On 03/19/2013 01:12 PM, Bret Wortman wrote: > Preparation of the replica data file went without a hitch, but on > installation: > > # ipa-replica-install --setup-dns --no-forwarders > replica-info-jsipa.damascusgrp.com <http://replica-info-jsipa.damascusgrp.com> > --skip-conncheck > Directory Manager (existing master) password: > > Configuring NTP daemon (ntpd) > : > Configuring directory server (dirsrv): Estimated time 1 minute > : > : > [21/30]: setting up initial replication > Starting replication, please wait until this has completed. > [ipamaster.damascusgrp.com <http://ipamaster.damascusgrp.com>] reports: Update > failed! Status: [-1 - LDAP error: Can't contact LDAP server] > : > # getenforce > Disabled > # systemctl status iptables.service > iptables.service > Loaded: error (Reason: No such file or directory) > Active: inactive(dead) > > # > > Any ideas? This is a brand-new server just set up via kickstart. It's running > Fedora 18 and IPA 3.1.0-2.fc18. > > _ > _ > *Bret Wortman* > <http://damascusgrp.com/> > http://damascusgrp.com/ <http://bretwortman.com/> > http://twitter.com/BretWortman >
Hello Bret, Is ipamaster.damascusgrp.com still resolvable from the replica machine? I would try running: # host ipamaster.damascusgrp.com ... after the failed ipa-replica-install. There were issues in the past when /etc/resolv.conf changed during replica installation and caused similar error in a middle of ipa-replica-install. If the DNS resolution is OK, I would also check /var/log/dirsvr/slapd-INST/errors on replica and on master - are there any relevant errors? Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users