On 02/09/2015 10:18 AM, Martin Kosek wrote:
On 02/07/2015 12:27 AM, Chris Mohler wrote:
I'm having some troubles. I have an older IPA install Version 3.0.0. on Centos
6.6. It's currently the only master for my domain. I have about 4k user
accounts on here and it's a live system called "idm"
I'm trying to upgrade to V4.x as I am hoping to fix some issues I am having.
(clients can't auth unless service sssd is restarted multiple times "10 (User
not known to the underlying authentication module") I think this is possibly
unrelated and the topic for another thread.
I created a new VM and installed Fedora Server 21 and FreeIPA 4.1.2 it's called
"ipa"
Good. Also note that we RHEL/CentOS 7.1 will have FreeIPA 4.0+ version baked
in, so you can also use that platform if you are used to it.
on the master "idm" I ran "ipa-replica-prepare" and transfered the file to the
future replica "ipa" Then I ran the install replica script ipa-replica-install
--setup-ca /home/svradm/replica-info-ipa.cs.oberlin.edu.gpg
Things went well until it failed
[24/35]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 133 seconds elapsed
Update in progress yet not in progress
Update in progress yet not in progress
Update in progress yet not in progress
[idm.cs.oberlin.edu] reports: Update failed! Status: [10 Total update
abortedLDAP error: Referral]
[error] RuntimeError: Failed to start replication
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
Please help I'm getting nowhere by myself.
Can you please look on the master you are replicating from and look for errors
in /var/log/messages or DS errors log?
Maybe you will see messages like "ns-slapd: encoded packet size too big (xxxxxx
65536)" that are know to pop up more with CentOS 6.6.
Hi Martin,
Thanks for the reply and help I appreciate it.
Good. Also note that we RHEL/CentOS 7.1 will have FreeIPA 4.0+ version baked
in, so you can also use that platform if you are used to it.
Good to know. I try to be distro agnostic. I've used Redhat 7.1 then
went Solaris, then Ubuntu, Now I'm back for Centos and Fedora. I guess
I'm equally uncomfortable with either version.
That Said. Is there any reason that I could or should not have a replica
on a Fedora 21 server and 2nd replica on a Centos 7.1 later? My
understanding is the more the merrier.
Can you please look on the master you are replicating from and look for errors
in /var/log/messages or DS errors log?
I tried to setup the replica again just now so I have some fresh logs.
From the Dirserv error log
[08/Feb/2015:22:14:48 -0500] - 389-Directory/1.2.11.15 B2014.314.1342
starting up
[08/Feb/2015:22:14:48 -0500] schema-compat-plugin - warning: no entries
set up under cn=computers, cn=compat,dc=cs,dc=oberlin,dc=edu
[08/Feb/2015:22:14:50 -0500] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[08/Feb/2015:22:14:50 -0500] - Listening on All Interfaces port 636 for
LDAPS requests
[08/Feb/2015:22:14:50 -0500] - Listening on
/var/run/slapd-CS-OBERLIN-EDU.socket for LDAPI requests
[09/Feb/2015:10:40:30 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa.cs.oberlin.edu" (ipa:389): Schema replication update
failed: Server is unwilling to perform
[09/Feb/2015:10:40:30 -0500] NSMMReplicationPlugin - Warning: unable to
replicate schema to host ipa.cs.oberlin.edu, port 389. Continuing with
total update session.
[09/Feb/2015:10:40:30 -0500] NSMMReplicationPlugin - Beginning total
update of replica "agmt="cn=meToipa.cs.oberlin.edu" (ipa:389)"
To be fair and not duplicate efforts I have had the following error
[08/Feb/2015:08:51:26 -0500] - WARNING: userRoot: entry cache size
10485760B is less than db size 12115968B; We recommend to increase the
entry cache size nsslapd-cachememsize.
To which I have asked another question "how do I change the entry cache
size"
https://www.redhat.com/archives/freeipa-users/2015-February/msg00114.html
I now get additional errors which I would guess are possibly related.
|[06/Feb/2015:10:07:35 -0500] - slapd stopped.
[06/Feb/2015:10:07:37 -0500] attr_syntax_create - Error: the EQUALITY matching
rule [caseIgnoreIA5Match] is not compatible with the syntax
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[06/Feb/2015:10:07:37 -0500] attr_syntax_create - Error: the SUBSTR matching
rule [caseIgnoreIA5SubstringsMatch] is not compatible with the syntax
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[06/Feb/2015:10:07:37 -0500] - 389-Directory/1.2.11.15 <http://1.2.11.15/>
B2014.314.1342 starting up
[06/Feb/2015:10:07:37 -0500] - slapd started. Listening on All Interfaces port
7389 for LDAP requests
[06/Feb/2015:10:07:37 -0500] - Listening on All Interfaces port 7390 for LDAPS
requests|
|
Thanks again for having a look at my problem,
-Chris
|
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
