I migrated a CentOS 6.6 system with IPA 3.0 to a CentOS 7.0 system with IPA
The workflow was the one to create a replica and then decommission the old
one (that now is with services stopped) with the commands:

on old server:
 ipa-server-install --uninstall

on new server:
 ipa-replica-manage del infra.localdomain.local --force

I notice some things:
- every 5 minutes I get this
in /var/log/dirsrv/slapd-LOCALDOMAIN-LOCAL/errors of new server

[12/Dec/2014:14:29:48 +0100] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)

I don't know if the error is related with the old server or anything else.
And if indeed it is a real error, as it writes Error, but there is
ambiguity in message (errno 0 and Success words). Do I have to care and fix?

- in CentOS 6.6 I had IPA with bind (9.8.2-0.23.rc1.el6_5.1), configured
with plain files:
# ll /var/named/data/*zone
-rw-r--r-- 1 root root 1244 Dec  6 14:35 /var/named/data/forward.zone
-rw-r--r-- 1 root root  912 Dec  6 14:35 /var/named/data/reverse.zone

After migration the bind configuration has been put under IPA with these
lines in named.conf:

dynamic-db "ipa" {
        library "ldap.so";
        arg "uri ldapi://%2fvar%2frun%2fslapd-LOCALDOMAIN-LOCAL.socket";
        arg "base cn=dns, dc=localdomain,dc=local";
        arg "fake_mname c7server.localdomain.local.";
        arg "auth_method sasl";
        arg "sasl_mech GSSAPI";
        arg "sasl_user DNS/c7server.localdomain.local";
        arg "serial_autoincrement yes";

It works but the old IPA server hostname (with hostname=infra)  is no more
I have that
nslookup hostname
works for every host that was previously defined inside the zone but the
previous ipa server...
(new ipa and dns server is c7server and has ip

[root@c7server etc]# nslookup infra

** server can't find infra: NXDOMAIN

[root@c7server etc]# nslookup vc1

Name:   vc1.localdomain.local

- I have great difficulties entering in IPA web gui and so modifying dns
records from there
Many times I get the message that "your session has expired".
I put
KrbMethodK5Passwd on
in /etc/httpd/conf.d/ipa.conf but it seems it doesn't alway fix the
How to debug?

Thanks in advance
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to