No, can't telnet to 7389 or 9444 either one: [root@ipamaster]# telnet oldmaster.my.com 7389 Trying 10.0.0.42... telnet: connect to address 10.0.0.42: COnnection refused [root@ipamaster]#
I do note that I only have packages called dogtag-*-theme installed: [root@oldmaster]# yum list "*dogtag*" Loaded plugins: lnagpacks, presto, refresh-packagekit Installed Packages dogtag-pki-ca-theme.noarch 9.0.11-1.fc17 @fedora dogtag-pki-common-theme.noarch 9.0.11-1.fc17 @fedora Available Packages dogtag-pki.noarch 9.0.0-13.fc17 @fedora : I also noticed that, according to /var/log/pki-ca/catalina.out and /var/log/pki-ca/debug, this hasn't successfully run since 05-Feb. And no, I'm not sure what happened on that day to change things, but I'm trying to find out. (At least, I assume this logdir relates to dogtag....) * * *Bret Wortman* <http://damascusgrp.com/> http://damascusgrp.com/ <http://bretwortman.com/> http://twitter.com/BretWortman On Tue, Feb 19, 2013 at 1:26 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Natxo Asenjo wrote: > >> On Tue, Feb 19, 2013 at 5:58 PM, Bret Wortman >> <bret.wort...@damascusgrp.com >> <mailto:bret.wortman@**damascusgrp.com<bret.wort...@damascusgrp.com>>> >> wrote: >> >> Digging a bit deeper, I found this in /var/log/pki-ca/catalina.out: >> >> : >> Could not connect to LDAP server host oldmaster.my.com >> <http://oldmaster.my.com> port 7389 Error >> >> netscape.ldap.LDAPException: failed to connect to server >> ldap://oldmaster.my.com:7389 <http://oldmaster.my.com:7389> (91) >> >> >> This certainly appears to be a problem, but everyone's >> authenticating against oldmaster just fine. Thoughts, anyone? >> >> >> can you connect to that port (7389) on oldmaster.my.com >> <http://oldmaster.my.com> from the other replica? (try telnetting to the >> port: telnet oldmaster.my.com <http://oldmaster.my.com> 7389) >> > > 7389 is port in the 389-ds instance used by dogtag. Is the instance > running on oldmaster? > > It isn't used for authentication which is why you aren't seeing problems > with clients. > > rob > > ______________________________**_________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users> >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users