Re: [Freeipa-users] Error during ipa-replica-install
On Mon, Mar 26, 2012 at 8:43 AM, Martin Kosek wrote: > On Sun, 2012-03-25 at 15:55 +0200, Marco Pizzoli wrote: > > Hi Martin, > > > > On Thu, Mar 22, 2012 at 11:50 AM, Martin Kosek > > wrote: > > Hello Marco, > > > > judging from the output you sent, it looks like you had an > > installed > > replica on freeipa03, then stopped it with "ipactl" stop and > > after that > > tried to run ipa-replica-install again - krb5.conf > > and /var/log/messages > > you sent would support this theory. > > > > IPA replica agreement should be first removed with > > "ipa-replica-manage > > del " on freeipa01 and then uninstalled with > > "ipa-server-install --uninstall" before you try to install it > > again. > > > > > > Thanks for your answer. > > I tried what you suggested, but this is what I'm getting now: > > > > > > [root@freeipa01 ~]# ipa-replica-manage -v list > > freeipa01.unix.mydomain.it: master > > freeipa03.unix.mydomain.it: master > > [root@freeipa01 ~]# ipa-replica-manage -v del > > freeipa03.unix.mydomain.it > > Unable to delete replica freeipa03.unix.mydomain.it: {'desc': "Can't > > contact LDAP server"} > > [root@freeipa01 ~]# ps -ef|grep slap > > dirsrv1149 1 0 15:30 ?00:00:01 /usr/sbin/ns-slapd > > -D /etc/dirsrv/slapd-UNIX-MYDOMAIN-IT > > -i /var/run/dirsrv/slapd-UNIX-MYDOMAIN-IT.pid > > -w /var/run/dirsrv/slapd-UNIX-MYDOMAIN-IT.startpid > > pkisrv1150 1 0 15:30 ?00:00:00 /usr/sbin/ns-slapd > > -D /etc/dirsrv/slapd-PKI-IPA -i /var/run/dirsrv/slapd-PKI-IPA.pid > > -w /var/run/dirsrv/slapd-PKI-IPA.startpid > > > > > > After little investigation (should worth a more descriptive output? > > ^_^) I found the LDAP server being asked was the freeipa03 one. > > Yes, it was not running at the moment I executed the command. > > > > > > I went to freeipa03 and tried to "systemctl start dirsrv.target". > > This is what I have in my /var/log/messages log: > > > > > > Mar 25 15:48:50 freeipa03 systemd[1]: Failed to load environment > > files: No such file or directory > > Mar 25 15:48:50 freeipa03 systemd[1]: dirsrv@UNIX-MYDOMAIN-IT.service > > failed to run 'start' task: No such file or directory > > Mar 25 15:48:50 freeipa03 systemd[1]: Unit > > dirsrv@UNIX-MYDOMAIN-IT.service entered failed state. > > > > > > My dirsrv access and error log files are currently not populated. > > > > > > How can I exit from the tunnel? :-) > > > > > > Thanks in advance again > > Marco > > > > Hello Marco, > > if you want to correctly set up a 2-master configuration, you need to at > first properly remove replica agreements between freeipa01 and freeipa03 > (which are visible in your "ipa-replica-manage list") and then install > the replica on freeipa03: > > # force is needed as freeipa03 is not running > [root@freeipa01 ~]# ipa-replica-manage -v del freeipa03.unix.mydomain.it > --force > # to get a new fresh replica info file: > [root@freeipa01 ~]# ipa-replica-prepare freeipa03.unix.mydomain.it > > # on freeipa03: > [root@freeipa03 ~]# ipa-replica-install > > Does this help? > Yes, it helped a lot! replica deleted. Thanks! Marco > Martin > > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Error during ipa-replica-install
On Sun, 2012-03-25 at 15:55 +0200, Marco Pizzoli wrote: > Hi Martin, > > On Thu, Mar 22, 2012 at 11:50 AM, Martin Kosek > wrote: > Hello Marco, > > judging from the output you sent, it looks like you had an > installed > replica on freeipa03, then stopped it with "ipactl" stop and > after that > tried to run ipa-replica-install again - krb5.conf > and /var/log/messages > you sent would support this theory. > > IPA replica agreement should be first removed with > "ipa-replica-manage > del " on freeipa01 and then uninstalled with > "ipa-server-install --uninstall" before you try to install it > again. > > > Thanks for your answer. > I tried what you suggested, but this is what I'm getting now: > > > [root@freeipa01 ~]# ipa-replica-manage -v list > freeipa01.unix.mydomain.it: master > freeipa03.unix.mydomain.it: master > [root@freeipa01 ~]# ipa-replica-manage -v del > freeipa03.unix.mydomain.it > Unable to delete replica freeipa03.unix.mydomain.it: {'desc': "Can't > contact LDAP server"} > [root@freeipa01 ~]# ps -ef|grep slap > dirsrv1149 1 0 15:30 ?00:00:01 /usr/sbin/ns-slapd > -D /etc/dirsrv/slapd-UNIX-MYDOMAIN-IT > -i /var/run/dirsrv/slapd-UNIX-MYDOMAIN-IT.pid > -w /var/run/dirsrv/slapd-UNIX-MYDOMAIN-IT.startpid > pkisrv1150 1 0 15:30 ?00:00:00 /usr/sbin/ns-slapd > -D /etc/dirsrv/slapd-PKI-IPA -i /var/run/dirsrv/slapd-PKI-IPA.pid > -w /var/run/dirsrv/slapd-PKI-IPA.startpid > > > After little investigation (should worth a more descriptive output? > ^_^) I found the LDAP server being asked was the freeipa03 one. > Yes, it was not running at the moment I executed the command. > > > I went to freeipa03 and tried to "systemctl start dirsrv.target". > This is what I have in my /var/log/messages log: > > > Mar 25 15:48:50 freeipa03 systemd[1]: Failed to load environment > files: No such file or directory > Mar 25 15:48:50 freeipa03 systemd[1]: dirsrv@UNIX-MYDOMAIN-IT.service > failed to run 'start' task: No such file or directory > Mar 25 15:48:50 freeipa03 systemd[1]: Unit > dirsrv@UNIX-MYDOMAIN-IT.service entered failed state. > > > My dirsrv access and error log files are currently not populated. > > > How can I exit from the tunnel? :-) > > > Thanks in advance again > Marco > Hello Marco, if you want to correctly set up a 2-master configuration, you need to at first properly remove replica agreements between freeipa01 and freeipa03 (which are visible in your "ipa-replica-manage list") and then install the replica on freeipa03: # force is needed as freeipa03 is not running [root@freeipa01 ~]# ipa-replica-manage -v del freeipa03.unix.mydomain.it --force # to get a new fresh replica info file: [root@freeipa01 ~]# ipa-replica-prepare freeipa03.unix.mydomain.it # on freeipa03: [root@freeipa03 ~]# ipa-replica-install Does this help? Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Error during ipa-replica-install
Hi Martin, On Thu, Mar 22, 2012 at 11:50 AM, Martin Kosek wrote: > Hello Marco, > > judging from the output you sent, it looks like you had an installed > replica on freeipa03, then stopped it with "ipactl" stop and after that > tried to run ipa-replica-install again - krb5.conf and /var/log/messages > you sent would support this theory. > > IPA replica agreement should be first removed with "ipa-replica-manage > del " on freeipa01 and then uninstalled with > "ipa-server-install --uninstall" before you try to install it again. > Thanks for your answer. I tried what you suggested, but this is what I'm getting now: [root@freeipa01 ~]# ipa-replica-manage -v list freeipa01.unix.mydomain.it: master freeipa03.unix.mydomain.it: master [root@freeipa01 ~]# ipa-replica-manage -v del freeipa03.unix.mydomain.it Unable to delete replica freeipa03.unix.mydomain.it: {'desc': "Can't contact LDAP server"} [root@freeipa01 ~]# ps -ef|grep slap dirsrv1149 1 0 15:30 ?00:00:01 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-UNIX-MYDOMAIN-IT -i /var/run/dirsrv/slapd-UNIX-MYDOMAIN-IT.pid -w /var/run/dirsrv/slapd-UNIX-MYDOMAIN-IT.startpid pkisrv1150 1 0 15:30 ?00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-PKI-IPA -i /var/run/dirsrv/slapd-PKI-IPA.pid -w /var/run/dirsrv/slapd-PKI-IPA.startpid After little investigation (should worth a more descriptive output? ^_^) I found the LDAP server being asked was the freeipa03 one. Yes, it was not running at the moment I executed the command. I went to freeipa03 and tried to "systemctl start dirsrv.target". This is what I have in my /var/log/messages log: Mar 25 15:48:50 freeipa03 systemd[1]: Failed to load environment files: No such file or directory Mar 25 15:48:50 freeipa03 systemd[1]: dirsrv@UNIX-MYDOMAIN-IT.servicefailed to run 'start' task: No such file or directory Mar 25 15:48:50 freeipa03 systemd[1]: Unit dirsrv@UNIX-MYDOMAIN-IT.serviceentered failed state. My dirsrv access and error log files are currently not populated. How can I exit from the tunnel? :-) Thanks in advance again Marco > > Martin > > On Tue, 2012-03-20 at 12:58 +0100, Marco Pizzoli wrote: > > Hi guys, > > I'm running this version of FreeIPA: > > > > > > [root@freeipa03 ~]# rpm -qa|grep freeipa > > freeipa-server-selinux-2.1.90.rc1-0.fc16.x86_64 > > freeipa-server-2.1.90.rc1-0.fc16.x86_64 > > freeipa-admintools-2.1.90.rc1-0.fc16.x86_64 > > freeipa-client-2.1.90.rc1-0.fc16.x86_64 > > freeipa-python-2.1.90.rc1-0.fc16.x86_64 > > > > > > > > > > I'm having this problem: > > > > > > [root@freeipa03 ~]# ipa-replica-install --setup-dns > > --no-forwarders /var/lib/ipa/replica-info-freeipa03.unix.mydomain.it.gpg > > Directory Manager (existing master) password: > > > > > > Run connection check to master > > Check connection from replica to remote master > > 'freeipa01.unix.mydomain.it': > >Directory Service: Unsecure port (389): OK > >Directory Service: Secure port (636): OK > >Kerberos KDC: TCP (88): OK > >Kerberos Kpasswd: TCP (464): OK > >HTTP Server: Unsecure port (80): OK > >HTTP Server: Secure port (443): OK > > > > > > The following list of ports use UDP protocol and would need to be > > checked manually: > >Kerberos KDC: UDP (88): SKIPPED > >Kerberos Kpasswd: UDP (464): SKIPPED > > > > > > Connection from replica to master is OK. > > Start listening on required ports for remote master check > > Get credentials to log in to remote master > > ad...@unix.mydomain.it password: > > > > > > Cannot acquire Kerberos ticket: kinit: Invalid message type while > > getting initial credentials > > > > > > Connection check failed! > > Please fix your network settings according to error messages above. > > If the check results are not valid it can be skipped with > > --skip-conncheck parameter. > > > > > > --- > > I don't have any firewall between freeipa03 and freeipa01. > > > > > > This is what I have in my /var/log/messages file: > > > > > > > > > > Mar 20 12:03:51 freeipa03 sssd: Starting up > > Mar 20 12:03:51 freeipa03 sssd[be[unix.mydomain.it]]: Starting up > > Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: > > 0.fedora.pool.ntp.org > > Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: > > 1.fedora.pool.ntp.org > > Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: > > 2.fedora.pool.ntp.org > > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Successfully called > > chroot(). > > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Successfully dropped > > remaining capabilities. > > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Loading service > > file /services/ssh.service. > > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Loading service > > file /services/udisks.service. > > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Network interface > > enumeration completed. > > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Registering HINFO record > > with values 'X86_64'/'LINUX'. > > Mar 20 12:03:52 freeipa03 a
Re: [Freeipa-users] Error during ipa-replica-install
Hello Marco, judging from the output you sent, it looks like you had an installed replica on freeipa03, then stopped it with "ipactl" stop and after that tried to run ipa-replica-install again - krb5.conf and /var/log/messages you sent would support this theory. IPA replica agreement should be first removed with "ipa-replica-manage del " on freeipa01 and then uninstalled with "ipa-server-install --uninstall" before you try to install it again. Martin On Tue, 2012-03-20 at 12:58 +0100, Marco Pizzoli wrote: > Hi guys, > I'm running this version of FreeIPA: > > > [root@freeipa03 ~]# rpm -qa|grep freeipa > freeipa-server-selinux-2.1.90.rc1-0.fc16.x86_64 > freeipa-server-2.1.90.rc1-0.fc16.x86_64 > freeipa-admintools-2.1.90.rc1-0.fc16.x86_64 > freeipa-client-2.1.90.rc1-0.fc16.x86_64 > freeipa-python-2.1.90.rc1-0.fc16.x86_64 > > > > > I'm having this problem: > > > [root@freeipa03 ~]# ipa-replica-install --setup-dns > --no-forwarders /var/lib/ipa/replica-info-freeipa03.unix.mydomain.it.gpg > Directory Manager (existing master) password: > > > Run connection check to master > Check connection from replica to remote master > 'freeipa01.unix.mydomain.it': >Directory Service: Unsecure port (389): OK >Directory Service: Secure port (636): OK >Kerberos KDC: TCP (88): OK >Kerberos Kpasswd: TCP (464): OK >HTTP Server: Unsecure port (80): OK >HTTP Server: Secure port (443): OK > > > The following list of ports use UDP protocol and would need to be > checked manually: >Kerberos KDC: UDP (88): SKIPPED >Kerberos Kpasswd: UDP (464): SKIPPED > > > Connection from replica to master is OK. > Start listening on required ports for remote master check > Get credentials to log in to remote master > ad...@unix.mydomain.it password: > > > Cannot acquire Kerberos ticket: kinit: Invalid message type while > getting initial credentials > > > Connection check failed! > Please fix your network settings according to error messages above. > If the check results are not valid it can be skipped with > --skip-conncheck parameter. > > > --- > I don't have any firewall between freeipa03 and freeipa01. > > > This is what I have in my /var/log/messages file: > > > > > Mar 20 12:03:51 freeipa03 sssd: Starting up > Mar 20 12:03:51 freeipa03 sssd[be[unix.mydomain.it]]: Starting up > Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: > 0.fedora.pool.ntp.org > Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: > 1.fedora.pool.ntp.org > Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: > 2.fedora.pool.ntp.org > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Successfully called > chroot(). > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Successfully dropped > remaining capabilities. > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Loading service > file /services/ssh.service. > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Loading service > file /services/udisks.service. > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Network interface > enumeration completed. > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Registering HINFO record > with values 'X86_64'/'LINUX'. > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Server startup complete. > Host name is freeipa03.local. Local service cookie is 3668475942. > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Service > "freeipa03" (/services/udisks.service) successfully established. > Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Service > "freeipa03" (/services/ssh.service) successfully established. > Mar 20 12:03:52 freeipa03 systemd-logind[764]: New seat seat0. > Mar 20 12:03:53 freeipa03 sssd[pam]: Starting up > Mar 20 12:03:53 freeipa03 sssd[nss]: Starting up > Mar 20 12:03:53 freeipa03 network[765]: Bringing up loopback > interface: [ OK ] > Mar 20 12:03:54 freeipa03 kernel: [ 25.724015] e1000: eth0 NIC Link > is Up 1000 Mbps Full Duplex, Flow Control: None > Mar 20 12:03:55 freeipa03 avahi-daemon[734]: Registering new address > record for fe80::20c:29ff:fedc:9788 on eth0.*. > Mar 20 12:03:56 freeipa03 avahi-daemon[734]: Joining mDNS multicast > group on interface eth0.IPv4 with address 192.168.146.134. > Mar 20 12:03:56 freeipa03 avahi-daemon[734]: New relevant interface > eth0.IPv4 for mDNS. > Mar 20 12:03:56 freeipa03 avahi-daemon[734]: Registering new address > record for 192.168.146.134 on eth0.IPv4. > Mar 20 12:03:56 freeipa03 network[765]: Bringing up interface eth0: > [ OK ] > Mar 20 12:03:57 freeipa03 kernel: [ 28.697268] 8021q: 802.1Q VLAN > Support v1.8 > Mar 20 12:03:57 freeipa03 kernel: [ 28.697283] 8021q: adding VLAN 0 > to HW filter on device eth0 > Mar 20 12:03:57 freeipa03 rpc.statd[994]: Version 1.2.5 starting > Mar 20 12:03:57 freeipa03 ntpd[741]: Listen normally on 4 eth0 > 192.168.146.134 UDP 123 > Mar 20 12:03:57 freeipa03 ntpd[741]: Listen normally on 5 eth0 > fe80::20c:29ff:fedc:9788 UDP 123 > Mar 20 12:03:57 freeipa03 ntpd[741]: peers refreshed > Mar 20 12:03:57 fre
[Freeipa-users] Error during ipa-replica-install
Hi guys, I'm running this version of FreeIPA: [root@freeipa03 ~]# rpm -qa|grep freeipa freeipa-server-selinux-2.1.90.rc1-0.fc16.x86_64 freeipa-server-2.1.90.rc1-0.fc16.x86_64 freeipa-admintools-2.1.90.rc1-0.fc16.x86_64 freeipa-client-2.1.90.rc1-0.fc16.x86_64 freeipa-python-2.1.90.rc1-0.fc16.x86_64 I'm having this problem: [root@freeipa03 ~]# ipa-replica-install --setup-dns --no-forwarders /var/lib/ipa/replica-info-freeipa03.unix.mydomain.it.gpg Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'freeipa01.unix.mydomain.it': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master ad...@unix.mydomain.it password: Cannot acquire Kerberos ticket: kinit: Invalid message type while getting initial credentials Connection check failed! Please fix your network settings according to error messages above. If the check results are not valid it can be skipped with --skip-conncheck parameter. --- I don't have any firewall between freeipa03 and freeipa01. This is what I have in my /var/log/messages file: Mar 20 12:03:51 freeipa03 sssd: Starting up Mar 20 12:03:51 freeipa03 sssd[be[unix.mydomain.it]]: Starting up Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: 0.fedora.pool.ntp.org Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: 1.fedora.pool.ntp.org Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found: 2.fedora.pool.ntp.org Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Successfully called chroot(). Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Successfully dropped remaining capabilities. Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Loading service file /services/ssh.service. Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Loading service file /services/udisks.service. Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Network interface enumeration completed. Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Registering HINFO record with values 'X86_64'/'LINUX'. Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Server startup complete. Host name is freeipa03.local. Local service cookie is 3668475942. Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Service "freeipa03" (/services/udisks.service) successfully established. Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Service "freeipa03" (/services/ssh.service) successfully established. Mar 20 12:03:52 freeipa03 systemd-logind[764]: New seat seat0. Mar 20 12:03:53 freeipa03 sssd[pam]: Starting up Mar 20 12:03:53 freeipa03 sssd[nss]: Starting up Mar 20 12:03:53 freeipa03 network[765]: Bringing up loopback interface: [ OK ] Mar 20 12:03:54 freeipa03 kernel: [ 25.724015] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None Mar 20 12:03:55 freeipa03 avahi-daemon[734]: Registering new address record for fe80::20c:29ff:fedc:9788 on eth0.*. Mar 20 12:03:56 freeipa03 avahi-daemon[734]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.146.134. Mar 20 12:03:56 freeipa03 avahi-daemon[734]: New relevant interface eth0.IPv4 for mDNS. Mar 20 12:03:56 freeipa03 avahi-daemon[734]: Registering new address record for 192.168.146.134 on eth0.IPv4. Mar 20 12:03:56 freeipa03 network[765]: Bringing up interface eth0: [ OK ] Mar 20 12:03:57 freeipa03 kernel: [ 28.697268] 8021q: 802.1Q VLAN Support v1.8 Mar 20 12:03:57 freeipa03 kernel: [ 28.697283] 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 12:03:57 freeipa03 rpc.statd[994]: Version 1.2.5 starting Mar 20 12:03:57 freeipa03 ntpd[741]: Listen normally on 4 eth0 192.168.146.134 UDP 123 Mar 20 12:03:57 freeipa03 ntpd[741]: Listen normally on 5 eth0 fe80::20c:29ff:fedc:9788 UDP 123 Mar 20 12:03:57 freeipa03 ntpd[741]: peers refreshed Mar 20 12:03:57 freeipa03 sm-notify[995]: Version 1.2.5 starting Mar 20 12:03:58 freeipa03 systemd[1]: PID file /run/sendmail.pid not readable (yet?) after start. Mar 20 12:04:04 freeipa03 ntpd_intres[773]: host name not found: 0.fedora.pool.ntp.org Mar 20 12:04:07 freeipa03 systemd[1]: PID file /var/run/krb5kdc.pid not readable (yet?) after start. Mar 20 12:04:09 freeipa03 ntpd_intres[773]: host name not found: 1.fedora.pool.ntp.org Mar 20 12:04:10 freeipa03 named[1113]: starting BIND 9.8.2rc2-RedHat-9.8.2-0.4.rc2.fc16 -u named Mar 20 12:04:10 freeipa03 named[1113]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'