Re: [Freeipa-users] Delete AD replica failure
On Sun, 20 Mar 2011 18:28:12 +0100
Sigbjorn Lie sigbj...@nixtra.com wrote:
Hi,
I just did a fresh installation of FreeIPA 2 on a host called ipa1,
created a replica on a second server called ipa2. I then created a
winsync replica to an AD domain on the ipa1 host.
I noticed that I forgot the --win-subtree option and decided to
delete the replication agreement:
# ipa-replica-manage -H ipa1.ix.nowhere.com del dc01.ad.nowhere.com
Directory Manager password:
Unable to delete replica dc01.ad.nowhere.com: {'desc': Can't contact
LDAP server}
This is not the correct command to use.
If I did a force a got a bit more output, where it complains about
the ipa2 replica server not having a sync agreement with the dc01
server.
# ipa-replica-manage -v -f -H ipa1.ix.nowhere.com del
dc01.ad.nowhere.com Directory Manager password:
Unable to connect to replica dc01.ad.nowhere.com, forcing removal
Forcing removal on 'dc01.ad.nowhere.com'
'ipa2.ix.nowhere.com' has no replication agreement for
'dc01.ad.nowhere.com'
Is this intended behavior or a bug?
Intended, to remove the AD replication link you need to 'disconnect'
the AD server.
Use:
ipa-replica-manage disconnect dc01.ad.nowhere.com
After re-creating the sync agreement with the win-subtree option, IPA
synced with AD successfully.
Great,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Delete AD replica failure
On 03/21/2011 02:31 PM, Simo Sorce wrote:
On Sun, 20 Mar 2011 18:28:12 +0100
Sigbjorn Liesigbj...@nixtra.com wrote:
Hi,
I just did a fresh installation of FreeIPA 2 on a host called ipa1,
created a replica on a second server called ipa2. I then created a
winsync replica to an AD domain on the ipa1 host.
I noticed that I forgot the --win-subtree option and decided to
delete the replication agreement:
# ipa-replica-manage -H ipa1.ix.nowhere.com del dc01.ad.nowhere.com
Directory Manager password:
Unable to delete replica dc01.ad.nowhere.com: {'desc': Can't contact
LDAP server}
This is not the correct command to use.
If I did a force a got a bit more output, where it complains about
the ipa2 replica server not having a sync agreement with the dc01
server.
# ipa-replica-manage -v -f -H ipa1.ix.nowhere.com del
dc01.ad.nowhere.com Directory Manager password:
Unable to connect to replica dc01.ad.nowhere.com, forcing removal
Forcing removal on 'dc01.ad.nowhere.com'
'ipa2.ix.nowhere.com' has no replication agreement for
'dc01.ad.nowhere.com'
Is this intended behavior or a bug?
Intended, to remove the AD replication link you need to 'disconnect'
the AD server.
Use:
ipa-replica-manage disconnect dc01.ad.nowhere.com
Ah, thank you. :)
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Delete AD replica failure
Hi,
I just did a fresh installation of FreeIPA 2 on a host called ipa1,
created a replica on a second server called ipa2. I then created a
winsync replica to an AD domain on the ipa1 host.
I noticed that I forgot the --win-subtree option and decided to delete
the replication agreement:
# ipa-replica-manage -H ipa1.ix.nowhere.com del dc01.ad.nowhere.com
Directory Manager password:
Unable to delete replica dc01.ad.nowhere.com: {'desc': Can't contact
LDAP server}
If I did a force a got a bit more output, where it complains about the
ipa2 replica server not having a sync agreement with the dc01 server.
# ipa-replica-manage -v -f -H ipa1.ix.nowhere.com del dc01.ad.nowhere.com
Directory Manager password:
Unable to connect to replica dc01.ad.nowhere.com, forcing removal
Forcing removal on 'dc01.ad.nowhere.com'
'ipa2.ix.nowhere.com' has no replication agreement for 'dc01.ad.nowhere.com'
Is this intended behavior or a bug?
After re-creating the sync agreement with the win-subtree option, IPA
synced with AD successfully.
Rgds,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
