[Freeipa-users] How to failover to IPA replica server
Rajnesh Kumar Siwal
rajnesh.siwal at gmail.com
Sat Feb 9 16:04:58 UTC 2013
We have setup an IPA replica server on the environment using the
following command:-
#ipa-replica-install --setup-dns --setup-ca --forwarder=192.168.1.204
/var/lib/ipa/replica-info-ipa2.labs.local.gpg
There is a client authenticating against it.
If I shutdown the ipa1 (Master server), the client does not falls back
and authenticate against ipa2 (the replica)
Logs that can be seen at IPA2 :-
[09/Feb/2013:15:52:50 +0000] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't
contact LDAP server)
[09/Feb/2013:15:56:02 +0000] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
is not connected)
[09/Feb/2013:15:56:02 +0000] slapi_ldap_bind - Error: could not
perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't
contact LDAP server)
nslookup from the IPA client :-
[root at testvm ~]# nslookup -type=srv _kerberos._tcp.labs.local
Server: 192.168.1.207
Address: 192.168.1.207#53
_kerberos._tcp.labs.local service = 0 100 88 ipa2.labs.local.
_kerberos._tcp.labs.local service = 0 100 88 ipa.labs.local.
---------------------------------------------------------------------------------------------------------------------------------------
Please suggest how to use ipa2 for authentication purpose.
--
Regards,
Rajnesh Kumar Siwal
More information about the Freeipa-users
mailing list