Auerbach, Steven via FreeIPA-users wrote: > Executed ipa-replica-prepare on an RHEL 6.9 server running ipa-server > 3.0.0.1_51 (name : ipa01) > > Yum installed ipa-server, ipa-server-dns, bind-dyndb-ldap on the target > Linux 7.6 server (name: ipa04) > > Copied the file to the target server to which ipa-server 4.6.5-11.0.1 is > installed (ipa04) > > Copied the file :/usr/share/ipa/copy-schema-to-ca.py from ipa v4.6 > server to the ipa v3.0 server and executed it successfully. > > Edited the /etc/resolv.con on ipa04 to include ipa01. Did not reboot. > > Executed ipa-replica-install --setup-dns --forwarder=8.8.8.8 --setup-ca > /var/lib/ipa/replica-info-ipa04.fbog.local.gpg (on ipa04) > > > 2019-11-16T16:23:24Z DEBUG The ipa-replica-install command failed, > exception: NotFound: wait_for_entry timeout on > ldap://ipa01.fbog.local:389 for > krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local > > 2019-11-16T16:23:24Z ERROR wait_for_entry timeout on > ldap://ipa01.fbog.local:389 for > krbprincipalname=HTTP/ipa04.fbog.local@FBOG.LOCAL,cn=services,cn=accounts,dc=fbog,dc=local > > > > Not sure where to go from here. Did I leave out some declaration or > specification on the initial command?
The problem isn't in the command invocation, replication is just slow enough for some reason that the new principal(s) weren't replicated to the existing master. I seem to recall a 389-ds option to mitigate this but I can't remember it off the to of my head (or maybe it isn't applicable for RHEL 6 master). cc'ing someone who would know. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org