<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 07/28/2014 02:12 PM, Mark Heslin
wrote:<br>
</div>
<blockquote cite="mid:53D6929D.4060501@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 07/28/2014 12:46 PM, Joseph,
Matthew (EXP) wrote:<br>
</div>
<blockquote
cite="mid:9621CE4454B9514B9E709C1719B2B9430767F0@HCXDSPM1.ca.lmco.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m currently running into some issues
with my replica server.<o:p></o:p></p>
<p class="MsoNormal">I noticed it wasn’t getting any updates
from the master server so I tried to do a force-sync but it
states that it is an “invalid password” which I know it is
not the case.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I tried doing an ipa-replica-manager list
replica_server but it gives me the SASL(-13) authentication
failure: GSSAPI Failure: gss_accept_sec_context, ‘desc’
Invalid Credentials<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’ve tried doing a kdestroy and have it
prompt me for the password but again, same error.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any idea what this would be?<o:p></o:p></p>
<p class="MsoNormal"><br>
Thanks,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Matt<o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Joe,<br>
<br>
Are you actually getting a valid Kerberos ticket - on the surface
it would not appear so.<br>
<br>
Also, the command is 'ipa-replica-manage list':<br>
<br>
Example:<br>
# ipa-replica-manage list<br>
idm-srv1.example.com: master<br>
idm-srv2.example.com: master<br>
<br>
-m<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Joe,<br>
<br>
I forgot to add, you should be able to do this without a Kerberos
ticket <br>
but you'll need to specify the Directory Mnager password:<br>
<br>
Example:<br>
# ipa-replica-manage list<br>
Directory Manager password: ********<br>
<br>
idm-srv1.example.com: master<br>
idm-srv2.example.com: master<br>
# klist<br>
klist: No credentials cache found (ticket cache
KEYRING:persistent:0:0)<br>
<br>
I'm runnning RHEL 7 - not sure whether or not this behavior is
different<br>
on earlier versions.<br>
<br>
-m<br>
<br>
<br>
<br>
<br>
<br>
</body>
</html>