On 11/01/18 20:28, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
On 11/01/18 17:12, Florence Blanc-Renaud wrote:
I must admit that I'm getting lost among all the errors... Can you summarize your topology (for instance server A installed as first IPA master, then server B successfully configured as a replica, then server C where I tried to run ipa-replica-install but the command failed).
This way we'll be able to sort out the various issues.
Thanks, Flo
Ok, dirsrv errors just in case, all the server logged during replica failed installation:
$ tailf /var/log/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/errors [11/Jan/2018:18:01:51.302445627 +0000] - ERR - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) () [11/Jan/2018:18:01:51.366234558 +0000] - INFO - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389): Replication bind with GSSAPI auth resumed [11/Jan/2018:18:01:52.914160480 +0000] - INFO - NSMMReplicationPlugin - repl5_tot_run - Beginning total update of replica "agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)". [11/Jan/2018:18:01:57.349282726 +0000] - INFO - NSMMReplicationPlugin - repl5_tot_run - Finished total update of replica "agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389)". Sent 554 entries. [11/Jan/2018:18:02:02.381314331 +0000] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [11/Jan/2018:18:02:05.449923136 +0000] - INFO - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meTodzien.priv.xx.xx.priv.xx.xx.x" (dzien:389): Replication bind with GSSAPI auth resumed
Are you absolutely sure the network ports are open in both directions?
You aren't using the --skip-conncheck argument are you?
rob
I'm double posting.. beware Jesus freaking Christ.. (this comes after I produced a whole litany of of bad words in my own language), sorry. It almost drove me insane! no, really!
all these problems, all these errors, all because of my root's umask 027 Now having replica installed, I'll see how two servers behave in my simple domain.
Guys, make it a very first check in installer code and make that installer fail, and.. push out a new release with that little fix like... yesterday(do not wait till it's properly fixed) You can still save lives! :)