On Fri, Jan 6, 2023 at 1:25 PM Francis Augusto Medeiros-Logeay via
FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> wrote:
On 6 Jan 2023, at 14:53, Rafael Jeffman <rjeffman(a)redhat.com> wrote:
On Fri, Jan 6, 2023 at 10:30 AM Francis Augusto Medeiros-Logeay via
FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>
>
>
> ---
> Francis Augusto Medeiros-Logeay
> Oslo, Norway
>
> On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote:
> > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> >> Hi,
> >>
> >> I am trying to create a replica, but somehow I keep getting this
> >> error:
> >>
> >> [26/39]: setting up initial replication
> >> Starting replication, please wait until this has completed.
> >> Update in progress, 14 seconds elapsed
> >> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error
> >> (-1) - LDAP error: Can't contact LDAP server - no response received]
> >>
> >>
> >> I am joining it this way:
> >>
> >> sudo ipa-replica-install -w mypass -n ipa.local --server
> >> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool
> >> ntp.uio.no --force-join --setup-dns --auto-forwarders
--skip-conncheck
> >>
> >> What can I do to investigate it?
> >>
> >> I see that the 389 port is reachable from the server on which I want
> >> to
> >> install a replica.
> >>
> >
> > Why are you using --skip-conncheck?
>
> It fails when not using it:
>
> Client configuration complete.
> The ipa-client-install command was successful
>
> Lookup failed: Preferred host freeipa02.francis.local does not provide
> DNS.
> Could not resolve hostname freeipa02.francis.local using DNS. Clients
> may not function properly. Please check your DNS setup. (Note that this
> check queries IPA DNS directly and ignores /etc/hosts.)
> Continue? [no]: yes
> Checking DNS forwarders, please wait ...
> Run connection check to master
> Removing client side components
> Unenrolling client from IPA server
> Removing Kerberos service principals from /etc/krb5.keytab
> Disabling client Kerberos and LDAP configurations
> Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
> /etc/sssd/sssd.conf.deleted
> Restoring client configuration files
> Restoring ipa.local as NIS domain.
> nscd daemon is not installed, skip configuration
> nslcd daemon is not installed, skip configuration
> Systemwide CA database updated.
> Client uninstall complete.
> The ipa-client-install command was successful
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Connection check failed!
>
I'm assuming you are using IPA DNS, as it seems the issue is a DNS
misconfiguration (happens a lot to me).
Please, provide "--ip-address=IP_ADDRESS" on the command line.
This will add an entry to IPA DNS for the host, and you will not have to
skip connection check. It may also fix the issue for the replica
installation.
It works now - I restarted the server, added the DNS records (A, reverse
and @),
and the only issue was that it didn’t resolve a second replica:
unable to resolve host name free02.ipa.local. to IP address, ipa-ca DNS
record will
be incomplete
But it seems to work nevertheless.
Best,
Francis
Good to see that it works for you.
There might be other reasons, but when a replica installation fails for me,
almost always, it is related to some DNS issue.
Rafael
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat