HI i tried the method mentioned on that document and it end up with below error. My DNS is managed by external box and i dont want to create any DNS record on these servers.
and the command which i tried is(non client server) ipa-replica-install --principal admin --admin-password P@ssw0rd --domain kw.example.com --server zkwipamstr01.kw.example.com ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart [email protected]' returned non-zero exit status 1). See the installation log for details. [29/44]: setting up initial replication [error] error: [Errno 111] Connection refused Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR [Errno 111] Connection refused ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root@zkwiparepa01 ~]# /bin/systemctl restart [email protected] Job for [email protected] failed because the control process exited with error code. See "systemctl status [email protected]" and "journalctl -xe" for details. [root@zkwiparepa01 ~]# systemctl status [email protected] ● [email protected] - 389 Directory Server KW-EXAMPLE-COM. Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46 AST; 13s ago Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE) Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS) Main PID: 14893 (code=exited, status=1/FAILURE) Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300] Error: betxnpostoperation plu...arted Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300] Error: object plugin Roles Pl...arted Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300] Error: preoperation plugin su...arted Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300] Error: object plugin USN is n...arted Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300] Error: object plugin Views is...arted Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300] Error: extendedop plugin whoa...arted Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]: [email protected]: main process exited, code=exited, status=1/FAILURE Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM.. Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]: Unit [email protected] entered failed state. Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]: [email protected] failed. Hint: Some lines were ellipsized, use -l to show in full. Regards, Ben On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <[email protected]> wrote: > On 01/04/2017 07:21 AM, Ben .T.George wrote: > >> HI >> >> while trying to create ipa replica, i am getting below error, >> >> Replica creation using 'ipa-replica-prepare' to generate replica file >> is supported only in 0-level IPA domain. >> >> The current IPA domain level is 1 and thus the replica must >> be created by promoting an existing IPA client. >> >> To set up a replica use the following procedure: >> 1.) set up a client on the host using 'ipa-client-install' >> 2.) promote the client to replica running 'ipa-replica-install' >> *without* replica file specified >> >> 'ipa-replica-prepare' is allowed only in domain level 0 >> The ipa-replica-prepare command failed. >> >> >> i have IPA master server without AD integration and DNS is managed by >> 3rd party appliances. >> >> >> >> Regards, >> Ben >> >> >> > Hi Ben, > > If you installed IPA 4.4 server then domain level 1 is the default. This > domain level uses different mechanism to stand up replicas. See the latest > IdM documentation[1] for more details. > > [1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterp > rise_Linux/7/html/Linux_Domain_Identity_Authentication_and_ > Policy_Guide/creating-the-replica.html > > -- > Martin^3 Babinsky > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
