Replica issue

classic Classic list List threaded Threaded
1 message Options
kt
Reply | Threaded
Open this post in threaded view
|

Replica issue

kt
Hi,

I want to install replica server but I have errors.

Replica server:
System: CentOS Linux release 7.4.1708 (Core)
IPA: VERSION: 4.5.0, API_VERSION: 2.228

What I do:

ipa-client-install --mkhomedir

This process ran without a problem

Next

[root@auth02 ~]# ipa-replica-install
Password for [hidden email]:
Run connection check to master
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    Connection check failed!
See /var/log/ipareplica-conncheck.log for more information.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

In logs I see the problem is connection form master to replica server. This services are not install yet. Why ipa-replica-install checkt it? How to fix this problem?

2018-03-09T13:57:51Z DEBUG stderr=Check connection from replica to remote master 'auth01.idm.wan':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocoland would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC connection to remote master
trying https://auth01.idm.wan/ipa/json
[try 1]: Forwarding 'ping/1' to json server 'https://auth01.idm.wan/ipa/json'
Execute check on remote master
[try 1]: Forwarding 'server_conncheck' to json server 'https://auth01.idm.wan/ipa/json'
Check connection from master to remote replica 'auth02.idm.wan':
Failed to connect to port 389 tcp on 10.0.102.56
   Directory Service: Unsecure port (389): FAILED
Failed to connect to port 636 tcp on 10.0.102.56
   Directory Service: Secure port (636): FAILED
Failed to connect to port 88 tcp on 10.0.102.56
   Kerberos KDC: TCP (88): FAILED
Failed to connect to port 88 udp on 10.0.102.56
   Kerberos KDC: UDP (88): WARNING
Failed to connect to port 464 tcp on 10.0.102.56
   Kerberos Kpasswd: TCP (464): FAILED
Failed to connect to port 464 udp on 10.0.102.56
   Kerberos Kpasswd: UDP (464): WARNING
Failed to connect to port 80 tcp on 10.0.102.56
   HTTP Server: Unsecure port (80): FAILED
Failed to connect to port 443 tcp on 10.0.102.56
   HTTP Server: Secure port (443): FAILED
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.
ERROR: Port check failed! Inaccessible port(s): 389 (TCP), 636 (TCP), 88 (TCP), 464 (TCP), 80 (TCP), 443 (TCP)
ERROR: Remote master check failed with following error message(s):
ipa-replica-conncheck returned non-zero exit code

Best regards
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]