> On 6 Jan 2023, at 14:53, Rafael Jeffman <rjeff...@redhat.com> wrote: > > > > On Fri, Jan 6, 2023 at 10:30 AM Francis Augusto Medeiros-Logeay via > FreeIPA-users <freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org>> wrote: > > > > > > > > --- > > Francis Augusto Medeiros-Logeay > > Oslo, Norway > > > > On 2023-01-06 14:05, Rob Crittenden via FreeIPA-users wrote: > > > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: > > >> Hi, > > >> > > >> I am trying to create a replica, but somehow I keep getting this > > >> error: > > >> > > >> [26/39]: setting up initial replication > > >> Starting replication, please wait until this has completed. > > >> Update in progress, 14 seconds elapsed > > >> [ldap://free02.ipa.local:389] reports: Update failed! Status: [Error > > >> (-1) - LDAP error: Can't contact LDAP server - no response received] > > >> > > >> > > >> I am joining it this way: > > >> > > >> sudo ipa-replica-install -w mypass -n ipa.local --server > > >> free02.ipa.local --hostname freeipa02.francis.local --ntp-pool > > >> ntp.uio.no <http://ntp.uio.no/> --force-join --setup-dns > > >> --auto-forwarders --skip-conncheck > > >> > > >> What can I do to investigate it? > > >> > > >> I see that the 389 port is reachable from the server on which I want > > >> to > > >> install a replica. > > >> > > > > > > Why are you using --skip-conncheck? > > > > It fails when not using it: > > > > Client configuration complete. > > The ipa-client-install command was successful > > > > Lookup failed: Preferred host freeipa02.francis.local does not provide > > DNS. > > Could not resolve hostname freeipa02.francis.local using DNS. Clients > > may not function properly. Please check your DNS setup. (Note that this > > check queries IPA DNS directly and ignores /etc/hosts.) > > Continue? [no]: yes > > Checking DNS forwarders, please wait ... > > Run connection check to master > > Removing client side components > > Unenrolling client from IPA server > > Removing Kerberos service principals from /etc/krb5.keytab > > Disabling client Kerberos and LDAP configurations > > Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to > > /etc/sssd/sssd.conf.deleted > > Restoring client configuration files > > Restoring ipa.local as NIS domain. > > nscd daemon is not installed, skip configuration > > nslcd daemon is not installed, skip configuration > > Systemwide CA database updated. > > Client uninstall complete. > > The ipa-client-install command was successful > > > > Your system may be partly configured. > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > > > Connection check failed! > > > > I'm assuming you are using IPA DNS, as it seems the issue is a DNS > misconfiguration (happens a lot to me). > > Please, provide "--ip-address=IP_ADDRESS" on the command line. > This will add an entry to IPA DNS for the host, and you will not have to > skip connection check. It may also fix the issue for the replica > installation.
It works now - I restarted the server, added the DNS records (A, reverse and @), and the only issue was that it didn’t resolve a second replica: unable to resolve host name free02.ipa.local. to IP address, ipa-ca DNS record will be incomplete But it seems to work nevertheless. Best, Francis
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
