Janelle, this may not be that useful but I found it worthwhile to resort to…
–skip-conncheck When setting up the replica – pretty much for the same reason. Craig White System Administrator O 623-201-8179 M 602-377-9752 [cid:[email protected]] SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032 From: [email protected] [mailto:[email protected]] On Behalf Of Janelle Sent: Monday, November 17, 2014 7:43 AM To: [email protected] Subject: [Freeipa-users] strange replica creation problem Happy Monday everyone, I have a strange issue I am seeing with replica creations, but it does not seem to be consistent. Sometimes, when trying to install the replica I get errors trying to connect to the master via SSH: [root@ipa3 ~]# ipa-replica-install /var/lib/ipa/replica-info-ipa3.xyzzy.com.gpg Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'ipa2.xyzzy.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master [email protected]<mailto:[email protected]> password: Check SSH connection to remote master [email protected]<mailto:[email protected]>'s password: [email protected]<mailto:[email protected]>'s password: Could not SSH into remote host. Error output: OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 51: Applying options for * ssh via root and all the hosts - using keys - works just fine. I don't understand why this is happening on some hosts and not others. Any ideas? ~J
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
