[Freeipa-users] EXTERNAL: Re: IPA Replica Issues

Joseph, Matthew (EXP) matthew.joseph at lmco.com
Mon Jul 28 18:39:11 UTC 2014 

Weird, when I do kdestroy it prompts me for a password to do the ipa-replica-manage list command and I supply the password but it states invaloud crednetials.
When I do kinit and supply the password it works.
They use the same account/password don't they?

From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Mark Heslin
Sent: Monday, July 28, 2014 3:27 PM
To: freeipa-users at redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] IPA Replica Issues

On 07/28/2014 02:12 PM, Mark Heslin wrote:
On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote:
Hello,

I'm currently running into some issues with my replica server.
I noticed it wasn't getting any updates from the master server so I tried to do a force-sync but it states that it is an "invalid password" which I know it is not the case.

I tried doing an ipa-replica-manager list replica_server but it gives me the SASL(-13) authentication failure: GSSAPI Failure: gss_accept_sec_context, 'desc' Invalid Credentials

I've tried doing a kdestroy and have it prompt me for the password but again, same error.

Any idea what this would be?

Thanks,

Matt


Joe,

Are you actually getting a valid Kerberos ticket - on the surface it would not appear so.

Also, the command is 'ipa-replica-manage list':

Example:
  # ipa-replica-manage list
  idm-srv1.example.com: master
  idm-srv2.example.com: master

-m



Joe,

I forgot to add, you should be able to do this without a Kerberos ticket
but you'll need to specify the Directory Mnager password:

Example:
  #  ipa-replica-manage list
  Directory Manager password: ********

  idm-srv1.example.com: master
  idm-srv2.example.com: master
  # klist
  klist: No credentials cache found (ticket cache KEYRING:persistent:0:0)

I'm runnning RHEL 7 - not sure whether or not this behavior is different
on earlier versions.

-m




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140728/99ad55d3/attachment.htm>

More information about the Freeipa-users mailing list