Replica issue

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Replica issue


I want to install replica server but I have errors.

Replica server:
System: CentOS Linux release 7.4.1708 (Core)

What I do:

ipa-client-install --mkhomedir

This process ran without a problem


[root@auth02 ~]# ipa-replica-install
Password for [hidden email]:
Run connection check to master
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    Connection check failed!
See /var/log/ipareplica-conncheck.log for more information.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

In logs I see the problem is connection form master to replica server. This services are not install yet. Why ipa-replica-install checkt it? How to fix this problem?

2018-03-09T13:57:51Z DEBUG stderr=Check connection from replica to remote master 'auth01.idm.wan':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocoland would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC connection to remote master
trying https://auth01.idm.wan/ipa/json
[try 1]: Forwarding 'ping/1' to json server 'https://auth01.idm.wan/ipa/json'
Execute check on remote master
[try 1]: Forwarding 'server_conncheck' to json server 'https://auth01.idm.wan/ipa/json'
Check connection from master to remote replica 'auth02.idm.wan':
Failed to connect to port 389 tcp on
   Directory Service: Unsecure port (389): FAILED
Failed to connect to port 636 tcp on
   Directory Service: Secure port (636): FAILED
Failed to connect to port 88 tcp on
   Kerberos KDC: TCP (88): FAILED
Failed to connect to port 88 udp on
   Kerberos KDC: UDP (88): WARNING
Failed to connect to port 464 tcp on
   Kerberos Kpasswd: TCP (464): FAILED
Failed to connect to port 464 udp on
   Kerberos Kpasswd: UDP (464): WARNING
Failed to connect to port 80 tcp on
   HTTP Server: Unsecure port (80): FAILED
Failed to connect to port 443 tcp on
   HTTP Server: Secure port (443): FAILED
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.
ERROR: Port check failed! Inaccessible port(s): 389 (TCP), 636 (TCP), 88 (TCP), 464 (TCP), 80 (TCP), 443 (TCP)
ERROR: Remote master check failed with following error message(s):
ipa-replica-conncheck returned non-zero exit code

Best regards
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]