[Freeipa-users] RedHat IDM Replica runs ony dirsrv, kinit and getent fail after reboot
Sina Owolabi
notify.sina at gmail.com
Mon May 18 12:17:15 UTC 2015
Hi Martin
And thanks for getting back, greatly appreciated.
I tore down the replica and reinstalled from scratch, using an old
replica-info file
I had on the primary. Im not sure if this is a good thing to do, but I
would appreciate
if you could point me to the logs you'd be interested in seeing.
I had to reinstall the replica without CA before it would complete, too.
Thanks again for your precious time.
On Mon, May 18, 2015 at 10:15 AM, Martin Kosek <mkosek at redhat.com> wrote:
> On 05/16/2015 12:19 PM, Sina Owolabi wrote:
>> Please help me. I am in dire straits, this is the linchpin of our
>> network and we are suffering.
>
> I am sorry for delay in answering, but not many people here show up on the
> weekend. Comments below.
>
>> On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi <notify.sina at gmail.com> wrote:
>>> Hi!
>>>
>>> I am running an IPA domain with two servers, one is a replica. Red Hat 6.6,
>>> with the following versions:
>>> libipa_hbac-1.11.6-30.el6_6.4.x86_64
>>> ipa-server-selinux-3.0.0-42.el6.x86_64
>>> libipa_hbac-python-1.11.6-30.el6_6.4.x86_64
>>> ipa-admintools-3.0.0-42.el6.x86_64
>>> python-iniparse-0.3.1-2.1.el6.noarch
>>> ipa-client-3.0.0-42.el6.x86_64
>>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>>> device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64
>>> device-mapper-multipath-0.4.9-80.el6_6.3.x86_64
>>> ipa-server-3.0.0-42.el6.x86_64
>>> ipa-python-3.0.0-42.el6.x86_64
>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>>> sssd-ipa-1.11.6-30.el6_6.4.x86_64
>>>
>>>
>>> I noticed the replica did not seem to be in sync with the primary IPA
>>> server, as login requests to ipa clients using the replica for domain
>>> authentication failed with
>>> "Too many authentication failures for user UNKNOWN".
>>> I forced a sync with the primary server and rebooted the replica afterwards.
>>> Now the replica is back up, but when I run "ipactl status", only
>>> dirsrv is running:
>>> # ipactl status
>>> Directory Service: RUNNING
>
> This is strange, try
>
> # ipactl restart
>
> see which services fail to start and see the logs they produce.
>
>>> No other service shows up. I also tried editing /etc/krb5.conf to
>>> change the [realms] information to point to the primary server, but
>>> while I can now kinit admin,
>>> nothing else works.
>>>
>>> Please how can I fix this problem?
>>>
>>> Please what can I do fix this?
>
> First things first. You need to first see if all service start and operate
> properly, if not, we need to see their logs in order to help or advise.
>
> Martin
More information about the Freeipa-users
mailing list