On May 21, 2014, at 6:54 , Martin Kosek <mko...@redhat.com> wrote: > On 05/21/2014 09:12 AM, Davis Goodman wrote: >> >> >> >> >> On May 21, 2014, at 2:45 , Martin Kosek <mko...@redhat.com> wrote: >> >>> On 05/21/2014 08:36 AM, Davis Goodman wrote: >>>> Hi, >>>> >>>> Lately I’ve been having issues of replication between my server and my 2 >>>> replicas. >>>> >>>> I decided I was going to delete my 2 replicas and start over keeping my >>>> master intact. >>>> >>>> I wasn`t successfull in getting all 3 servers to replicate to each other. >>>> ( it used to work) >>>> >>>> I tried deleting 1 replica after the other one to always keep one of the >>>> two available. >>>> >>>> I had to delete manually the replica host on the master with a bunch of >>>> ldapdelete command which worked fine. >>>> >>>> But after many unsuccessful trials of getting everyone to sync I decided >>>> to delete my two replicas. >>>> >>>> I went back to my master to use the ldapdelete to remove both host`s >>>> records so that I could start over. >>>> >>>> Unfortunately now I’m getting this error. >>>> >>>> ldapdelete -x -D "cn=Directory Manager" -W >>>> cn=DNS,cn=freeipa02.mtl.domain.int,cn=masters,cn=ipa,cn=etc,dc=domain,dc=int >>>> Enter LDAP Password: >>>> ldap_delete: Server is unwilling to perform (53) >>>> additional info: database is read-only >>>> >>>> >>>> >>>> I’m kinda stuck now with no replicas and no DNS. I could restore the >>>> backup prior to the start of the operation but with a master in read-only >>>> mode it wouldn’t of much help. >>>> >>>> Any insights would be more than welcome. >>>> >>>> >>>> Davis >>> >>> Hi Davis, did maybe some of your ipa-replica-manage crashed in a middle of >>> an >>> operation or an upgrade was interrupted and left the database put in read >>> only >>> mode? >>> >>> You can find out with this ldapsearch: >>> >>> ldapsearch -h `hostname` -D "cn=Directory Manager" -x -w kokos123 -b >>> 'cn=userRoot,cn=ldbm database,cn=plugins,cn=config' -s base >>> >>> Check for nsslapd-readonly, it should be put to "off" in normal operation. >>> >>> Martin >> Ok finally managed to modify the read-only flag. >> >> Could prepare my replicas and get them going. >> >> Everything seems fine but I’m getting this error while setting up the >> replicas. Should I be concerned about this one: >> >> Update in progress >> Update in progress >> Update in progress >> Update in progress >> Update in progress >> Update in progress >> Update succeeded >> [23/31]: adding replication acis >> [24/31]: setting Auto Member configuration >> [25/31]: enabling S4U2Proxy delegation >> ipa : CRITICAL Failed to load replica-s4u2proxy.ldif: Command >> '/usr/bin/ldapmodify -v -f /tmp/tmplpfMNG -H >> ldap://freeipa02.mtl.ddistrict.int:389 -x -D cn=Directory Manager -y >> /tmp/tmp4Svn9k' returned non-zero exit status 20 >> [26/31]: initializing group membership >> [27/31]: adding master entry >> [28/31]: configuring Posix uid/gid generation >> >> >> >> the rest seems to work fine. > > You need to check ipareplica-install.log to see the real error. > > I wonder if "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,YOUR-SUFFIX" and > "cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,YOUR-SUFFIX" exist. > > Martin > The first one is there: ldapsearch -D "cn=Directory Manager” -W -LLL -x -b cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int"" dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=ddistr ict,dc=int ipaAllowedTarget: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=ddistr ict,dc=int memberPrincipal: HTTP/freeipa01.prs.ddistrict....@ddistrict.int memberPrincipal: HTTP/freeipa02.prs.ddistrict....@ddistrict.int memberPrincipal: HTTP/freeipa02.mtl.ddistrict....@ddistrict.int memberPrincipal: HTTP/freeipa01.chr.ddistrict....@ddistrict.int memberPrincipal: HTTP/freeipa01.bxl.ddistrict....@ddistrict.int memberPrincipal: HTTP/freeipa01.mtl.ddistrict....@ddistrict.int cn: ipa-http-delegation objectClass: ipaKrb5DelegationACL objectClass: groupOfPrincipals objectClass: top But not the second one: ldapsearch -D "cn=Directory Manager” -W -LLL -x -b cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int"" No such object (32) Matched DN: cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int Also what is strange is that I got the error only on one of the replicas, the other one went through without any hiccups. Thanks for the help. Davis -- Davis Goodman Directeur Informatique | IT Manager 5605 Avenue de Gaspé, Suite 408 | Montréal, QC H2T 2A4 Tél: +1 (514) 360-3253 x104 Cell: +1 (514) 994-7360
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users