Can’t create replica

[clwolf]

Trying to install an Open Directory replica. Both are on 10.4.2 w/ latests updates installed.

Here is the slapconfig log from the replica box.

2005-10-11 17:59:09 -0500 – slapconfig -createreplica
2005-10-11 17:59:09 -0500 – command: ssh [email protected] /usr/sbin/slapconfig -checkmaster admin 0 3 3
2005-10-11 17:59:12 -0500 – 1 Destroying local LDAP server
2005-10-11 17:59:27 -0500 – command: /usr/sbin/sso_util remove -k -d -s -c -n -v 1
2005-10-11 17:59:37 -0500 – sso_util command output:
shutting down kadmind
kadmind shut down
shutting down kdc
No such process
No such process
kdc shut down
removing kdc database files
2005-10-11 17:59:37 -0500 – Stopping LDAP server (slapd)
2005-10-11 17:59:37 -0500 – Stopping LDAP replicator (slurpd)
2005-10-11 17:59:37 -0500 – Removed file at path /etc/openldap/slapd.conf.
2005-10-11 17:59:37 -0500 – Copied file from /etc/openldap/slapd.conf.default to /etc/openldap/slapd.conf.
2005-10-11 17:59:37 -0500 – command: /usr/sbin/NeST -pwsstandalone
2005-10-11 17:59:43 -0500 – NeST command output:
nothing found to load

2005-10-11 17:59:43 -0500 – 2 Stopping master LDAP server
2005-10-11 17:59:43 -0500 – command: ssh [email protected] /usr/sbin/slapconfig -stopldapserver
2005-10-11 17:59:47 -0500 – 3 Updating master configuration
2005-10-11 17:59:47 -0500 – command: ssh [email protected] /usr/sbin/slapconfig -addreplica 192.168.1.11
2005-10-11 17:59:49 -0500 – command: ssh [email protected] /usr/bin/db_recover -h /var/db/openldap/openldap-data
2005-10-11 17:59:51 -0500 – command: ssh [email protected] /usr/sbin/slapcat -l /var/db/openldap/openldap-data/backup.ldif
2005-10-11 17:59:55 -0500 – ssh command failed with status 255
2005-10-11 17:59:55 -0500 – Removing replica due to an error copying LDAP database.
2005-10-11 17:59:55 -0500 – command: ssh [email protected] /usr/sbin/slapconfig -removereplica 192.168.1.11
2005-10-11 17:59:57 -0500 – command: ssh [email protected] /usr/sbin/slapconfig -startldapserver

Any ideas why it has an error copying the LDAP database? This machine is also set up as a secondary zone for DNS.

Thanks.

[mike]

having the same issue, but i have it when its trying to create the password service. gives me a NeST 255 error and then just reverts everything. Any help please!

[mkalien]

Is this what you’re talking about?

2005-08-29 15:59:50 -0700 – NeST command failed with status 255
2005-08-29 15:59:50 -0700 – Removing replica due to an error adding a Password Server replica.

This is what I had happen once. I had to remove almost all of the replica-related files and then try adding the replica again.

Here is what Apple told me. DO NOT FOLLOW THESE STEPS WITHOUT KNOWLEDGE OF WHAT THEY DO!! This advice was given to me based on my explanation of the problem and log files.

———-
Steps to change the replicas back to Stand Alone and clean up the
databases.

If you never had any replicas, skip to “Steps to rebuild the PWS
database on the master” below.

1. Change the role of the replica back to Stand Alone
2. Check in Workgroup Manager on the old replica and make sure there
are no Local users with Open Directory password types. The admin may
have been set to use OD passwords. Change any with OD passwords to
use Shadow passwords.

3. Make sure you have a directory admin that does not have the same
short name or UID of the local admin. If you don’t, create a new
admin in the Ldap doamin to be used as the directory admin when
creating replicas.

3. Run these commands as root on the replica, ignore the messages “No
such process – nothing found to load” after the NeST command

NeST -stoppasswordserver
mv /var/db/authserver /var/db/authserver.old
mv /var/db/krb5kdc /var/db/krb5kdc.old
mv /etc/krb5.keytab /etc/krb5.keytab.old
mv /Library/Preferences/edu.mit.Kerberos /Library/Preferences/
edu.mit.Kerberos.old

4. On the master, use WGM inspector mode.
Go to the Target, and select Config from the popup menu

Remove any passwordserver_XXXXX records
In the passwordserver record, remove any references to the replica in
the PasswordServerList. Select the PasswordServerList, click Edit,
remove the text (see below for text example), click Ok and Save.

5. Go to Config / ldapreplicas -> LDAPReadReplicas if there is more
the one, open it up, see if the replicas ip addresss is listed. If it
is select it and press “delete” on the keyboard (Don’t click the
Delete Icon, this would delete the “ldapreplica” record. Click Save.

6. Then remove the replica from the /var/db/authserver/
authserverreplicas, the text is the same as above.

A replica entry will look like this, find the entry with the
ipaddress that matches your replica

EntryModDate
2005-08-15T21:15:52Z
IDRangeBegin
0x00000000000000000000000000000209
IDRangeEnd
0x000000000000000000000000000003fd
IP
192.192.255.227
LastSyncFailedAttempt
2005-08-15T21:15:03Z
ReplicaName
Replica1
ReplicaStatus
PermissionDenied
SASLRealm
replicahostname
SyncInterval
86400


If there are no remaining replicas you can remove this line too

Replicas

7. On the master Kill PasswordService so the replica remove takes effect

# killall -9 PasswordService

It will restart on it’s own

8. Make sure the /var/db/authserver/authserverreplicas file is
correct and not empty.

# more /var/db/authserver/authserverreplicas

If the is a problem use the /var/db/authserver.old/authserverreplicas
file and make the correction again and killall -9 PasswordService
again. Recheck.

[Author]

Posts