[Freeipa-users] A couple of issues found with ipa-2.1.3-9 during setup/early use

Wed, 25 Jan 2012 06:30:21 -0800 

Hi

I've been testing our potential new IPA server before roll out and while
setting up a replica with ipa-server-2.1.3-9 I encountered the following
issues during installation

[root@ipa2 ~]# ipa-replica-install --setup-dns --no-forwarders --no-ntp
/var/lib/ipa/replica-info-ipa2.test.net.gpg

Directory Manager (existing master) password:****

** **

Run connection check to master****

Check connection from replica to remote master 'ipa1.test.net':****

   Directory Service: Unsecure port (389): OK****

   Directory Service: Secure port (636): OK****

   Kerberos KDC: TCP (88): OK****

   Kerberos KDC: UDP (88): OK****

   Kerberos Kpasswd: TCP (464): OK****

   Kerberos Kpasswd: UDP (464): OK****

   HTTP Server: port 80 (80): OK****

   HTTP Server: port 443(https) (443): OK****

** **

Connection from replica to master is OK.****

Start listening on required ports for remote master check****

Exception in thread Thread-2:****

Traceback (most recent call last):****

  File "/usr/lib64/python2.6/threading.py", line 532, in __bootstrap_inner**
**

    self.run()****

  File "/usr/sbin/ipa-replica-conncheck", line 238, in run****

    self.socket_timeout, responder_data="FreeIPA")

  File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 1134,
in bind_port_responder****

    raise e****
error: [Errno 97] Address family not supported by protocol


The same error runs across all threads. Turning on debug I can see that it
happens when this command is passed to the server
ipa-replica-conncheck --master ipa1.test.net --auto-master-check --realm
TEST.NET --principal admin --hostname ipa2.test.net

I got round that by running --skip-conncheck during the replica-install but
was suprised I've heard no-one else has mentioned the issue is there anyway
I can get some lower level debug info to find out the root cause of the
issue? The other thing I noticed is when hosts enroll no timestamp appears
in the "Enrolled?" column on the webui, it's not a major problem but my
guys quite liked using it as a visual aid to work though the servers they
had configured. I've looked at the 2.1.4 change log and nothing was
mentioned regarding fixes for either issue.

Cheers,
Charlie

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to