After some trial and error I was finally able to get a new replica + CA (RHEL7.4 and
ipa-server 4.5) added to our existing mixed (RHEL 6 and ipa server 3.0 - 4.x) and the
ipa-replica-install command completed successfully but now when I run the
ipa-manage-replica -v list <host> command I see this:
# ipa-replica-manage -v list ipa5.domain.tld
Directory Manager password:
ipa1.domain.tld: replica
last init status: None
last init ended: 1970-01-01 00:00:00+00:00
last update status: Error (3) Replication error acquiring replica: Unable to acquire
replica: permission denied. The bind dn does not have permission to supply replication
updates to the replica. Will retry later. (permission denied)
last update ended: 1970-01-01 00:00:00+00:00
I ran the ipa-replica-manage re-initialize and it runs successfully and the above
permission denied error goes away but the host can not be connected to any other replicas,
it no longer sees itself as a replica or csreplica. I assume this is due to the re-init.
I'm leery of trying to force it to try and join and potentially cause more issues.
I would appreciate any helpful suggestions.
Show replies by date