[Freeipa-users] error trying to re-setup ipa replica

[Shashi Dahal]

Hi,

This is what I have.

ipa01 - master
ipa02 - replica
ipa03 - replica

ipa02 crashed, and re-setup

I used the gpg file from master and trying to re-create the replica:
ipa-replica-install  ipa02.gpg

gives:

The host ipa02.local.zone already exists on the master server.
You should remove it before proceeding:
    % ipa host-del ipa02.local.zone


I login to the master server and if I do ipa-replica-manage  list , it shows: 
ipa02.local.zone: master
Trying to delete it with ipa host-del ipa02.local.zone  fails saying:
 ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or 
disabled

ipa-replica-manage del ipa02.local.zone  fails saying:
'ipa01.local.zone' has no replication agreement for 'ipa02.local.zone'


I searched the mailing list and it was suggested that I should do a ldapsearch 
and ldapdelete.

here is the search:

ldapsearch -LLL -x -b 
cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01

dn: cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
objectClass: top
objectClass: nsContainer
cn: ipa02.local.zone

dn: cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
objectClass: nsContainer
objectClass: ipaConfigObject
objectClass: top
ipaConfigString: enabledService
ipaConfigString: startOrder 10
cn: KDC

dn: cn=KPASSWD,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=sp
 il
objectClass: nsContainer
objectClass: ipaConfigObject
objectClass: top
ipaConfigString: enabledService
ipaConfigString: startOrder 20
cn: KPASSWD

dn: cn=MEMCACHE,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=s
 pil
objectClass: nsContainer
objectClass: ipaConfigObject
objectClass: top
ipaConfigString: enabledService
ipaConfigString: startOrder 39
cn: MEMCACHE

dn: cn=HTTP,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
objectClass: nsContainer
objectClass: ipaConfigObject
objectClass: top
ipaConfigString: enabledService
ipaConfigString: startOrder 40
cn: HTTP

dn: cn=DNS,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01
objectClass: nsContainer
objectClass: ipaConfigObject
objectClass: top
ipaConfigString: enabledService
ipaConfigString: startOrder 30
cn: DNS


I tried delete, but I get:

ldapdelete -x -D 
'cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01'

ldap_bind: Server is unwilling to perform (53)
additional info: Unauthenticated binds are not allowed

I have located that there is -W

ldapdelete -x -D 
'cn=KDC,cn=ipa02.local.zone,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=dc01' -W
it askes for LDAP Password:

Entering the password gives: ldap_bind: Inappropriate authentication (48)


Can anyone who faced similar issues help me on how do I fix it ?


Cheers,
Shashi



-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project