On 03/09/2015 05:35 PM, Steven Jones wrote:


Any idea what is going on here please?


==========

[root@vuwunicoipam004  <mailto:root@vuwunicoipam004>  ipa-certs]# 
ipa-replica-install --setup-dns --forwarder=10.100.32.31 -U 
replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg  --skip-conncheck


Why are you skipping a connection check?
The check will find issues like this ahead of time.
I suspect there is something wrong with either DNS entries for LDAP server records or LDAP or Kerberos port is not open between new replica and master. At least I would try with connection check on and see if it gives some hints.

Checking forwarders, please wait ...
WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in answers
Please fix forwarder configuration to enable DNSSEC support.
(For BIND 9 add directive "dnssec-enable yes;" to "options {}")
WARNING: DNSSEC validation will be disabled
Directory Manager (existing master) password:

Adding [10.100.32.50 vuwunicoipam004.ods.vuw.ac.nz] to your /etc/hosts file
Using reverse zone(s) 32.100.10.in-addr.arpa.
Configuring NTP daemon (ntpd)
   [1/4]: stopping ntpd
   [2/4]: writing configuration
   [3/4]: configuring ntpd to start on boot
   [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
   [1/35]: creating directory server user
   [2/35]: creating directory server instance
   [3/35]: adding default schema
   [4/35]: enabling memberof plugin
   [5/35]: enabling winsync plugin
   [6/35]: configuring replication version plugin
   [7/35]: enabling IPA enrollment plugin
   [8/35]: enabling ldapi
   [9/35]: configuring uniqueness plugin
   [10/35]: configuring uuid plugin
   [11/35]: configuring modrdn plugin
   [12/35]: configuring DNS plugin
   [13/35]: enabling entryUSN plugin
   [14/35]: configuring lockout plugin
   [15/35]: creating indices
   [16/35]: enabling referential integrity plugin
   [17/35]: configuring ssl for ds instance
   [18/35]: configuring certmap.conf
   [19/35]: configure autobind for root
   [20/35]: configure new location for managed entries
   [21/35]: configure dirsrv ccache
   [22/35]: enable SASL mapping fallback
   [23/35]: restarting directory server
   [24/35]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 128 seconds elapsed
[vuwunicoipam002.ods.vuw.ac.nz] reports: Update failed! Status: [10 Total 
update abortedLDAP error: Referral]

   [error] RuntimeError: Failed to start replication

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Failed to start replication
[root@vuwunicoipam004  <mailto:root@vuwunicoipam004>  ipa-certs]#
========

No firewalls are active and the network is a simple vyos virtual router.


=====

[root@vuwunicoipam002  <mailto:root@vuwunicoipam002>  etc]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@vuwunicoipam002  <mailto:root@vuwunicoipam002>  etc]#
=====

=====
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@vuwunicoipam004  <mailto:root@vuwunicoipam004>  ipa-certs]#
=====




regards

Steven





--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to