run ipa-replica-manage del ipam002 > 7) run ipa-server-install --uninstall on ipam002 > 8) run ipa-server-install and this seems to succeed I still don't understand. What is step #1? You add a new replica by doign an ipa-replica-prepare and ipa-replica-instal. Is that what you mean? I don't understand why ipa-replica-manage would come into play when adding a new replica. > > So far 1 to 2 and 2 to 1 replication is running HOWEVER replication on 2 to 3 > does NOT work.....1 to 3 does and 3 to 1 does. I tried running > ipa-replica-manage force-sync --from ipam1 but this wont sync, yet it used > to..... > ============== > > So when adding 2 back in replication 1 to 3 breaks.....so I tried removing 3 > and re-adding and that failed.....I get a GSSAPI error.... If you delete a replica you need to restart the dirsrv service on any masters it was connected to. 389-ds caches the GSSAPI credentials and re-installing a replica will generate new ones which won't get picked up until a restart. rob _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users