Re: [Freeipa-users] ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was not provide

2017-01-17 Thread Alexander Skwar
Hello again already… 2017-01-17 15:24 GMT+01:00 Alexander Skwar : … > [Tue Jan 17 16:06:05.825724 2017] [wsgi:error] [pid 21773:tid > 139626190206720] ipa: INFO: [jsonserver_kerb] ad...@unix.ewadmin.ch: > ping(version=u'2.164'): SUCCESS >

[Freeipa-users] ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was not provided by

2017-01-17 Thread Alexander Skwar
Hello Using freeipa 4.3.1-0ubuntu1 on Ubuntu 16.04 servers. I have setup a FreeIPA master server with the following commands: apt install freeipa-server ipa-server-install --setup-dns --mkhomedir --auto-forwarders \ --no-reverse --hostname=ewserv-auth01-prod.unix.ewadmin.ch \

Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start

2016-10-27 Thread Martin Babinsky
On 10/27/2016 10:48 AM, Jochen Demmer wrote: Am 27.10.2016 um 10:21 schrieb Martin Basti: On 27.10.2016 10:02, Jochen Demmer wrote: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-27 Thread Martin Basti
On 27.10.2016 10:33, Jochen Demmer wrote: Am 27.10.2016 um 10:02 schrieb Jochen Demmer: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016

Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start

2016-10-27 Thread Ludwig Krispenz
On 10/27/2016 10:48 AM, Jochen Demmer wrote: Am 27.10.2016 um 10:21 schrieb Martin Basti: On 27.10.2016 10:02, Jochen Demmer wrote: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On

Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start

2016-10-27 Thread Jochen Demmer
Am 27.10.2016 um 10:21 schrieb Martin Basti: > > > > On 27.10.2016 10:02, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 17:31 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: > > > > On

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-27 Thread Jochen Demmer
Am 27.10.2016 um 10:02 schrieb Jochen Demmer: > > > Am 26.10.2016 um 17:31 schrieb Martin Basti: >> >> >> >> On 26.10.2016 17:25, Jochen Demmer wrote: >>> >>> >>> Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: > > > Am

Re: [Freeipa-users] ipa-replica-install fails because dirsrv failed to start

2016-10-27 Thread Martin Basti
On 27.10.2016 10:02, Jochen Demmer wrote: Am 26.10.2016 um 17:31 schrieb Martin Basti: On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: On 26.10.2016

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-27 Thread Jochen Demmer
Am 26.10.2016 um 17:31 schrieb Martin Basti: > > > > On 26.10.2016 17:25, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 16:48 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: > > > > On

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-26 Thread Martin Basti
On 26.10.2016 17:25, Jochen Demmer wrote: Am 26.10.2016 um 16:48 schrieb Martin Basti: On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-26 Thread Jochen Demmer
Am 26.10.2016 um 16:48 schrieb Martin Basti: > > > > On 26.10.2016 16:42, Jochen Demmer wrote: >> >> >> Am 26.10.2016 um 16:27 schrieb Martin Basti: >>> >>> >>> >>> On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-26 Thread Martin Basti
On 26.10.2016 16:42, Jochen Demmer wrote: Am 26.10.2016 um 16:27 schrieb Martin Basti: On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-26 Thread Jochen Demmer
Am 26.10.2016 um 16:27 schrieb Martin Basti: > > > > On 26.10.2016 16:10, Jochen Demmer wrote: >> Hi, >> >> my answers also inline. >> >> Am 26.10.2016 um 15:38 schrieb Martin Basti: >>> >>> Hi, comments inline >>> >>> >>> On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-26 Thread Martin Basti
On 26.10.2016 16:10, Jochen Demmer wrote: Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-26 Thread Jochen Demmer
Hi, my answers also inline. Am 26.10.2016 um 15:38 schrieb Martin Basti: > > Hi, comments inline > > > On 26.10.2016 14:28, Jochen Demmer wrote: >> Hi, >> >> I've been running and using a single FreeIPA server successfully, i.e.: >> Fedora 24 >> freeipa-server-4.3.2-2.fc24.x86_64 >> This server

Re: [Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-26 Thread Martin Basti
Hi, comments inline On 26.10.2016 14:28, Jochen Demmer wrote: Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to

[Freeipa-users] ipa-replica-install fails because of IPv6?

2016-10-26 Thread Jochen Demmer
Hi, I've been running and using a single FreeIPA server successfully, i.e.: Fedora 24 freeipa-server-4.3.2-2.fc24.x86_64 This server is only available via IPv6, because I can't get public lPv4 addresses no more. Now I want to setup a FreeIPA replica at another site also running IPv6, Fedora 24

Re: [Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

2016-08-29 Thread White Hat
The exact same error is in the /var/log/ipareplica-install log Here are the last few relevant lines. File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py", line 28, in from backports.ssl_match_hostname import match_hostname 2016-08-11T03:53:02Z DEBUG The ipa-replica-install

Re: [Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

2016-08-11 Thread Rob Crittenden
White Hat wrote: When attempting to run ipa-replica-install I get a python error, No module named ssl_match_hostname This is on a CentOS 7.2 x86_64 testing box. All available updates including kernel installed, and system rebooted same day. Same error before and after patching and reboot.

[Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

2016-08-10 Thread White Hat
When attempting to run ipa-replica-install I get a python error, No module named ssl_match_hostname This is on a CentOS 7.2 x86_64 testing box. All available updates including kernel installed, and system rebooted same day. Same error before and after patching and reboot. Let me know if you

[Freeipa-users] ipa-replica-install fails at [6/8]: enable GSSAPI for replication

2016-05-09 Thread Devin Acosta
Attempting to create replica fails during ipa-replica-install. I have attached below what I am seeing during attempting to add a replica into my environment. Currently there are (3) Masters. When I try to add the (4th) it dies. The 4th node will only be able to talk to ipa01-aws, ipa02-aws,

Re: [Freeipa-users] ipa-replica-install fails at CA setup

2015-04-29 Thread Rob Crittenden
Qing Chang wrote: mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap service was available at all at installation stage. I think we'd need to see the full ipareplica-install.log. You might also want to see if a ns-slapd process is running and check

Re: [Freeipa-users] ipa-replica-install fails at CA setup

2015-04-29 Thread Qing Chang
ipareplica-install is big, folowing starts at around step 34/35 for directory server config (see red lines), and then CA steup sopped at second step. Relaevnt logs in error and access are attched too. It appears at the time when CA setup eed access to dirsrv, it was down? - ipareplica-install

[Freeipa-users] ipa-replica-install fails at CA setup

2015-04-29 Thread Qing Chang
CentOS7.1 with IPA server 4.1. ipa-replica-install --setup-ca --setup-dns ... fails with this error message: - [2/22]: configuring certificate server instance ipa : CRITICAL failed to configure ca instance Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned

Re: [Freeipa-users] ipa-replica-install fails at CA setup

2015-04-29 Thread Qing Chang
mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap service was available at all at installation stage. Thanks, Qing On Wed, Apr 29, 2015 at 10:29 AM, Qing Chang tmp...@gmail.com wrote: CentOS7.1 with IPA server 4.1. ipa-replica-install --setup-ca --setup-dns ... fails

Re: [Freeipa-users] ipa replica install fails

2013-02-06 Thread Petr Spacek
On 6.2.2013 07:17, Rajnesh Kumar Siwal wrote: I am missing these two entries in ipa1 (The Master that was installed first):- HTTP/ipa2.xyz@xyz.dmz DNS/ipa2.xyz@xyz.dmz The above entries are present only in ipa2. It seems like replication problems to me. Did you already solved problems

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rob Crittenden
Rajnesh Kumar Siwal wrote: We are trying to setup the IPA replication but it says Connection check failed!. We disabled the firewall and found the same result. --- [root@ipa2 /]#

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
Hi Rob, Thanks for the quick reply. I tried logging iptables in the replica also, but no log for dropped packet :- I would appreciate if you could please let me know what these login actually do. 1. Looks to me as getting tgt for admin 2. Is it trying to login though ssh to ipa1 server ?

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Petr Spacek
On 5.2.2013 15:15, Rajnesh Kumar Siwal wrote: Is there any other log file that may suggest something. It would be great if we could figure out whats the cause of the error. I would recommend to run tcpdump on one of the servers and look to what is sent over the wire. It is most effective way.

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
Finally , I installed it with --skip-conncheck:- Now DNS fails to start. I tried ipa-dns-install too:- [root@ipa2 log]# ipa-dns-install The log file for this installation can be found in /var/log/ipaserver-install.log ==

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Petr Spacek
On 5.2.2013 15:45, Rajnesh Kumar Siwal wrote: Finally , I installed it with --skip-conncheck:- Now DNS fails to start. I tried ipa-dns-install too:- [root@ipa2 log]# ipa-dns-install The log file for this installation can be found in /var/log/ipaserver-install.log

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Simo Sorce
On Tue, 2013-02-05 at 16:59 +0100, Petr Spacek wrote: On 5.2.2013 15:45, Rajnesh Kumar Siwal wrote: Finally , I installed it with --skip-conncheck:- Now DNS fails to start. I tried ipa-dns-install too:- [root@ipa2 log]# ipa-dns-install The log file for this installation can be found

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
Last time the installation of replica failed. So this is second time I did it (The logs in the mail are from the second time after I uninstalled the ipa2). After installing the replica, I restarted IPA and failed to start the KDC too. So, kinit admin is now failing.

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Petr Spacek
On 5.2.2013 17:15, Rajnesh Kumar Siwal wrote: Last time the installation of replica failed. So this is second time I did it (The logs in the mail are from the second time after I uninstalled the ipa2). After installing the replica, I restarted IPA and failed to start the KDC too. So, kinit

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
Both of these replica are in the same network. I have disabled the iptables on both Selinux disable. still the output of kinit admin is the same kinit: Cannot contact any KDC for realm strace output attached. On Tue, Feb 5, 2013 at 9:45 PM, Rajnesh Kumar Siwal rajnesh.si...@gmail.com wrote:

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rob Crittenden
Rajnesh Kumar Siwal wrote: Both of these replica are in the same network. I have disabled the iptables on both Selinux disable. still the output of kinit admin is the same kinit: Cannot contact any KDC for realm strace output attached. strace isn't really helpful in this case. Is the KDC

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
When I am trying to restart ipa, it fails to start the services to I manually started LDAP and krb5kdc, now kinit admin is fine :- How shall I proceed now ? - [root@ipa2 ~]# /etc/init.d/ipa status Directory Service:

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
Still unable to start bind :- [root@ipa2 ~]# ipa-replica-conncheck --replica ipa1.xyz.dmz Check connection from master to remote replica 'ipa1.xyz.dmz': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
As a workaround I modified named.conf to use simple authentication and was able to start bind However I am looking for a better resolution. -- dynamic-db ipa { library ldap.so;

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
Two more issues:- 1. I am still not able to login into the WebUI of ipa2 (Replica Server). It displays Internal Server Error 2. Are there any logs to make sure that the Replication is working fine ? ___ Freeipa-users mailing list

Re: [Freeipa-users] ipa replica install fails

2013-02-05 Thread Rajnesh Kumar Siwal
I am missing these two entries in ipa1 (The Master that was installed first):- HTTP/ipa2.xyz@xyz.dmz DNS/ipa2.xyz@xyz.dmz The above entries are present only in ipa2. ___ Freeipa-users mailing list Freeipa-users@redhat.com

Re: [Freeipa-users] ipa-replica-install fails

2012-12-12 Thread Bret Wortman
...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Bret Wortman [bret.wort...@damascusgrp.com] *Sent:* Wednesday, 12 December 2012 8:12 a.m. *To:* freeipa-users@redhat.com *Subject:* Re: [Freeipa-users] ipa-replica-install fails I'm working through them and may simply abandon the idea

Re: [Freeipa-users] ipa-replica-install fails

2012-12-11 Thread Dmitri Pal
On 12/11/2012 10:53 AM, Bret Wortman wrote: My replica install fails to create a DS instance: : [2/30]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl http://setup-ds.pl --silent --logfile - -f /tmp/tmpp80GFc' returned

Re: [Freeipa-users] ipa-replica-install fails

2012-12-11 Thread Martin Kosek
On 12/11/2012 05:25 PM, Dmitri Pal wrote: On 12/11/2012 10:53 AM, Bret Wortman wrote: My replica install fails to create a DS instance: : [2/30]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl http://setup-ds.pl --silent

Re: [Freeipa-users] ipa-replica-install fails

2012-12-11 Thread Bret Wortman
I'm working through them and may simply abandon the idea of automating the replica install. On Tue, Dec 11, 2012 at 2:09 PM, Dmitri Pal d...@redhat.com wrote: On 12/11/2012 12:09 PM, Bret Wortman wrote: On Tue, Dec 11, 2012 at 11:25 AM, Dmitri Pal d...@redhat.com wrote: On 12/11/2012

Re: [Freeipa-users] ipa-replica-install fails

2012-12-11 Thread Steven Jones
: [Freeipa-users] ipa-replica-install fails I'm working through them and may simply abandon the idea of automating the replica install. On Tue, Dec 11, 2012 at 2:09 PM, Dmitri Pal d...@redhat.commailto:d...@redhat.com wrote: On 12/11/2012 12:09 PM, Bret Wortman wrote: On Tue, Dec 11, 2012