Rob
I am giving it a fresh start and I notice similar issues.
1) I wasn't able to use the "--setup-ca" while running the ipa-replica-install
on the replica. It stopped the install after the ntpd step see below.
Done configuring NTP daemon (ntpd).
A CA is already configured on this system.
2) So I tried my install command again without the --setup-ca option. It went
furthur although it completed it show one error see below.
MY COMMAND: --> ipa-replica-install
/var/tmp/replica-info-ldap2.mydomain.com.gpg --skip-conncheck
the skip-conncheck was needed to complete the install. Connections checks were
manually done.
14/31]: configuring lockout plugin
[15/31]: creating indices
[16/31]: enabling referential integrity plugin
[17/31]: configuring ssl for ds instance
ipa : ERROR certmonger failed starting to track certificate: Command
'/usr/bin/ipa-getcert start-tracking -d /etc/dirsrv/slapd-MYDOMAIN.COM -n
Server-Cert -p /etc/dirsrv/slapd-MYDOMAIN.COM/pwdfile.txt -C
/usr/lib64/ipa/certmonger/restart_dirsrv MYDOMAIN.COM' returned non-zero exit
status 1
[18/31]: configuring certmap.conf
[19/31]: configure autobind for root
.........................................
3) The replica installed fine I can access the same database from the replica's
website.
4) I cannot add new clients.
MY COMMAND: --> ipa-client-install --domain=mydomain.com
--server=ldap2.mydomain.com --hostname=test500.mydomain.com -d
ldap.mydomain.com = master
ldap2.mydomain.com = replica
Shreeraj
----------------------------------------------------------------------------------------
Change is the only Constant !
On Friday, February 14, 2014 11:40 AM, Rob Crittenden <rcrit...@redhat.com>
wrote:
Shree wrote:
> 1) 7839 TCP is open between the master and replica, do I need 7389 udp
> also? What about clients and replica?
> I have the following ports opened and tested between master and replica.
> --> 389 (TCP), 636 (TCP), 88 (TCP), 464 (TCP), 80 (TCP), 443 (TCP), 7389
> (TCP)
> and 88 (UDP) 464 (UDP)
> Do I need any more ports opened, I have to work with another team to get
> this done, so it will help having all the information.
No, this list is enough. Still, it can't connect to it. Seeing the
failure output from the connection check might be useful, or at least
confirm the same.
> 2)I see you skip the connection check, what was failing? :-- Yes my
> replica install fails unless I user --skip connection check. I have
> tested the connection with the ports mentioned during the install.
I don't know what to say, the logs pretty clearly indicate that it can't
connect on port 7389.
> 3) In the ipareplica-install log this is reported:
>
> Failed to setup the replication for cloning. :--- Yes but what is the
> solution?
Fix the firewall.
>
> 4) And in the debug log:
>
> :- Also what is the solution for the Java.io error?
Same thing. One failure cascades to another.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
