Janelle, this may not be that useful but I found it worthwhile to resort to…


When setting up the replica – pretty much for the same reason.

Craig White
System Administrator
O 623-201-8179   M 602-377-9752


SkyTouch Technology     4225 E. Windrose Dr.     Phoenix, AZ 85032

From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Janelle
Sent: Monday, November 17, 2014 7:43 AM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] strange replica creation problem

Happy Monday everyone,

I have a strange issue I am seeing with replica creations, but it does not seem 
to be consistent.  Sometimes, when trying to install the replica I get errors 
trying to connect to the master via SSH:

[root@ipa3 ~]# ipa-replica-install /var/lib/ipa/replica-info-ipa3.xyzzy.com.gpg
Directory Manager (existing master) password:

Run connection check to master
Check connection from replica to remote master 'ipa2.xyzzy.com':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
ad...@xyzzy.com<mailto:ad...@xyzzy.com> password:

Check SSH connection to remote master
ad...@ipa2.xyzzy.com<mailto:ad...@ipa2.xyzzy.com>'s password:
ad...@ipa2.xyzzy.com<mailto:ad...@ipa2.xyzzy.com>'s password:
Could not SSH into remote host. Error output:
    OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 51: Applying options for *

ssh via root and all the hosts - using keys - works just fine. I don't 
understand why this is happening on some hosts and not others.

Any ideas?
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to