Ah, I see. I see an issue in this downstream version of IPA which prevents
ipa-replica-install to report correct error.

In your case, the problem will be that either:
1) "cn=Directory Manager"'s password is not correct
2) master cannot be reached with ldapsearch (I wonder why you run
ipa-replica-install with --skip-conncheck)

You can verify both with simple ldapsearch:

# ldapsearch -h fqdn.of.your.ipa.master -W -D "cn=Directory Manager" -x -b ""
-s base

This command will probably fail in your case - possibly because of too strict
firewall settings.

Martin

On 07/23/2013 11:27 PM, Aissa Brahimi wrote:
> Martin
> 
> My setting:
> 
> - CentOS 6.x
> - FreeIPA version: 3.0.0
> 
> 2 server, the master was installed and running as show bellow:
> 
> 
> [abrahimi@ipa01 publish]$ sudo /etc/init.d/ipa status
> Directory Service: RUNNING
> KDC Service: RUNNING
> KPASSWD Service: RUNNING
> DNS Service: RUNNING
> MEMCACHE Service: RUNNING
> HTTP Service: RUNNING
> CA Service: RUNNING
> 
> Let me know
> 
> Regards,
> 
> AB
> 
> 
> On Tue, Jul 23, 2013 at 12:13 AM, Martin Kosek <mko...@redhat.com> wrote:
> 
>> On 07/23/2013 01:31 AM, Aissa Brahimi wrote:
>>> [abrahimi@ipa02 ipa]$ sudo ipa-replica-install --setup-dns
>>> --forwarder=1.1.1.1 --no-reverse replica-info-ipa02.company.com gpg
>>> --skip-conncheck
>>> [sudo] password for abrahimi:
>>> Directory Manager (existing master) password:
>>>
>>>
>>> Your system may be partly configured.
>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>
>>> Unexpected error - see /var/log/ipareplica-install.log for details:
>>> UnboundLocalError: local variable 'replman' referenced before assignment
>>>
>>
>> Hello Aissa,
>>
>> What version of FreeIPA are you running? On which OS?
>>
>> I checked current FreeIPA code in git and it should not be capable of
>> raising
>> this error message so there must have been some changes...
>>
>> Martin
>>
> 
> 
> 

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to