[Freeipa-users] Replication Issue

Brent Clark bclark at tendrilinc.com
Fri Apr 5 14:30:14 UTC 2013 

You were correct, my reverse DNS entries for the master and replica were
missing. Odd, since they both existed at one point.

Running the same commands again results in the following
On the Replica system

ipa-replica-manage list replica.example.com -v
master.example.com: replica
  last init status: None
  last init ended: None
  last update status: 0 Replica acquired successfully: Incremental update
succeeded
  last update ended: 2013-04-05 14:18:11+00:00

ipa-replica-manage list master.example.com -v
Failed to get data from 'dpu-inf-ldap01.tni01.com': {'info': 'SASL(-1):
generic failure: GSSAPI Error: An invalid name was supplied (Cannot
determine realm for numeric host address)', 'desc': 'Local error'}
===========
On the master system

ipa-replica-manage list replica.example.com -v
master.example.com: replica
  last init status: None
  last init ended: None
  last update status: 0 Replica acquired successfully: Incremental update
succeeded
  last update ended: 2013-04-05 14:19:39+00:00

ipa-replica-manage list master.example.tni01.com -v
replica.example.com: replica
  last init status: 0 Total update succeeded
  last init ended: 2013-04-04 20:06:44+00:00
  last update status: 49  - LDAP error: Invalid credentials
  last update ended: 2013-04-04 20:06:55+00:00



On Thu, Apr 4, 2013 at 2:51 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Brent Clark wrote:
>
>> Ok, I have done as Steven Jones requested... here is the output from the
>> replica
>>
>> I am able to kinit to admin using the password.
>>
>> issuing the ipa-replica-manage command on the replica for the replica
>>
>> replcia.mydomain.com <http://replcia.mydomain.com>: replica
>>
>>   last init status: None
>>   last init ended: None
>>   last update status: -2  - System error
>>   last update ended: None
>>
>> Same command but for the master
>> Failed to get data from 'master.example.com
>> <http://master.example.com>': {'info': SASL (-1): generic failure:
>>
>> GSSAPI Error: An invalid name was supplied (Cannot determine realm for
>> numeric host address)', 'desc':'Local error'}
>>
>> I can ping, telnet on all the IPA ports and ssh to the main server from
>> the replica.
>>
>> So... im confused.
>>
>> Also on a whim, I was able to add a server to the replica and that host
>> info did make it to the master.
>>
>
> Sounds like a DNS issue. Make sure forward and reverse DNS works for
> master.example.com.
>
> rob
>
>


-- 
Brent S. Clark
NOC Engineer

2580 55th St.  |  Boulder, Colorado 80301
www.tendrilinc.com  |  blog <http://www.tendrilinc.com/news-room/blog/>
[image: Tendril] <http://www.tendrilinc.com/>

 
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender.
Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company.
Finally, the recipient should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus transmitted by this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130405/3ba0f6b2/attachment.htm>

More information about the Freeipa-users mailing list