I am giving it a fresh start and I notice similar issues.
1) I wasn't able to use the "--setup-ca" while running the
ipa-replica-install on the replica. It stopped the install after the
ntpd step see below.
Done configuring NTP daemon (ntpd).
A CA is already configured on this system.
This is left over from a previous failed installation. If the CA install
fails early enough we don't log the fact that it was installed so the
uninstall doesn't clean it up.
2) So I tried my install command again without the --setup-ca option. It
went furthur although it completed it show one error see below.
MY COMMAND: --> ipa-replica-install
the skip-conncheck was needed to complete the install. Connections
checks were manually done.
14/31]: configuring lockout plugin
[15/31]: creating indices
[16/31]: enabling referential integrity plugin
[17/31]: configuring ssl for ds instance
ipa : ERROR certmonger failed starting to track certificate:
Command '/usr/bin/ipa-getcert start-tracking -d
/etc/dirsrv/slapd-MYDOMAIN.COM -n Server-Cert -p
/usr/lib64/ipa/certmonger/restart_dirsrv MYDOMAIN.COM' returned non-zero
exit status 1
[18/31]: configuring certmap.conf
[19/31]: configure autobind for root
Without logs there is no way to diagnose. This could leave you in a
situation where the certificate fails to renew in 2 years and IPA
suddenly stops working.
3) The replica installed fine I can access the same database from the
4) I cannot add new clients.
MY COMMAND: --> ipa-client-install --domain=mydomain.com
--server=ldap2.mydomain.com --hostname=test500.mydomain.com -d
ldap.mydomain.com = master
ldap2.mydomain.com = replica
No idea without seeing the logs.
Freeipa-users mailing list