[Freeipa-users] Replica and CA mess
Sigbjorn Lie
sigbjorn at nixtra.com
Mon Nov 28 18:23:27 UTC 2011
>> root : DEBUG args=tar xf /tmp/tmpQ_4Prsipa/files.tar -C
>> /tmp/tmpQ_4Prsipa
>> root : DEBUG stdout=
>> root : DEBUG stderr=
>> creation of replica failed: The network address 2001:db8:abab:2::21 does
>> not match the DNS lookup 192.168.1.21. Check /etc/hosts and ensure that
>> 2001:db8:abab:2::21 is the IP address for ipa02.ix.test.com
>> root : DEBUG The network address 2001:db8:abab:2::21 does not match the
>> DNS lookup 192.168.1.21. Check /etc/hosts and ensure that
>> 2001:db8:abab:2::21 is the IP address for ipa02.ix.test.com
>> File "/usr/sbin/ipa-ca-install", line 156, in <module>
>
> Are these IPs pointing to the right hostnames?
>
Sidenote: The "ipa-repl-conncheck --replica=<replica>" script fails when
IPv6 addresses is listed as name server in /etc/resolv.conf, which is
the default configuration of resolv.conf after running
ipa-replica-install on a host with an IPv6 global address.
Port 464 fails when both the master and the replica have IPv6 enabled:
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): FAILED
Kerberos Kpasswd: UDP (464): OK
HTTP Server: port 80 (80): OK
HTTP Server: port 443(https) (443): OK
All ports except 389 fails when the master is IPv6 enabled, but the
replica is only IPv4 enabled.
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): FAILED
Kerberos KDC: TCP (88): FAILED
Kerberos KDC: UDP (88): FAILED
Kerberos Kpasswd: TCP (464): FAILED
Kerberos Kpasswd: UDP (464): FAILED
HTTP Server: port 80 (80): FAILED
HTTP Server: port 443(https) (443): FAILED
Switching to IPv4 only addresses in resolv.conf resolves the issue.
More information about the Freeipa-users
mailing list