On 06/07/2016 04:10 PM, Cal Sawyer wrote: ... > I found that installing a replica with firewalld enabled would consistently > fail > during initial replication. Disabling firewalld always allowed replication > and > later stages to complete > > [24/38]: setting up initial replication > Starting replication, please wait until this has completed. > > [ipa.localdomain.local] reports: Update failed! Status: [-1 - LDAP error: > Can't contact LDAP server]
This is strange. ipa-replica-install should have run the conncheck to exactly prevent issues like this. Did you by any chance run ipa-replica-install with --skip-conncheck option? > The first master and all replicas are all CentOS Linux release 7.2.1511 > (Core) > with ipa-server-4.2.0-15.0.1.el7 > > > One other thing. if, during ipa-replica-install,+ you choose the default > answer > to the following: > > Existing BIND configuration detected, overwrite? [no]: > ipa.ipapython.install.cli.install_tool(Replica): ERROR Aborting > installation. > > Not sure if that is intended? Which BIND configuration is being detected? This should be only trigged if you install replica with DNS (--setup-dns) > Anyhow, up and running with 4 replicas, 2 of which will be split off to a > failover instance of ESXi in the future. When it works, it's a joy > > Now back to getting these Mac clients to play nicely with IPA ... > > thanks for the help and advice Thanks for sharing the results. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project