It's quite a problem for me. Would upgrading to a more recent version solve the problem ?
How does freeIPA knows that a host is a freeIPA host ? From the LDAP ? Thanks On Fri, Dec 18, 2015 at 3:45 PM, Karl Forner <karl.for...@gmail.com> wrote: > I am running a master freeIPA called "ipa" in an adelton/freeipa-server > (freeIPA 4.1.4). > I am able to create a replica server "ipa2", still in an > adelton/freeipa-server. > > If I stop my ipa2 replica, and try to delete the replication agreement: > > %ipa-replica-manage del ipa2.example.com --force -v > > It hangs forever. > If I run it using the --cleanup option, it seems to work. > > But when I try to run again from scratch my replica, using the same name, > I get: > > Checking forwarders, please wait ... > WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in > answers > Please fix forwarder configuration to enable DNSSEC support. > (For BIND 9 add directive "dnssec-enable yes;" to "options {}") > WARNING: DNSSEC validation will be disabled > Warning: skipping DNS resolution of host ipa2.example.com > Warning: skipping DNS resolution of host ipa.example.com > Using reverse zone(s) 0.17.172.in-addr.arpa. > A replication agreement for this host already exists. It needs to be > removed. > Run this on the master that generated the info file: > % ipa-replica-manage del ipa2.example.com --force > > On my master: > # ipa-replica-manage list > ipas.example.com: master > ipa.example.com: master > > I manually removed all DNS entries from the 3 zones mentioning ipa2. I can > check in the web UI, using the search feature that ipa2 has no occurrence. > > So I do not understand why the replica install thinks there's still a > replication agreement. > And I'd like to know: > 1) why this command did not work > > ipa-replica-manage del ipa2.example.com --force -v > > > 2) How could I manually effectively delete this agrrement left-over. > > > Thanks. > Karl > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project