On Fri, Jan 6, 2023 at 1:25 PM Francis Augusto Medeiros-Logeay via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
>
>
>
> On 6 Jan 2023, at 14:53, Rafael Jeffman <rjeffman@redhat.com> wrote:
>
>
>
> On Fri, Jan 6, 2023 at 10:30 AM Francis Augusto Medeiros-Logeay via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
> >
> >
> >
> > ---
> > Francis Augusto Medeiros-Logeay
> > Oslo, Norway
> >
> > On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote:
> > > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> > >> Hi,
> > >>
> > >> I am trying to create a replica, but somehow I keep getting this
> > >> error:
> > >>
> > >>  [26/39]: setting up initial replication
> > >> Starting replication, please wait until this has completed.
> > >> Update in progress, 14 seconds elapsed
> > >> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
> > >> (-1) - LDAP error: Can't contact LDAP server - no response received]
> > >>
> > >>
> > >> I am joining it this way:
> > >>
> > >> sudo ipa-replica-install -w mypass -n ipa.local --server
> > >> free02.ipa.local --hostname freeipa02.francis.local  --ntp-pool
> > >> ntp.uio.no --force-join --setup-dns --auto-forwarders --skip-conncheck
> > >>
> > >> What can I do to investigate it?
> > >>
> > >> I see that the 389 port is reachable from the server on which I want
> > >> to
> > >> install a replica.
> > >>
> > >
> > > Why are you using --skip-conncheck?
> >
> > It fails when not using it:
> >
> > Client configuration complete.
> > The ipa-client-install command was successful
> >
> > Lookup failed: Preferred host freeipa02.francis.local does not provide
> > DNS.
> > Could not resolve hostname freeipa02.francis.local using DNS. Clients
> > may not function properly. Please check your DNS setup. (Note that this
> > check queries IPA DNS directly and ignores /etc/hosts.)
> > Continue? [no]: yes
> > Checking DNS forwarders, please wait ...
> > Run connection check to master
> > Removing client side components
> > Unenrolling client from IPA server
> > Removing Kerberos service principals from /etc/krb5.keytab
> > Disabling client Kerberos and LDAP configurations
> > Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> > /etc/sssd/sssd.conf.deleted
> > Restoring client configuration files
> > Restoring ipa.local as NIS domain.
> > nscd daemon is not installed, skip configuration
> > nslcd daemon is not installed, skip configuration
> > Systemwide CA database updated.
> > Client uninstall complete.
> > The ipa-client-install command was successful
> >
> > Your system may be partly configured.
> > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >
> > Connection check failed!
> >
>
> I'm assuming you are using IPA DNS, as it seems the issue is a DNS
> misconfiguration (happens a lot to me).
>
> Please, provide "--ip-address=IP_ADDRESS" on the command line.
> This will add an entry to IPA DNS for the host, and you will not have to
> skip connection check. It may also fix the issue for the replica
> installation.
>
>
>
> It works now - I restarted the server, added the DNS records (A, reverse and @), and the only issue was that it didn’t resolve a second replica:
>
> unable to resolve host name free02.ipa.local. to IP address, ipa-ca DNS record will be incomplete
>
> But it seems to work nevertheless.
>
> Best,
>
> Francis

> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue



--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat