On Thu, Mar 2, 2017 at 2:48 AM, Martin Basti <mba...@redhat.com> wrote:
> > > On 02.03.2017 01:07, Chris Herdt wrote: > > I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3 from a > FreeIPA 3.0.0 master on CentOS 6.8 following the steps at > https://access.redhat.com/documentation/en-US/Red_Hat_ > Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_ > Guide/upgrading.html > > At this step: > ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir > /var/lib/ipa/replica-info-replicaname.example.com.gpg > > I get the error: > ERROR cannot connect to 'ldaps://master.example.com' > > I ran ipa-replica-conncheck and found that port 636 is not accessible: > Port check failed! Inaccessible port(s): 636 (TCP) > > The port is not blocked. I'm wondering where in the configuration for > FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or if there is a > way I can specify to use port 389 for setting up the replica. > > Thanks! > > -- > Chris Herdt > Systems Administrator > > > > Hello, > this is known issue only in FreeIPA 4.4.x, this will be fixed in next > minor update which should be released soon to RHEL7.3 (I don't know how > fast it will be in Centos) > > so you can wait, or enable it manually (not nice) > > sorry for troubles > Martin > Thanks for the reply! Before attempting this in my production environment, I had set up a similar configuration in a test environment (FreeIPA 3.0.0 master on CentOS 6.8, FreeIPA 4.4.0 replica on CentOS 7.3) and the ipa-replica-install went fine. I assumed this was an issue with my FreeIPA 3.0.0 production server. To enable the fix manually, I'm assuming I'd need to install FreeIPA from source on the intended replica? If I download the 4.4.3 release from https://pagure.io/freeipa/releases, will that be sufficient? Thanks again. -- Chris Herdt Systems Administrator
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
