On 02/07/2015 12:27 AM, Chris Mohler wrote:
> I'm having some troubles. I have an older IPA install Version 3.0.0. on Centos
> 6.6. It's currently the only master for my domain. I have about 4k user
> accounts on here and it's a live system called "idm"
> I'm trying to upgrade to V4.x as I am hoping to fix some issues I am having.
> (clients can't auth unless service sssd is restarted multiple times "10 (User
> not known to the underlying authentication module") I think this is possibly
> unrelated and the topic for another thread.
> I created a new VM and installed Fedora Server 21 and FreeIPA 4.1.2 it's 
> called
> "ipa"

Good. Also note that we RHEL/CentOS 7.1 will have FreeIPA 4.0+ version baked
in, so you can also use that platform if you are used to it.

> on the master "idm" I ran "ipa-replica-prepare" and transfered the file to the
> future replica "ipa" Then I ran the install replica script ipa-replica-install
> --setup-ca /home/svradm/replica-info-ipa.cs.oberlin.edu.gpg
> Things went well until it failed
> [24/35]: setting up initial replication
> Starting replication, please wait until this has completed.
> Update in progress, 133 seconds elapsed
> Update in progress yet not in progress
> Update in progress yet not in progress
> Update in progress yet not in progress
> [idm.cs.oberlin.edu] reports: Update failed! Status: [10 Total update
> abortedLDAP error: Referral]
> [error] RuntimeError: Failed to start replication
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> Please help I'm getting nowhere by myself.

Can you please look on the master you are replicating from and look for errors
in /var/log/messages or DS errors log?

Maybe you will see messages like "ns-slapd: encoded packet size too big (xxxxxx
> 65536)" that are know to pop up more with CentOS 6.6.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to