[Freeipa-users] Delete AD replica failure
Simo Sorce
ssorce at redhat.com
Mon Mar 21 13:31:15 UTC 2011
On Sun, 20 Mar 2011 18:28:12 +0100
Sigbjorn Lie <sigbjorn at nixtra.com> wrote:
> Hi,
>
> I just did a fresh installation of FreeIPA 2 on a host called ipa1,
> created a replica on a second server called ipa2. I then created a
> winsync replica to an AD domain on the ipa1 host.
>
> I noticed that I forgot the --win-subtree option and decided to
> delete the replication agreement:
>
> # ipa-replica-manage -H ipa1.ix.nowhere.com del dc01.ad.nowhere.com
> Directory Manager password:
> Unable to delete replica dc01.ad.nowhere.com: {'desc': "Can't contact
> LDAP server"}
This is not the correct command to use.
> If I did a force a got a bit more output, where it complains about
> the ipa2 replica server not having a sync agreement with the dc01
> server.
>
> # ipa-replica-manage -v -f -H ipa1.ix.nowhere.com del
> dc01.ad.nowhere.com Directory Manager password:
> Unable to connect to replica dc01.ad.nowhere.com, forcing removal
> Forcing removal on 'dc01.ad.nowhere.com'
> 'ipa2.ix.nowhere.com' has no replication agreement for
> 'dc01.ad.nowhere.com'
>
>
> Is this intended behavior or a bug?
Intended, to remove the AD replication link you need to 'disconnect'
the AD server.
Use:
ipa-replica-manage disconnect dc01.ad.nowhere.com
> After re-creating the sync agreement with the win-subtree option, IPA
> synced with AD successfully.
Great,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list