[Freeipa-users] Cannot create replica after previous broken replica install

Rob Crittenden rcritten at redhat.com
Sat May 26 23:27:50 UTC 2012 

Tomasz 'Zen' Napierała wrote:
> Hi,
>
> I'm trying to install replica server that prevously failed to initialize.
> Host ldap-s1 - first server
> Host ldap-s2 - reinstalled server
>
> After ipa-replica-install on ldap-s2, I got:
> Connection check OK
> The host ldap-s2.xxx already exists on the master server. Depending on your configuration, you may perform the following:
>
> Remove the replication agreement, if any:
>      % ipa-replica-manage del ldap-s2.xxx
> Remove the host entry:
>      % ipa host-del ldap-s2.xxx
>
> So I tried to do that, but:
> ipa-replica-manage del ldap-s2.xxx
> Unable to delete replica ldap-s2.xxx: {'desc': "Can't contact LDAP server"}
>
> ldap-s1 tried to connect to ldap-s2 but obviously failed.
> Then I did:
> ipa host-del ldap-s2.xxx
> ---------------------------------
> Deleted host "ldap-s2.xxx"
> ---------------------------------
>
> I prepared replica faile again, scped it to ldap-s2 and ran ipa-replica-install again:
> […]
>    [16/29]: configuring ssl for ds instance
>    [17/29]: configuring certmap.conf
>    [18/29]: configure autobind for root
>    [19/29]: configure new location for managed entries
>    [20/29]: restarting directory server
>    [21/29]: setting up initial replication
> Starting replication, please wait until this has completed.
> [ldap-s1.xxx] reports: Update failed! Status: [-2  - System error]
> creation of replica failed: Failed to start replication
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> During the attempt I got this on ldap-s1
> [26/May/2012:19:24:04 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
> [26/May/2012:19:24:07 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server ldap/ldap-s2.xxx at XXX not found in Kerberos database)) errno 2 (No such file or directory)
>
> and
> [root at ldap-s1 ~]# ipa-replica-manage del ldap-s2.xxx
> Unable to delete replica ldap-s2.xxx: {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server ldap/ldap-s2.xxx at XXX not found in Kerberos database)', 'desc': 'Local error'}
>
> Anyone has any ideas how to fix that??
>
> Regards,

ipa-replica-manage del --force ldap-s2.xxx

You'll want to restart the dirsrv service on ldap-s1 before attemping to 
re-install ldap-s2.

rob

More information about the Freeipa-users mailing list