Finally I made it work! I had to manually install the CA certificate and the server certificate to the database. As for the replica machine, all I had to do was to add the main IPA machine and the replica machines entry to the /etc/hosts file.
Thanks to all! John Robert Mendoza --- On Tue, 12/15/09, John Robert Mendoza <jrober...@yahoo.com> wrote: From: John Robert Mendoza <jrober...@yahoo.com> Subject: Re: [Freeipa-users] freeipa replication To: "Rob Crittenden" <rcrit...@redhat.com> Cc: freeipa-users@redhat.com Date: Tuesday, 15 December, 2009, 6:13 PM I did this to install the master server. Before even making a replica. John Robert Mendoza --- On Tue, 12/15/09, John Robert Mendoza <jrober...@yahoo.com> wrote: From: John Robert Mendoza <jrober...@yahoo.com> Subject: Re: [Freeipa-users] freeipa replication To: "Rob Crittenden" <rcrit...@redhat.com> Cc: freeipa-users@redhat.com Date: Tuesday, 15 December, 2009, 5:55 PM Hi Rob, Just to let you know, I tried to again reproduce the installation. I did a clean install of Fedora 11 on a machine and updated it using yum. Then I tried to install FreeIPA on it. But strangely I had a harder time doing it. It again outputs an error complaing about not being able to contact itself. here is the ipaserver-install log 2009-12-15 20:19:51,187 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2009-12-15 20:19:51,196 CRITICAL Could not connect to the Directory Server on id.example.net 2009-12-15 20:19:51,204 DEBUG {'desc': "Can't contact LDAP server"} File "/usr/sbin/ipa-server-install", line 609, in <module> sys.exit(main()) File "/usr/sbin/ipa-server-install", line 509, in main krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password) File "/usr/lib/python2.6/site-packages/ipaserver/krbinstance.py", line 135, in create_instance self.__common_setup(ds_user, realm_name, host_name, domain_name, admin_password) File "/usr/lib/python2.6/site-packages/ipaserver/krbinstance.py", line 119, in __common_setup raise e TIA. John Robert Mendoza --- On Sat, 12/12/09, Rob Crittenden <rcrit...@redhat.com> wrote: From: Rob Crittenden <rcrit...@redhat.com> Subject: Re: [Freeipa-users] freeipa replication To: "John Robert Mendoza" <jrober...@yahoo.com> Cc: freeipa-users@redhat.com Date: Saturday, 12 December, 2009, 2:50 AM John Robert Mendoza wrote: > Rob, > > I'm using freeipa 1.2.2 on a fedora 11 machine. I have successfully > configured it for authentication for our services but the lack of replication > makes it vulnerable for unavailability and downtime. > It's complaining about the replica server not being able to contact the ldap > server. > > This can be reproduced by: > > 1. Clean install fedora 11 > 2. Install the ipa packages > 3. Clean install fedora 11 on a "replica" server > 4. Install the ipa packages > 5. ipa-replica-prepare on the freeipa server > 6. ipa-replica-install on the replica > > note: both machines have DNS records. > > TIA > Ok, strange. On the replica server can you do something like: % ldapsearch -x -h ipa.example.com -p 389 -b "dc=example,dc=com" uid=admin That will confirm that the ports are available. Can you provide the ipareplica-install.log? rob Surf faster. Internet Explorer 8 optmized for Yahoo! auto launches 2 of your favorite pages everytime you open your browser.Get IE8 here! (It's free) New Email addresses available on Yahoo! Get the Email name you've always wanted on the new @ymail and @rocketmail. Hurry before someone else does! -----Inline Attachment Follows----- _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users