[Freeipa-users] replica installation issue
Thomas Sailer
t.sailer at alumni.ethz.ch
Fri Jan 17 16:18:16 UTC 2014
On 01/17/2014 01:12 PM, Petr Spacek wrote:
> On 17.1.2014 12:44, Thomas Sailer wrote:
>> # ldapsearch -Y GSSAPI \*
>> SASL/GSSAPI authentication started
>> ldap_sasl_interactive_bind_s: Local error (-2)
>> additional info: SASL(-1): generic failure: GSSAPI Error:
>> Unspecified
>> GSS failure. Minor code may provide more information (Server
>> krbtgt/LOCALDOMAIN at XXXX.COM not found in Kerberos database)
>
> The LOCALDOMAIN part should equal to the REALM (after @). Is it the
> same and the difference came from your obfuscation or not?
No it's not my obfuscation, it's really LOCALDOMAIN.
It turned out that:
/etc/openldap/ldap.conf
contained:
URI ldap://localhost
instead of URI ldaps://replica.xxxx.com
> See
> http://adam.younglogic.com/2013/03/iptables-rules-for-freeipa/
Urgh embarassing. Indeed, it turned out that I need to open port 8080 on
the master (it is connected by the replica).
Port 8080 doesn't feature on the list in the above blog post, so I
posted a comment...
> Replicas will be equal if you install CA to all servers.
Great to hear!
> Have a nice day!
Thank you, and same to you!
More information about the Freeipa-users
mailing list