Hi Rob thank you for your replies. So I tried to add the replica again in order to get the 389-ds logs.
Regarding the ipa versions: [root@ns1 ~]# rpm -q ipa-server ipa-client 389-ds-base pki-ca krb5-server ipa-server-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64 ipa-client-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64 389-ds-base-1.4.3.23-12.module+el8.5.0+13329+4096c77a.x86_64 pki-ca-10.11.2-4.module+el8.5.0+13827+5b1d191d.noarch krb5-server-1.18.2-14.el8.x86_64 [root@ns2 ~]# rpm -q ipa-server ipa-client 389-ds-base pki-ca krb5-server ipa-server-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64 ipa-client-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64 389-ds-base-1.4.3.23-12.module+el8.5.0+13329+4096c77a.x86_64 pki-ca-10.11.2-2.module+el8.5.0+12735+8eb38ccc.noarch krb5-server-1.18.2-14.el8.x86_64 [root@ns3 ~]# rpm -q ipa-server ipa-client 389-ds-base pki-ca krb5-server ipa-server-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64 ipa-client-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64 389-ds-base-1.4.3.23-12.module+el8.5.0+13329+4096c77a.x86_64 pki-ca-10.11.2-4.module+el8.5.0+13827+5b1d191d.noarch krb5-server-1.18.2-14.el8.x86_64 389-ds log "errors"- on the ns3 server I get these: ... [03/Mar/2022:16:48:00.624581992 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=dom0,dc=io does not exist [03/Mar/2022:16:48:00.648556508 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=dom0,dc=io does not exist [03/Mar/2022:16:48:00.649871391 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=dom0,dc=io does not exist [03/Mar/2022:16:48:00.812093673 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [03/Mar/2022:16:48:00.827192127 +0000] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=dom0,dc=io--no CoS Templates found, which should be added before the CoS Definition. [03/Mar/2022:16:48:00.900316830 +0000] - ERR - set_krb5_creds - Could not get initial credentials for principal [ldap/[email protected]] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text)) [03/Mar/2022:16:48:00.919565091 +0000] - ERR - schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds! [03/Mar/2022:16:48:00.954303578 +0000] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [03/Mar/2022:16:48:00.956458369 +0000] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [03/Mar/2022:16:48:00.957156367 +0000] - INFO - slapd_daemon - Listening on /var/run/slapd-DOM0-IO.socket for LDAPI requests [03/Mar/2022:16:48:01.399627603 +0000] - ERR - dna-plugin - dna_get_remote_config_info - Using LDAP protocol, but the non-secure port is not defined. [03/Mar/2022:16:48:01.400766987 +0000] - ERR - dna-plugin - dna_request_range: Unable to retrieve replica bind credentials. [03/Mar/2022:16:48:05.945122138 +0000] - ERR - schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=dom0,dc=io [03/Mar/2022:16:48:05.947292612 +0000] - ERR - schema-compat-plugin - Finished plugin initialization. [03/Mar/2022:16:50:11.843513650 +0000] - ERR - dna-plugin - _dna_pre_op_add - No more values available!! [03/Mar/2022:16:50:11.870225283 +0000] - ERR - ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 128]: Missing target entry. And on ns1 (the master to which ns3 is connected to): ... [03/Mar/2022:16:46:30.764506978 +0000] - INFO - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meTons3.dom0.io" (ns3:389): Replication bind with GSSAPI auth resumed [03/Mar/2022:16:47:02.271983007 +0000] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=caTons3.dom0.io" (ns3:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [03/Mar/2022:16:47:18.401932405 +0000] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=meTons3.dom0.io" (ns3:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [03/Mar/2022:16:47:33.173387566 +0000] - ERR - repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: "20100614120000" remote server: "(null)". [03/Mar/2022:16:47:33.665069742 +0000] - INFO - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meTons3.dom0.io" (ns3:389): Replication bind with GSSAPI auth resumed [03/Mar/2022:16:47:37.010415940 +0000] - WARN - content-sync-plugin - sync_update_persist_betxn_pre_op - DB retried operation targets "changenumber=4245,cn=changelog" (op=0x7f31a94cc400 idx_pl=1) => op not changed in PL [03/Mar/2022:16:47:37.282297165 +0000] - WARN - content-sync-plugin - sync_update_persist_betxn_pre_op - DB retried operation targets "changenumber=4253,cn=changelog" (op=0x7f31a94cde00 idx_pl=1) => op not changed in PL [03/Mar/2022:16:47:47.542306051 +0000] - INFO - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=caTons3.dom0.io" (ns3:389): Replication bind with GSSAPI auth resumed [03/Mar/2022:16:47:57.596028220 +0000] - WARN - NSMMReplicationPlugin - acquire_replica - agmt="cn=caTons3.dom0.io" (ns3:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [03/Mar/2022:16:48:06.682863336 +0000] - INFO - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=caTons3.dom0.io" (ns3:389): Replication bind with GSSAPI auth resumed Couldn't find any entries related to "fallback" only those with dna-plugin. The IdM master only has 3 lines with this timestamp: [03/Mar/2022:16:47:37.714182360 +0000] - WARN - content-sync-plugin - sync_update_persist_betxn_pre_op - DB retried operation targets "changenumber=3560,cn=changelog" (op=0x7f3254f19400 idx_pl=1) => op not changed in PL [03/Mar/2022:16:47:37.759767983 +0000] - WARN - content-sync-plugin - sync_update_persist_betxn_pre_op - DB retried operation targets "changenumber=3562,cn=changelog" (op=0x7f3254f1da00 idx_pl=1) => op not changed in PL [03/Mar/2022:16:47:37.885157628 +0000] - WARN - content-sync-plugin - sync_update_persist_betxn_pre_op - DB retried operation targets "changenumber=3566,cn=changelog" (op=0x7f32589b1800 idx_pl=1) => op not changed in PL I find quite awkward the entries saying Incompatible IPA versions, as they literally have the same version, not only IPA but also distro and updates. Thank you. rm _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
