We get the below message for replica machines and Ive seen it for client 
machines too:
[root@pul-lv-ipa-02 bin]# /root/bin/freeipa-replica-install.sh 
/var/lib/ipa/replica-info-$(hostname -f).gpg
Using reverse zone(s) 23.10.in-addr.arpa.
Run connection check to master
Check connection from replica to remote master 'aaaaaa.aaaa.com ':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check SSH connection to remote master
Could not SSH into remote host. Error output:
    OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 56: Applying options for *
    debug1: Connecting to aaaaaa.aaaa.com [] port 22.
    debug1: connect to address port 22: Connection refused
    ssh: connect to host pul-lv-ipa-01.int.worldfirst.com port 22: Connection 
Could not SSH to remote host.
ipa.ipapython.install.cli.install_tool(Replica): ERROR    Connection check 
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck 

      From: James Harrison <jamesaharriso...@yahoo.co.uk>
 To: "freeipa-users@redhat.com" <freeipa-users@redhat.com> 
 Sent: Thursday, 10 November 2016, 12:00
 Subject: Specify different ssh port for ipa-conncheck
Hi All,We use port 2234 for all sshd connections on our systems.
It looks loke ipa-conncheck uses port 22.
Can this be changed to use 2234? This would be for replicas and clients I 
This is quite urgent.

Many thanks,James Harrison

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to