On Fri, Jan 6, 2023 at 10:30 AM Francis Augusto Medeiros-Logeay via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
>
>
>
> ---
> Francis Augusto Medeiros-Logeay
> Oslo, Norway
>
> On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote:
> > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> >> Hi,
> >>
> >> I am trying to create a replica, but somehow I keep getting this
> >> error:
> >>
> >> [26/39]: setting up initial replication
> >> Starting replication, please wait until this has completed.
> >> Update in progress, 14 seconds elapsed
> >> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
> >> (-1) - LDAP error: Can't contact LDAP server - no response received]
> >>
> >>
> >> I am joining it this way:
> >>
> >> sudo ipa-replica-install -w mypass -n ipa.local --server
> >> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
> >> ntp.uio.no --force-join --setup-dns --auto-forwarders --skip-conncheck
> >>
> >> What can I do to investigate it?
> >>
> >> I see that the 389 port is reachable from the server on which I want
> >> to
> >> install a replica.
> >>
> >
> > Why are you using --skip-conncheck?
>
> It fails when not using it:
>
> Client configuration complete.
> The ipa-client-install command was successful
>
> Lookup failed: Preferred host freeipa02.francis.local does not provide
> DNS.
> Could not resolve hostname freeipa02.francis.local using DNS. Clients
> may not function properly. Please check your DNS setup. (Note that this
> check queries IPA DNS directly and ignores /etc/hosts.)
> Continue? [no]: yes
> Checking DNS forwarders, please wait ...
> Run connection check to master
> Removing client side components
> Unenrolling client from IPA server
> Removing Kerberos service principals from /etc/krb5.keytab
> Disabling client Kerberos and LDAP configurations
> Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> /etc/sssd/sssd.conf.deleted
> Restoring client configuration files
> Restoring ipa.local as NIS domain.
> nscd daemon is not installed, skip configuration
> nslcd daemon is not installed, skip configuration
> Systemwide CA database updated.
> Client uninstall complete.
> The ipa-client-install command was successful
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Connection check failed!
>
I'm assuming you are using IPA DNS, as it seems the issue is a DNS
misconfiguration (happens a lot to me).
Please, provide "--ip-address=IP_ADDRESS" on the command line.
This will add an entry to IPA DNS for the host, and you will not have to
skip connection check. It may also fix the issue for the replica
installation.
Rafael
> Best,
>
> Francis
>
> > rob
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to
> > freeipa-users-leave@lists.fedorahosted.org
> > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> > Do not reply to spam, report it:
> > https://pagure.io/fedora-infrastructure/new_issue
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat