On May 27, 2012, at 1:27 AM, Rob Crittenden wrote:
> Tomasz 'Zen' Napierała wrote:
>> Hi,
>>
>> I'm trying to install replica server that prevously failed to initialize.
>> Host ldap-s1 - first server
>> Host ldap-s2 - reinstalled server
>>
>> After ipa-replica-install on ldap-s2, I got:
>> Connection check OK
>> The host ldap-s2.xxx already exists on the master server. Depending on your
>> configuration, you may perform the following:
>>
>> Remove the replication agreement, if any:
>> % ipa-replica-manage del ldap-s2.xxx
>> Remove the host entry:
>> % ipa host-del ldap-s2.xxx
>>
>> So I tried to do that, but:
>> ipa-replica-manage del ldap-s2.xxx
>> Unable to delete replica ldap-s2.xxx: {'desc': "Can't contact LDAP server"}
>>
>> ldap-s1 tried to connect to ldap-s2 but obviously failed.
>> Then I did:
>> ipa host-del ldap-s2.xxx
>> ---------------------------------
>> Deleted host "ldap-s2.xxx"
>> ---------------------------------
>>
>> I prepared replica faile again, scped it to ldap-s2 and ran
>> ipa-replica-install again:
>> […]
>> [16/29]: configuring ssl for ds instance
>> [17/29]: configuring certmap.conf
>> [18/29]: configure autobind for root
>> [19/29]: configure new location for managed entries
>> [20/29]: restarting directory server
>> [21/29]: setting up initial replication
>> Starting replication, please wait until this has completed.
>> [ldap-s1.xxx] reports: Update failed! Status: [-2 - System error]
>> creation of replica failed: Failed to start replication
>>
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> During the attempt I got this on ldap-s1
>> [26/May/2012:19:24:04 +0000] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
>> [26/May/2012:19:24:07 +0000] slapd_ldap_sasl_interactive_bind - Error: could
>> not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local
>> error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
>> Minor code may provide more information (Server ldap/ldap-s2.xxx@XXX not
>> found in Kerberos database)) errno 2 (No such file or directory)
>>
>> and
>> [root@ldap-s1 ~]# ipa-replica-manage del ldap-s2.xxx
>> Unable to delete replica ldap-s2.xxx: {'info': 'SASL(-1): generic failure:
>> GSSAPI Error: Unspecified GSS failure. Minor code may provide more
>> information (Server ldap/ldap-s2.xxx@XXX not found in Kerberos database)',
>> 'desc': 'Local error'}
>>
>> Anyone has any ideas how to fix that??
>>
>> Regards,
>
> ipa-replica-manage del --force ldap-s2.xxx
>
> You'll want to restart the dirsrv service on ldap-s1 before attemping to
> re-install ldap-s2.
Thanks, I think you didn't notice my next email. I just did that exactly after
reading ipa-replica-manage manage ;)
Regards,
--
Tomasz 'Zen' Napierała
tom...@napierala.org
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
