subject:"Re\: \[Freeipa\-users\] ipa replication not working"

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-11-03 Thread Yogesh Sharma

LDAPS is also fine:

[root@ipa-inf-prd-ng2-02 ~]# ldapsearch -x -H ldaps://
ipa-inf-prd-ng2-01.klikpay.int -s base -b '' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: cn=changelog
namingContexts: dc=klikpay,dc=int
namingContexts: o=ipaca

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@ipa-inf-prd-ng2-02 ~]#


*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
 *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

   



On Mon, Nov 2, 2015 at 6:00 PM, Martin Basti  wrote:

>
>
> On 02.11.2015 08:01, Yogesh Sharma wrote:
>
> Listening:
>
> [root@ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 636
> Trying 172.16.32.10...
> Connected to ipa-inf-prd-ng2-01.klikpay.int.
> Escape character is '^]'.
>
>
> Can you try also ldaps with ldapsearch?
>
>
> *Best Regards,*
>
> *__ *
>
> *Yogesh Sharma *
> *Email:  yks0...@gmail.com  | Web:
> www.initd.in  *
>
> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
>
>    
> 
> 
>
> On Mon, Nov 2, 2015 at 12:23 PM, Alexander Bokovoy < 
> aboko...@redhat.com> wrote:
>
>> On Mon, 02 Nov 2015, Yogesh Sharma wrote:
>>
>>> Adding to this, I am able to do ldsearch from the server which I am
>>> trying
>>> to make replica.
>>>
>>> [root@ipa-inf-prd-ng2-02 ~]# ldapsearch -x -H ldap://
>>> ipa-inf-prd-ng2-01.klikpay.int -s base -b '' namingContexts
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <> with scope baseObject
>>> # filter: (objectclass=*)
>>> # requesting: namingContexts
>>> #
>>>
>> What about port 636? Replica install requires LDAPS.
>>
>> --
>> / Alexander Bokovoy
>>
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-11-02 Thread Yogesh Sharma

Tried to re-enroll the replica however, getting the same error, though I am
able to connect to server.

=

Starting replication, please wait until this has completed.

[ipa-inf-prd-ng2-01.klikpay.int] reports: Update failed! Status: [-1  -
LDAP error: Can't contact LDAP server]

  [error] RuntimeError: Failed to start replication

=


[root@ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 389
Trying 172.16.32.10...
Connected to ipa-inf-prd-ng2-01.klikpay.int.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
[root@ipa-inf-prd-ng2-02 ~]#



*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
 *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

   



On Fri, Oct 30, 2015 at 7:05 PM, Rob Crittenden  wrote:

> Yogesh Sharma wrote:
> > Team,
> >
> > Noticed that user created on IPA Master are not replicating on Replica.
> >
> > Also, we create a new Zone in Master, However we do not see the same in
> > replica server.
>
> You need to figure out why ipa-inf-prd-ng2-01.klikpay.int can't contact
> port 389 on ipa-inf-prd-ng2-02.klikpay.int. It may be someone threw up a
> firewall without telling you, or someone tweaked the rules on either of
> those boxes.
>
> Doing re-init, force-sync, etc is always going to fail if one can't talk
> to the other.
>
> rob
>
> >
> >
> > Below is the information:
> >
> > From Master:
> >
> > [root@ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
> > ipa-inf-prd-ng2-01.klikpay.int 
> > Directory Manager password:
> >
> > ipa-inf-prd-ng2-02.klikpay.int :
> > replica
> >   last init status: None
> >   last init ended: None
> >   last update status: -1 Unable to acquire replicaLDAP error: Can't
> > contact LDAP server
> >   last update ended: None
> > [root@ipa-inf-prd-ng2-01 ~]#
> >
> >
> >
> > From Replica:
> >
> >
> > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
> > ipa-inf-prd-ng2-02.klikpay.int 
> > Directory Manager password:
> >
> > ipa-inf-prd-ng2-01.klikpay.int :
> > replica
> >   last init status: None
> >   last init ended: None
> >   last update status: 0 Replica acquired successfully: Incremental
> > update succeeded
> >   last update ended: 2015-10-30 10:36:25+00:00
> > [root@ipa-inf-prd-ng2-02 ~]#
> >
> >
> > Though it says it is replicated (last update ended), We are not seeing
> > new users and the new DNS Zone which we created
> >
> >
> > I also tried force replication, though I can not see the new Changes:
> >
> > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
> > ipa-inf-prd-ng2-01.klikpay.int 
> > Directory Manager password:
> >
> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> >  >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config schedule to 2358-2359 0 to force synch
> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> > cn=meToipa-inf-prd-ng2-02.klikpay.int
> >  >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config
> > [root@ipa-inf-prd-ng2-02 ~]#
> >
> >
> > Once I do re-initialization, it gives "Can't Contact LDAP Server"
> >
> > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from
> > ipa-inf-prd-ng2-01.klikpay.int 
> > Directory Manager password:
> >
> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> >  >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config schedule to 2358-2359 0 to force synch
> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> > cn=meToipa-inf-prd-ng2-02.klikpay.int
> >  >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> > tree,cn=config
> >
> > [ipa-inf-prd-ng2-01.klikpay.int ]
> > reports: Update failed! Status: [-1  - LDAP error: Can't contact LDAP
> > server]
> >
> >
> >
> >
> > /Best Regards,/
> > /__
> > /
> > /Yogesh Sharma
> > /
> > /Email: yks0...@gmail.com  | Web: www.initd.in
> >  /
> > /
> > /
> > /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
> >
> >     <
> https://twitter.com/checkwithyogesh>  <
> http://google.com/+YogeshSharmaOnGooglePlus>
> >
> >
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-11-02 Thread Martin Basti




On 02.11.2015 08:01, Yogesh Sharma wrote:

Listening:

[root@ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 
 636

Trying 172.16.32.10...
Connected to ipa-inf-prd-ng2-01.klikpay.int 
.

Escape character is '^]'.


Can you try also ldaps with ldapsearch?



/Best Regards,/
/__
/
/Yogesh Sharma
/
/Email: yks0...@gmail.com  | Web: 
www.initd.in  /

/
/
/RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/

  
 



On Mon, Nov 2, 2015 at 12:23 PM, Alexander Bokovoy 
> wrote:


On Mon, 02 Nov 2015, Yogesh Sharma wrote:

Adding to this, I am able to do ldsearch from the server which
I am trying
to make replica.

[root@ipa-inf-prd-ng2-02 ~]# ldapsearch -x -H ldap://
ipa-inf-prd-ng2-01.klikpay.int
 -s base -b ''
namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

What about port 636? Replica install requires LDAPS.

-- 
/ Alexander Bokovoy





-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-11-01 Thread Yogesh Sharma

Adding to this, I am able to do ldsearch from the server which I am trying
to make replica.

[root@ipa-inf-prd-ng2-02 ~]# ldapsearch -x -H ldap://
ipa-inf-prd-ng2-01.klikpay.int -s base -b '' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: cn=changelog
namingContexts: dc=klikpay,dc=int
namingContexts: o=ipaca

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@ipa-inf-prd-ng2-02 ~]#


*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
 *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

   



On Mon, Nov 2, 2015 at 11:24 AM, Yogesh Sharma  wrote:

> Tried to re-enroll the replica however, getting the same error, though I
> am able to connect to server.
>
> =
>
> Starting replication, please wait until this has completed.
>
> [ipa-inf-prd-ng2-01.klikpay.int] reports: Update failed! Status: [-1  -
> LDAP error: Can't contact LDAP server]
>
>   [error] RuntimeError: Failed to start replication
>
> =
>
>
> [root@ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 389
> Trying 172.16.32.10...
> Connected to ipa-inf-prd-ng2-01.klikpay.int.
> Escape character is '^]'.
> ^]
> telnet> quit
> Connection closed.
> [root@ipa-inf-prd-ng2-02 ~]#
>
>
>
> *Best Regards,*
>
> *__*
>
> *Yogesh Sharma*
> *Email: yks0...@gmail.com  | Web: www.initd.in
>  *
>
> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
>
>    
> 
> 
>
> On Fri, Oct 30, 2015 at 7:05 PM, Rob Crittenden 
> wrote:
>
>> Yogesh Sharma wrote:
>> > Team,
>> >
>> > Noticed that user created on IPA Master are not replicating on Replica.
>> >
>> > Also, we create a new Zone in Master, However we do not see the same in
>> > replica server.
>>
>> You need to figure out why ipa-inf-prd-ng2-01.klikpay.int can't contact
>> port 389 on ipa-inf-prd-ng2-02.klikpay.int. It may be someone threw up a
>> firewall without telling you, or someone tweaked the rules on either of
>> those boxes.
>>
>> Doing re-init, force-sync, etc is always going to fail if one can't talk
>> to the other.
>>
>> rob
>>
>> >
>> >
>> > Below is the information:
>> >
>> > From Master:
>> >
>> > [root@ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
>> > ipa-inf-prd-ng2-01.klikpay.int 
>> > Directory Manager password:
>> >
>> > ipa-inf-prd-ng2-02.klikpay.int :
>> > replica
>> >   last init status: None
>> >   last init ended: None
>> >   last update status: -1 Unable to acquire replicaLDAP error: Can't
>> > contact LDAP server
>> >   last update ended: None
>> > [root@ipa-inf-prd-ng2-01 ~]#
>> >
>> >
>> >
>> > From Replica:
>> >
>> >
>> > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
>> > ipa-inf-prd-ng2-02.klikpay.int 
>> > Directory Manager password:
>> >
>> > ipa-inf-prd-ng2-01.klikpay.int :
>> > replica
>> >   last init status: None
>> >   last init ended: None
>> >   last update status: 0 Replica acquired successfully: Incremental
>> > update succeeded
>> >   last update ended: 2015-10-30 10:36:25+00:00
>> > [root@ipa-inf-prd-ng2-02 ~]#
>> >
>> >
>> > Though it says it is replicated (last update ended), We are not seeing
>> > new users and the new DNS Zone which we created
>> >
>> >
>> > I also tried force replication, though I can not see the new Changes:
>> >
>> > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
>> > ipa-inf-prd-ng2-01.klikpay.int 
>> > Directory Manager password:
>> >
>> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
>> > > >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>> > tree,cn=config schedule to 2358-2359 0 to force synch
>> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
>> > cn=meToipa-inf-prd-ng2-02.klikpay.int
>> > > >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>> > tree,cn=config
>> > [root@ipa-inf-prd-ng2-02 ~]#
>> >
>> >
>> > Once I do re-initialization, it gives "Can't Contact LDAP Server"
>> >
>> > [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from
>> > ipa-inf-prd-ng2-01.klikpay.int 
>> > Directory Manager password:
>> >
>> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
>> >

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-11-01 Thread Alexander Bokovoy


On Mon, 02 Nov 2015, Yogesh Sharma wrote:

Adding to this, I am able to do ldsearch from the server which I am trying
to make replica.

[root@ipa-inf-prd-ng2-02 ~]# ldapsearch -x -H ldap://
ipa-inf-prd-ng2-01.klikpay.int -s base -b '' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#

What about port 636? Replica install requires LDAPS.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-11-01 Thread Yogesh Sharma

Listening:

[root@ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 636
Trying 172.16.32.10...
Connected to ipa-inf-prd-ng2-01.klikpay.int.
Escape character is '^]'.

*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
 *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

   



On Mon, Nov 2, 2015 at 12:23 PM, Alexander Bokovoy 
wrote:

> On Mon, 02 Nov 2015, Yogesh Sharma wrote:
>
>> Adding to this, I am able to do ldsearch from the server which I am trying
>> to make replica.
>>
>> [root@ipa-inf-prd-ng2-02 ~]# ldapsearch -x -H ldap://
>> ipa-inf-prd-ng2-01.klikpay.int -s base -b '' namingContexts
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <> with scope baseObject
>> # filter: (objectclass=*)
>> # requesting: namingContexts
>> #
>>
> What about port 636? Replica install requires LDAPS.
>
> --
> / Alexander Bokovoy
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-10-30 Thread Martin Basti




On 30.10.2015 11:54, Yogesh Sharma wrote:

Additionally, On Replica UI, I am getting below Error Message:


IPA Error 4301: CertificateOperationError

Certificate operation cannot be completed: Unable to communicate with 
CMS (Not Found)



Hello, can you check /var/log/httpd/error_log if there is a detailed info?

Martin


/Best Regards,/
/__
/
/Yogesh Sharma
/
/Email: yks0...@gmail.com  | Web: 
www.initd.in  /

/
/
/RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/

  
 



On Fri, Oct 30, 2015 at 4:16 PM, Yogesh Sharma > wrote:


Team,

Noticed that user created on IPA Master are not replicating on
Replica.

Also, we create a new Zone in Master, However we do not see the
same in replica server.


Below is the information:

From Master:

[root@ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
ipa-inf-prd-ng2-01.klikpay.int 
Directory Manager password:

ipa-inf-prd-ng2-02.klikpay.int
: replica
  last init status: None
  last init ended: None
  last update status: -1 Unable to acquire replicaLDAP error:
Can't contact LDAP server
  last update ended: None
[root@ipa-inf-prd-ng2-01 ~]#



From Replica:


[root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
ipa-inf-prd-ng2-02.klikpay.int 
Directory Manager password:

ipa-inf-prd-ng2-01.klikpay.int
: replica
  last init status: None
  last init ended: None
  last update status: 0 Replica acquired successfully: Incremental
update succeeded
  last update ended: 2015-10-30 10:36:25+00:00
[root@ipa-inf-prd-ng2-02 ~]#


Though it says it is replicated (last update ended), We are not
seeing new users and the new DNS Zone which we created


I also tried force replication, though I can not see the new Changes:

[root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
ipa-inf-prd-ng2-01.klikpay.int 
Directory Manager password:

ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int

,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement
cn=meToipa-inf-prd-ng2-02.klikpay.int

,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
tree,cn=config
[root@ipa-inf-prd-ng2-02 ~]#


Once I do re-initialization, it gives "Can't Contact LDAP Server"

[root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize
--from ipa-inf-prd-ng2-01.klikpay.int

Directory Manager password:

ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int

,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement
cn=meToipa-inf-prd-ng2-02.klikpay.int

,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
tree,cn=config

[ipa-inf-prd-ng2-01.klikpay.int
] reports: Update failed!
Status: [-1  - LDAP error: Can't contact LDAP server]




/Best Regards,/
/__
/
/Yogesh Sharma
/
/Email: yks0...@gmail.com  | Web:
www.initd.in  /
/
/
/RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/

 








-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-10-30 Thread Rob Crittenden

Martin Basti wrote:
> 
> 
> On 30.10.2015 11:54, Yogesh Sharma wrote:
>> Additionally, On Replica UI, I am getting below Error Message:
>>
>>
>> IPA Error 4301: CertificateOperationError
>>
>> Certificate operation cannot be completed: Unable to communicate with
>> CMS (Not Found)
>>
> Hello, can you check /var/log/httpd/error_log if there is a detailed info?

Apache proxies CA requests. Not Found generally means that the CA is not
running or the CA web app wasn't registered. Check the pki logs in
/var/log/pki.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-10-30 Thread Rob Crittenden

Yogesh Sharma wrote:
> Team,
> 
> Noticed that user created on IPA Master are not replicating on Replica.
> 
> Also, we create a new Zone in Master, However we do not see the same in
> replica server.

You need to figure out why ipa-inf-prd-ng2-01.klikpay.int can't contact
port 389 on ipa-inf-prd-ng2-02.klikpay.int. It may be someone threw up a
firewall without telling you, or someone tweaked the rules on either of
those boxes.

Doing re-init, force-sync, etc is always going to fail if one can't talk
to the other.

rob

> 
> 
> Below is the information:
> 
> From Master:
> 
> [root@ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
> ipa-inf-prd-ng2-01.klikpay.int 
> Directory Manager password: 
> 
> ipa-inf-prd-ng2-02.klikpay.int :
> replica
>   last init status: None
>   last init ended: None
>   last update status: -1 Unable to acquire replicaLDAP error: Can't
> contact LDAP server
>   last update ended: None
> [root@ipa-inf-prd-ng2-01 ~]# 
> 
> 
> 
> From Replica:
> 
> 
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
> ipa-inf-prd-ng2-02.klikpay.int 
> Directory Manager password: 
> 
> ipa-inf-prd-ng2-01.klikpay.int :
> replica
>   last init status: None
>   last init ended: None
>   last update status: 0 Replica acquired successfully: Incremental
> update succeeded
>   last update ended: 2015-10-30 10:36:25+00:00
> [root@ipa-inf-prd-ng2-02 ~]# 
> 
> 
> Though it says it is replicated (last update ended), We are not seeing
> new users and the new DNS Zone which we created
> 
> 
> I also tried force replication, though I can not see the new Changes:
> 
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
> ipa-inf-prd-ng2-01.klikpay.int 
> Directory Manager password: 
> 
> ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> ,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config schedule to 2358-2359 0 to force synch
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> cn=meToipa-inf-prd-ng2-02.klikpay.int
> ,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config
> [root@ipa-inf-prd-ng2-02 ~]# 
> 
> 
> Once I do re-initialization, it gives "Can't Contact LDAP Server"
> 
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from
> ipa-inf-prd-ng2-01.klikpay.int 
> Directory Manager password: 
> 
> ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
> ,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config schedule to 2358-2359 0 to force synch
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement
> cn=meToipa-inf-prd-ng2-02.klikpay.int
> ,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config
> 
> [ipa-inf-prd-ng2-01.klikpay.int ]
> reports: Update failed! Status: [-1  - LDAP error: Can't contact LDAP
> server]
> 
> 
> 
> 
> /Best Regards,/
> /__
> /
> /Yogesh Sharma
> /
> /Email: yks0...@gmail.com  | Web: www.initd.in
>  /
> /
> /
> /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
> 
>     
>   
> 
> 
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-10-30 Thread Yogesh Sharma

Thanks Rob & Martin. I will check in Logs. However when I checked last time
I noticed that "pki-tomcat" service was not present in ipactl status output
on replica server.

Connectivity between master (ipa-inf-prd-ng2-01) and slave (02) is their ,
able to do telnet/nc on 389 686 from slave to master and vice versa.

-Yogesh Sharma

(Sent from my HTC)
On 30-Oct-2015 7:06 pm, "Rob Crittenden"  wrote:

> Martin Basti wrote:
> >
> >
> > On 30.10.2015 11:54, Yogesh Sharma wrote:
> >> Additionally, On Replica UI, I am getting below Error Message:
> >>
> >>
> >> IPA Error 4301: CertificateOperationError
> >>
> >> Certificate operation cannot be completed: Unable to communicate with
> >> CMS (Not Found)
> >>
> > Hello, can you check /var/log/httpd/error_log if there is a detailed
> info?
>
> Apache proxies CA requests. Not Found generally means that the CA is not
> running or the CA web app wasn't registered. Check the pki logs in
> /var/log/pki.
>
> rob
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

2015-10-30 Thread Yogesh Sharma

Additionally, On Replica UI, I am getting below Error Message:

IPA Error 4301: CertificateOperationError

Certificate operation cannot be completed: Unable to communicate with CMS
(Not Found)

*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
 *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

   



On Fri, Oct 30, 2015 at 4:16 PM, Yogesh Sharma  wrote:

> Team,
>
> Noticed that user created on IPA Master are not replicating on Replica.
>
> Also, we create a new Zone in Master, However we do not see the same in
> replica server.
>
>
> Below is the information:
>
> From Master:
>
> [root@ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
> ipa-inf-prd-ng2-01.klikpay.int
> Directory Manager password:
>
> ipa-inf-prd-ng2-02.klikpay.int: replica
>   last init status: None
>   last init ended: None
>   last update status: -1 Unable to acquire replicaLDAP error: Can't
> contact LDAP server
>   last update ended: None
> [root@ipa-inf-prd-ng2-01 ~]#
>
>
>
> From Replica:
>
>
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
> ipa-inf-prd-ng2-02.klikpay.int
> Directory Manager password:
>
> ipa-inf-prd-ng2-01.klikpay.int: replica
>   last init status: None
>   last init ended: None
>   last update status: 0 Replica acquired successfully: Incremental update
> succeeded
>   last update ended: 2015-10-30 10:36:25+00:00
> [root@ipa-inf-prd-ng2-02 ~]#
>
>
> Though it says it is replicated (last update ended), We are not seeing new
> users and the new DNS Zone which we created
>
>
> I also tried force replication, though I can not see the new Changes:
>
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
> ipa-inf-prd-ng2-01.klikpay.int
> Directory Manager password:
>
> ipa: INFO: Setting agreement 
> cn=meToipa-inf-prd-ng2-02.klikpay.int,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config schedule to 2358-2359 0 to force synch
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=
> meToipa-inf-prd-ng2-02.klikpay.int,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config
> [root@ipa-inf-prd-ng2-02 ~]#
>
>
> Once I do re-initialization, it gives "Can't Contact LDAP Server"
>
> [root@ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from
> ipa-inf-prd-ng2-01.klikpay.int
> Directory Manager password:
>
> ipa: INFO: Setting agreement 
> cn=meToipa-inf-prd-ng2-02.klikpay.int,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config schedule to 2358-2359 0 to force synch
> ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=
> meToipa-inf-prd-ng2-02.klikpay.int,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
> tree,cn=config
>
> [ipa-inf-prd-ng2-01.klikpay.int] reports: Update failed! Status: [-1  -
> LDAP error: Can't contact LDAP server]
>
>
>
>
> *Best Regards,*
>
> *__*
>
> *Yogesh Sharma*
> *Email: yks0...@gmail.com  | Web: www.initd.in
>  *
>
> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
>
>    
> 
> 
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

Re: [Freeipa-users] IPA Replication not working for User and DNS

11 matches

Site Navigation

Mail list logo

Footer information