[Freeipa-users] EXTERNAL: Re: IPA Replica Issues
Joseph, Matthew (EXP)
matthew.joseph at lmco.com
Tue Jul 29 12:14:44 UTC 2014
Ok I got the directory manager password figured out. I had to go through the steps again and it took the change this time.
So from my replica server I can perform the ipa-replica-manage list and supply the directory manager password and it works.
When I try to do a force-sync it displays the following error in the errors log on my master server;
Replication bind with GSSAPI auth failed; LDAP Error 49 (Invalid Credentials) (SASL (-13): authentication failure: GSSAPI Failure: gss_accept_sec_context)
-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Tuesday, July 29, 2014 7:22 AM
To: Simo Sorce
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: IPA Replica Issues
Sorry I should clarify what is weird is I supply the Directory Manager password and it's not accepting it.
Any idea why this is happening?
I know a few months back I changed the admin password and I followed the steps on both my Master and Replica servers from the following link;
http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
I've tried supplying both the old and the new Directory manager password but neither are working.
-----Original Message-----
From: Simo Sorce [mailto:simo at redhat.com]
Sent: Monday, July 28, 2014 5:04 PM
To: Joseph, Matthew (EXP)
Cc: Mark Heslin; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: IPA Replica Issues
On Mon, 2014-07-28 at 18:39 +0000, Joseph, Matthew (EXP) wrote:
> Weird, when I do kdestroy it prompts me for a password to do the ipa-replica-manage list command and I supply the password but it states invaloud crednetials.
> When I do kinit and supply the password it works.
> They use the same account/password don't they?
No, if you look carefully when you do not have a ticket it asks you for
the "Directory Manager" password, which is/should not the same as any of
your users.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list