Shashi Dahal wrote: > Hi Rob, > > From server A and server B(itself), if I give that command, i get: > > last update status: -1 - LDAP error: Can't contact LDAP server
I'd start with checking basic connectivity to ensure that A/B can talk to port 389 on C. > From server C, I get: > Cannot find cab0558.sdn1.ams1.spil in public server list This suggests that even C doesn't think it is a master. # ipa-replica-manage list On C will show what it thinks is the list of available masters. I'd also look at the replication agreements that C has: # ldapsearch -x -D 'cn=directory manager' -W -b 'cn=mapping tree,cn=config' rob > Please let me know what steps to do next. I am completely lost. > > > Thanks, > Shashi > > ________________________________________ > From: Rob Crittenden [rcrit...@redhat.com] > Sent: Thursday, October 30, 2014 4:31 PM > To: Shashi Dahal; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] adding replication agreements > > Shashi Dahal wrote: >> Hi, >> >> I have ipa master server: A >> and I have 2 ipa replicas: B and C >> >> >> replica B crashed, so it was deleted from A and recreated using >> ipa-replica-parepare to generate the file and set it up from there. >> >> >> in server A B and C, if I do ipa-replica-manage list >> >> serverA lists A B and C as master >> serverB lists A B and C as master >> serverC lists only A and C as master .. B is missing. >> >> trying the command ipa-replica-manage connect B from serverC >> gives: You cannot connect to a previously deleted master >> >> >> now how do I add trust relationship between C and B ? > > I changed the subject as this isn't trust, it's replication. I don't > want to be pedantic but there is a significant difference. > > What I'd do, on each master, is this: > > ipa-replica-manage list -v `hostname` > > I think you'll find that C isn't getting updates. The masters list is > stored in LDAP so if C doesn't know that B exists it likely means that > its data is stale. > > rob > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project