[Freeipa-users] IPA Replica Issues
Mark Heslin
mheslin at redhat.com
Mon Jul 28 18:26:47 UTC 2014
On 07/28/2014 02:12 PM, Mark Heslin wrote:
> On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote:
>>
>> Hello,
>>
>> I'm currently running into some issues with my replica server.
>>
>> I noticed it wasn't getting any updates from the master server so I
>> tried to do a force-sync but it states that it is an "invalid
>> password" which I know it is not the case.
>>
>> I tried doing an ipa-replica-manager list replica_server but it gives
>> me the SASL(-13) authentication failure: GSSAPI Failure:
>> gss_accept_sec_context, 'desc' Invalid Credentials
>>
>> I've tried doing a kdestroy and have it prompt me for the password
>> but again, same error.
>>
>> Any idea what this would be?
>>
>>
>> Thanks,
>>
>> Matt
>>
>>
>>
> Joe,
>
> Are you actually getting a valid Kerberos ticket - on the surface it
> would not appear so.
>
> Also, the command is 'ipa-replica-manage list':
>
> Example:
> # ipa-replica-manage list
> idm-srv1.example.com: master
> idm-srv2.example.com: master
>
> -m
>
>
>
Joe,
I forgot to add, you should be able to do this without a Kerberos ticket
but you'll need to specify the Directory Mnager password:
Example:
# ipa-replica-manage list
Directory Manager password: ********
idm-srv1.example.com: master
idm-srv2.example.com: master
# klist
klist: No credentials cache found (ticket cache KEYRING:persistent:0:0)
I'm runnning RHEL 7 - not sure whether or not this behavior is different
on earlier versions.
-m
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140728/297665ef/attachment.htm>
More information about the Freeipa-users
mailing list