Still unable to start bind :- [root@ipa2 ~]# ipa-replica-conncheck --replica ipa1.xyz.dmz Check connection from master to remote replica 'ipa1.xyz.dmz': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): WARNING Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): WARNING HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following UDP ports could not be verified as open: 88, 464 This can happen if they are already bound to an application and ipa-replica-conncheck cannot attach own UDP responder.
Connection from master to replica is OK. [root@ipa2 ~]# ipactl status Directory Service: RUNNING KDC Service: RUNNING KPASSWD Service: RUNNING DNS Service: STOPPED MEMCACHE Service: STOPPED HTTP Service: RUNNING CA Service: STOPPED [root@ipa2 ~]# /etc/init.d/named restart Stopping named: [ OK ] Starting named: [FAILED] LOG:== Feb 5 23:53:34 ipa2 named[22084]: sizing zone task pool based on 6 zones Feb 5 23:53:34 ipa2 named[22084]: set up managed keys zone for view _default, file 'dynamic/managed-keys.bind' Feb 5 23:53:34 ipa2 named[22084]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Mutual authentication failed) Feb 5 23:53:34 ipa2 named[22084]: bind to LDAP server failed: Local error Feb 5 23:53:34 ipa2 named[22084]: loading configuration: failure Feb 5 23:53:34 ipa2 named[22084]: exiting (due to fatal error) Feb 5 23:53:35 ipa2 sssd_be: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Mutual authentication failed) --------------------------------------------------------------------------------------------------------- [root@ipa1 ~]# ipa-replica-conncheck --replica ipa2.xyz.dmz Check connection from master to remote replica 'ipa2.xyz.dmz': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): WARNING Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): WARNING HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following UDP ports could not be verified as open: 88, 464 This can happen if they are already bound to an application and ipa-replica-conncheck cannot attach own UDP responder. Connection from master to replica is OK. [root@ipa1 ~]# _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users