On 06/07/2016 04:10 PM, Cal Sawyer wrote:
> I found that installing a replica with firewalld enabled would consistently
> during initial replication. Disabling firewalld always allowed replication
> later stages to complete
> [24/38]: setting up initial replication
> Starting replication, please wait until this has completed.
> [ipa.localdomain.local] reports: Update failed! Status: [-1 - LDAP error:
> Can't contact LDAP server]
This is strange. ipa-replica-install should have run the conncheck to exactly
prevent issues like this. Did you by any chance run ipa-replica-install with
> The first master and all replicas are all CentOS Linux release 7.2.1511
> with ipa-server-4.2.0-15.0.1.el7
> One other thing. if, during ipa-replica-install,+ you choose the default
> to the following:
> Existing BIND configuration detected, overwrite? [no]:
> ipa.ipapython.install.cli.install_tool(Replica): ERROR Aborting
> Not sure if that is intended? Which BIND configuration is being detected?
This should be only trigged if you install replica with DNS (--setup-dns)
> Anyhow, up and running with 4 replicas, 2 of which will be split off to a
> failover instance of ESXi in the future. When it works, it's a joy
> Now back to getting these Mac clients to play nicely with IPA ...
> thanks for the help and advice
Thanks for sharing the results.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project