John Robert Mendoza wrote:
Finally I made it work!
I had to manually install the CA certificate and the server certificate
to the database. As for the replica machine, all I had to do was to add
the main IPA machine and the replica machines entry to the /etc/hosts file.
Thanks to all!
Great, glad you got it working.
Are there any take-aways we can get from this process? A FAQ entry, a
bug to file? Can you provide some more detail on what you had to do?
Which database did you have to manually update?
It definitely shouldn't be this hard to set up a replica :-)
thanks
rob
John Robert Mendoza
--- On *Tue, 12/15/09, John Robert Mendoza /<jrober...@yahoo.com>/* wrote:
From: John Robert Mendoza <jrober...@yahoo.com>
Subject: Re: [Freeipa-users] freeipa replication
To: "Rob Crittenden" <rcrit...@redhat.com>
Cc: freeipa-users@redhat.com
Date: Tuesday, 15 December, 2009, 6:13 PM
I did this to install the master server. Before even making a replica.
John Robert Mendoza
--- On *Tue, 12/15/09, John Robert Mendoza /<jrober...@yahoo.com>/*
wrote:
From: John Robert Mendoza <jrober...@yahoo.com>
Subject: Re: [Freeipa-users] freeipa replication
To: "Rob Crittenden" <rcrit...@redhat.com>
Cc: freeipa-users@redhat.com
Date: Tuesday, 15 December, 2009, 5:55 PM
Hi Rob,
Just to let you know, I tried to again reproduce the
installation. I did a clean install of Fedora 11 on a machine
and updated it using yum. Then I tried to install FreeIPA on it.
But strangely I had a harder time doing it. It again outputs an
error complaing about not being able to contact itself.
here is the ipaserver-install log
2009-12-15 20:19:51,187 DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2009-12-15 20:19:51,196 CRITICAL Could not connect to the
Directory Server on id.example.net
2009-12-15 20:19:51,204 DEBUG {'desc': "Can't contact LDAP server"}
File "/usr/sbin/ipa-server-install", line 609, in <module>
sys.exit(main())
File "/usr/sbin/ipa-server-install", line 509, in main
krb.create_instance(ds_user, realm_name, host_name,
domain_name, dm_password, master_password)
File
"/usr/lib/python2.6/site-packages/ipaserver/krbinstance.py",
line 135, in create_instance
self.__common_setup(ds_user, realm_name, host_name,
domain_name, admin_password)
File
"/usr/lib/python2.6/site-packages/ipaserver/krbinstance.py",
line 119, in __common_setup
raise e
TIA.
John Robert Mendoza
--- On *Sat, 12/12/09, Rob Crittenden /<rcrit...@redhat.com>/*
wrote:
From: Rob Crittenden <rcrit...@redhat.com>
Subject: Re: [Freeipa-users] freeipa replication
To: "John Robert Mendoza" <jrober...@yahoo.com>
Cc: freeipa-users@redhat.com
Date: Saturday, 12 December, 2009, 2:50 AM
John Robert Mendoza wrote:
> Rob,
>
> I'm using freeipa 1.2.2 on a fedora 11 machine. I have
successfully configured it for authentication for our
services but the lack of replication makes it vulnerable for
unavailability and downtime.
> It's complaining about the replica server not being able
to contact the ldap server.
>
> This can be reproduced by:
>
> 1. Clean install fedora 11
> 2. Install the ipa packages
> 3. Clean install fedora 11 on a "replica" server
> 4. Install the ipa packages
> 5. ipa-replica-prepare on the freeipa server
> 6. ipa-replica-install on the replica
>
> note: both machines have DNS records.
>
> TIA
>
Ok, strange. On the replica server can you do something like:
% ldapsearch -x -h ipa.example.com -p 389 -b
"dc=example,dc=com" uid=admin
That will confirm that the ports are available.
Can you provide the ipareplica-install.log?
rob
------------------------------------------------------------------------
Surf faster.
<http://us.lrd.yahoo.com/_ylc=X3oDMTFnNHZxc2k1BHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMDM0NjUEdG1fbmV0A1lhaG9vIQ--/SIG=11k7khaee/**http%3A//downloads.yahoo.com/sg/internetexplorer/>
Internet Explorer 8 optmized for Yahoo! auto launches 2 of your
favorite pages everytime you open your browser.Get IE8 here!
(It's free)
<http://us.lrd.yahoo.com/_ylc=X3oDMTFnNHZxc2k1BHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMDM0NjUEdG1fbmV0A1lhaG9vIQ--/SIG=11k7khaee/**http%3A//downloads.yahoo.com/sg/internetexplorer/>
------------------------------------------------------------------------
New Email addresses available on Yahoo!
<http://sg.rd.yahoo.com/ph/mail/domainchoice/mail/signature/*http://mail.promotions.yahoo.com/newdomains/ph/>
Get the Email name you've always wanted on the new @ymail and
@rocketmail.
Hurry before someone else does!
-----Inline Attachment Follows-----
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com </mc/compose?to=freeipa-us...@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
------------------------------------------------------------------------
New Email addresses available on Yahoo!
<http://sg.rd.yahoo.com/ph/mail/domainchoice/mail/signature/*http://mail.promotions.yahoo.com/newdomains/ph/>
Get the Email name you've always wanted on the new @ymail and @rocketmail.
Hurry before someone else does!
------------------------------------------------------------------------
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users