Hey Guys,

So I have my master and replica up in my datacenter.

I have a client, I have a winsync agreement, I have a password sync.

It's working lovely.

So Now I have spun up an AWS instance of redh hat 6.5  (same as my master and 
first replica)

I run the ipa replica and it fails


ipa-replica-install --setup-ca --setup-dns --no-forwarders 
/var/lib/ipa/replica-info-se-idm-03.boingo.com.gpg
Directory Manager (existing master) password:

Run connection check to master
Check connection from replica to remote master 'se-idm-01.boingo.com':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK
   PKI-CA: Directory Service port (7389): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
ad...@boingo.com password:

Execute check on remote master
Check connection from master to remote replica 'se-idm-03.boingo.com':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK
   PKI-CA: Directory Service port (7389): OK

Connection from master to replica is OK.

Connection check OK
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server for the CA (pkids): Estimated time 30 seconds
  [1/3]: creating directory server user
  [2/3]: creating directory server instance
ipa         : CRITICAL failed to create ds instance Command 
'/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpo9ROF3' returned 
non-zero exit status 1
  [3/3]: restarting directory server
ipa         : CRITICAL Failed to restart the directory server. See the 
installation log for details.
Done configuring directory server for the CA (pkids).

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Can't contact LDAP server


I check the log file and this is what I get

2014-02-11T19:55:48Z DEBUG calling setup-ds.pl
2014-02-11T19:57:53Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f 
/tmp/tmpo9ROF3
2014-02-11T19:57:53Z DEBUG stdout=[11/Feb/2014:14:57:53 -0500] 
createprlistensockets - PR_Bind() on All Interfaces port 7389 failed: Netscape 
Portable Runtime error -5966 (Access Denied.)
[11/Feb/2014:14:57:53 -0500] createprlistensockets - PR_Bind() on All 
Interfaces port 7389 failed: Netscape Portable Runtime error -5966 (Access 
Denied.)
[14/02/11:14:57:53] - [Setup] Info Could not start the directory server using 
command '/usr/lib64/dirsrv/slapd-PKI-IPA/start-slapd'.  The last line from the 
error log was '[11/Feb/2014:14:57:53 -0500] create
prlistensockets - PR_Bind() on All Interfaces port 7389 failed: Netscape 
Portable Runtime error -5966 (Access Denied.)
'.  Error: Unknown error 256
Could not start the directory server using command 
'/usr/lib64/dirsrv/slapd-PKI-IPA/start-slapd'.  The last line from the error 
log was '[11/Feb/2014:14:57:53 -0500] createprlistensockets - PR_Bind() on All
Interfaces port 7389 failed: Netscape Portable Runtime error -5966 (Access 
Denied.)
'.  Error: Unknown error 256
[14/02/11:14:57:53] - [Setup] Fatal Error: Could not create directory server 
instance 'PKI-IPA'.
Error: Could not create directory server instance 'PKI-IPA'.
[14/02/11:14:57:53] - [Setup] Fatal Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'




Please help


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to