[Freeipa-users] EXTERNAL: Re: IPA Replica Issues
Joseph, Matthew (EXP)
matthew.joseph at lmco.com
Mon Jul 28 18:36:23 UTC 2014
Hey Mark,
I can do the ipa-replica-manage list command just fine, it displays all the servers.
I just found it weird when on the master if I did the ipa-replica-manage list replica_server that it gave that error.
I did the following from the Red Hat site but it just segfaults.
Retrieve a new keytab for the principal using the ipa-getkeytab command. This requires the location of the original keytab for the service or host (-k), the principal (-p), and the IdM server hostname (-s).
For example, this refreshes the host principal with a keytab in the default location of /etc/krb5.keytab:
# ipa-getkeytab -p host/client.example.com at EXAMPLE.COM -s ipa.example.com -k /etc/krb5.keytab
When I do klist it shows an ldap key that would be expiring tomorrow evening.
I looked at the sssd logs and I see nothing in there. The slapd logs show the same error I listed below.
Matt
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Mark Heslin
Sent: Monday, July 28, 2014 3:13 PM
To: freeipa-users at redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] IPA Replica Issues
On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote:
Hello,
I'm currently running into some issues with my replica server.
I noticed it wasn't getting any updates from the master server so I tried to do a force-sync but it states that it is an "invalid password" which I know it is not the case.
I tried doing an ipa-replica-manager list replica_server but it gives me the SASL(-13) authentication failure: GSSAPI Failure: gss_accept_sec_context, 'desc' Invalid Credentials
I've tried doing a kdestroy and have it prompt me for the password but again, same error.
Any idea what this would be?
Thanks,
Matt
Joe,
Are you actually getting a valid Kerberos ticket - on the surface it would not appear so.
Also, the command is 'ipa-replica-manage list':
Example:
# ipa-replica-manage list
idm-srv1.example.com: master
idm-srv2.example.com: master
-m
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140728/2ff4c6d7/attachment.htm>
More information about the Freeipa-users
mailing list