On 06/07/2016 04:10 PM, Cal Sawyer wrote:
> I found that installing a replica with firewalld enabled would consistently 
> fail 
> during initial replication.  Disabling firewalld always allowed replication 
> and 
> later stages to complete
>        [24/38]: setting up initial replication
>     Starting replication, please wait until this has completed.
>     [ipa.localdomain.local] reports: Update failed! Status: [-1  - LDAP error:
>     Can't contact LDAP server]

This is strange. ipa-replica-install should have run the conncheck to exactly
prevent issues like this. Did you by any chance run ipa-replica-install with
--skip-conncheck option?

> The first master and all replicas are all CentOS Linux release 7.2.1511 
> (Core) 
> with ipa-server-4.2.0-15.0.1.el7
> One other thing.  if, during ipa-replica-install,+ you choose the default 
> answer 
> to the following:
> Existing BIND configuration detected, overwrite? [no]:
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    Aborting 
> installation.
> Not sure if that is intended?  Which BIND configuration is being detected?

This should be only trigged if you install replica with DNS (--setup-dns)

> Anyhow, up and running with 4 replicas, 2 of which will be split off to a 
> failover instance of ESXi in the future.  When it works, it's a joy
> Now back to getting these Mac clients to play nicely with IPA ...
> thanks for the help and advice

Thanks for sharing the results.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to