So today I come in to work and find that one of my FreeIPA servers isn't
synching with the rest of the cluster. I have a policy set to to go in a big
square. I tried doing a ipa-replica-manage force-sync --verbose and then tried
doing a re-initialize. I have the networks wide open to allow communication to
all the servers. When I telnet to port 636 from a remote system it works fine.
I have applications that are using ldaps so I know its working. Any reason I
would not be able to communicate over ldaps?
[root@freeipa04 ~]# ipa-replica-manage force-sync --from
freeipa03.east.gatewayblend.net --verboseTraceback (most recent call last):
File "/sbin/ipa-replica-manage", line 1615, in <module> main(options, args)
File "/sbin/ipa-replica-manage", line 1564, in main options.nolookup) File
"/sbin/ipa-replica-manage", line 1234, in force_sync repl =
replication.ReplicationManager(realm, fromhost, dirman_passwd) File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 222,
in __init__ self.conn.gssapi_bind() File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1124, in
gssapi_bind '', auth_tokens, server_controls, client_controls) File
"/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback) File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1005, in
error_handler error=info)NetworkError: cannot connect to
'ldaps://freeipa03.east.gatewayblend.net:636':Unexpected error: cannot connect
to 'ldaps://freeipa03.east.gatewayblend.net:636':[root@freeipa04 ~]#
[root@freeipa04 ~]# ipa-replica-manage re-initialize --from
freeipa03.east.gatewayblend.net --verboseTraceback (most recent call last):
File "/sbin/ipa-replica-manage", line 1615, in <module> main(options, args)
File "/sbin/ipa-replica-manage", line 1558, in main options.nolookup) File
"/sbin/ipa-replica-manage", line 1200, in re_initialize repl =
replication.ReplicationManager(realm, fromhost, dirman_passwd) File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 222,
in __init__ self.conn.gssapi_bind() File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1124, in
gssapi_bind '', auth_tokens, server_controls, client_controls) File
"/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback) File
"/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1005, in
error_handler error=info)NetworkError: cannot connect to
'ldaps://freeipa03.east.gatewayblend.net:636':Unexpected error: cannot connect
to 'ldaps://freeipa03.east.gatewayblend.net:636':[root@freeipa04 ~]#
[root@freeipa04 ~]# ipa-replica-manage re-initialize --from
freeipa03.stl1.gatewayblend.net --verboseipa: INFO: Setting agreement
cn=freeipa03.stl1.gatewayblend.net-to-freeipa04.east.gatewayblend.net,cn=replica,cn=dc\=gatewayblend\,dc\=net,cn=mapping
tree,cn=config schedule to 2358-2359 0 to force synchipa: INFO: Deleting
schedule 2358-2359 0 from agreement
cn=freeipa03.stl1.gatewayblend.net-to-freeipa04.east.gatewayblend.net,cn=replica,cn=dc\=gatewayblend\,dc\=net,cn=mapping
tree,cn=configUpdate in progress, 14 seconds
elapsed[ldaps://freeipa03.stl1.gatewayblend.net:636] reports: Update failed!
Status: [-1 - LDAP error: Can't contact LDAP server]
[root@freeipa04 ~]#
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org