[Freeipa-users] RedHat IDM Replica runs ony dirsrv, kinit and getent fail after reboot
Martin Kosek
mkosek at redhat.com
Mon May 18 09:15:56 UTC 2015
On 05/16/2015 12:19 PM, Sina Owolabi wrote:
> Please help me. I am in dire straits, this is the linchpin of our
> network and we are suffering.
I am sorry for delay in answering, but not many people here show up on the
weekend. Comments below.
> On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi <notify.sina at gmail.com> wrote:
>> Hi!
>>
>> I am running an IPA domain with two servers, one is a replica. Red Hat 6.6,
>> with the following versions:
>> libipa_hbac-1.11.6-30.el6_6.4.x86_64
>> ipa-server-selinux-3.0.0-42.el6.x86_64
>> libipa_hbac-python-1.11.6-30.el6_6.4.x86_64
>> ipa-admintools-3.0.0-42.el6.x86_64
>> python-iniparse-0.3.1-2.1.el6.noarch
>> ipa-client-3.0.0-42.el6.x86_64
>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>> device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64
>> device-mapper-multipath-0.4.9-80.el6_6.3.x86_64
>> ipa-server-3.0.0-42.el6.x86_64
>> ipa-python-3.0.0-42.el6.x86_64
>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>> sssd-ipa-1.11.6-30.el6_6.4.x86_64
>>
>>
>> I noticed the replica did not seem to be in sync with the primary IPA
>> server, as login requests to ipa clients using the replica for domain
>> authentication failed with
>> "Too many authentication failures for user UNKNOWN".
>> I forced a sync with the primary server and rebooted the replica afterwards.
>> Now the replica is back up, but when I run "ipactl status", only
>> dirsrv is running:
>> # ipactl status
>> Directory Service: RUNNING
This is strange, try
# ipactl restart
see which services fail to start and see the logs they produce.
>> No other service shows up. I also tried editing /etc/krb5.conf to
>> change the [realms] information to point to the primary server, but
>> while I can now kinit admin,
>> nothing else works.
>>
>> Please how can I fix this problem?
>>
>> Please what can I do fix this?
First things first. You need to first see if all service start and operate
properly, if not, we need to see their logs in order to help or advise.
Martin
More information about the Freeipa-users
mailing list