On Fri, Jan 6, 2023 at 1:25 PM Francis Augusto Medeiros-Logeay via FreeIPA-users <[email protected]> wrote: > > > > On 6 Jan 2023, at 14:53, Rafael Jeffman <[email protected]> wrote: > > > > On Fri, Jan 6, 2023 at 10:30 AM Francis Augusto Medeiros-Logeay via FreeIPA-users <[email protected]> wrote: > > > > > > > > --- > > Francis Augusto Medeiros-Logeay > > Oslo, Norway > > > > On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote: > > > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: > > >> Hi, > > >> > > >> I am trying to create a replica, but somehow I keep getting this > > >> error: > > >> > > >> [26/39]: setting up initial replication > > >> Starting replication, please wait until this has completed. > > >> Update in progress, 14 seconds elapsed > > >> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error > > >> (-1) - LDAP error: Can't contact LDAP server - no response received] > > >> > > >> > > >> I am joining it this way: > > >> > > >> sudo ipa-replica-install -w mypass -n ipa.local --server > > >> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool > > >> ntp.uio.no --force-join --setup-dns --auto-forwarders --skip-conncheck > > >> > > >> What can I do to investigate it? > > >> > > >> I see that the 389 port is reachable from the server on which I want > > >> to > > >> install a replica. > > >> > > > > > > Why are you using --skip-conncheck? > > > > It fails when not using it: > > > > Client configuration complete. > > The ipa-client-install command was successful > > > > Lookup failed: Preferred host freeipa02.francis.local does not provide > > DNS. > > Could not resolve hostname freeipa02.francis.local using DNS. Clients > > may not function properly. Please check your DNS setup. (Note that this > > check queries IPA DNS directly and ignores /etc/hosts.) > > Continue? [no]: yes > > Checking DNS forwarders, please wait ... > > Run connection check to master > > Removing client side components > > Unenrolling client from IPA server > > Removing Kerberos service principals from /etc/krb5.keytab > > Disabling client Kerberos and LDAP configurations > > Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to > > /etc/sssd/sssd.conf.deleted > > Restoring client configuration files > > Restoring ipa.local as NIS domain. > > nscd daemon is not installed, skip configuration > > nslcd daemon is not installed, skip configuration > > Systemwide CA database updated. > > Client uninstall complete. > > The ipa-client-install command was successful > > > > Your system may be partly configured. > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > > > Connection check failed! > > > > I'm assuming you are using IPA DNS, as it seems the issue is a DNS > misconfiguration (happens a lot to me). > > Please, provide "--ip-address=IP_ADDRESS" on the command line. > This will add an entry to IPA DNS for the host, and you will not have to > skip connection check. It may also fix the issue for the replica > installation. > > > > It works now - I restarted the server, added the DNS records (A, reverse and @), and the only issue was that it didn’t resolve a second replica: > > unable to resolve host name free02.ipa.local. to IP address, ipa-ca DNS record will be incomplete > > But it seems to work nevertheless. > > Best, > > Francis >
Good to see that it works for you. There might be other reasons, but when a replica installation fails for me, almost always, it is related to some DNS issue. Rafael > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
