We get the below message for replica machines and Ive seen it for client machines too: [root@pul-lv-ipa-02 bin]# /root/bin/freeipa-replica-install.sh /var/lib/ipa/replica-info-$(hostname -f).gpg Using reverse zone(s) 23.10.in-addr.arpa. Run connection check to master Check connection from replica to remote master 'aaaaaa.aaaa.com ': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Check SSH connection to remote master Could not SSH into remote host. Error output: OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to aaaaaa.aaaa.com [10.23.45.88] port 22. debug1: connect to address 10.23.45.88 port 22: Connection refused ssh: connect to host pul-lv-ipa-01.int.worldfirst.com port 22: Connection refused Could not SSH to remote host. ipa.ipapython.install.cli.install_tool(Replica): ERROR Connection check failed! Please fix your network settings according to error messages above. If the check results are not valid it can be skipped with --skip-conncheck parameter. From: James Harrison <jamesaharriso...@yahoo.co.uk> To: "freeipa-users@redhat.com" <freeipa-users@redhat.com> Sent: Thursday, 10 November 2016, 12:00 Subject: Specify different ssh port for ipa-conncheck Hi All,We use port 2234 for all sshd connections on our systems. It looks loke ipa-conncheck uses port 22. Can this be changed to use 2234? This would be for replicas and clients I presume. This is quite urgent. Many thanks,James Harrison
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project