[Freeipa-users] about rplication FreeIPA
Виктор Сергеевич
vic_1980 at bk.ru
Thu Oct 1 10:35:39 UTC 2009
Hello!
I try to create replication server
On a primary-server it is established fedora10, on secondary a server
fedora 11. I use function multimaster replication and process with pgp
file on secondary server with help ipa-replica-install passes normally
(on secondary a server all services start, but in a webinterface
permission denided, but the given situation is specified in MAN freeIPA
- only console management of a remark), however by search of the user on
secondary I receive the message:
ipa-finduser admin
"Did not receive Kerberos credentials"
It seems is not present krb-authorisation? I try to be authorised:
kinit admin
... cannot contact any KDC for realm 'REALM_NAME'
That is it is impossible to find KDC?
Distinctions between files krb5.conf on primary and secondary servers:
In krb5.conf on the secondary server:
[realm]
kdc=secondary.domain.zone
admin_server=secondary.domain.zone
default_domain=kbtm-spb.ru
[dbmodules]
...
ldap_servers=ldap://127.0.0.1/
In krb5.conf on the primary server:
[realm]
kdc=primary.domain.zone
admin_server=primary.domain.zone
default_domain=kbtm-spb.ru
[dbmodules]
...
ldap_servers=ldap://192.168.0.1/
If i change parametrs of the pach [realm] secondary>primary? then i can
use kinit, but ... it's do bad idea.
What I have to do?
More information about the Freeipa-users
mailing list