[Freeipa-users] RedHat IDM Replica runs ony dirsrv, kinit and getent fail after reboot
Martin Kosek
mkosek at redhat.com
Mon May 18 14:30:20 UTC 2015
On 05/18/2015 02:17 PM, Sina Owolabi wrote:
> Hi Martin
>
> And thanks for getting back, greatly appreciated.
> I tore down the replica and reinstalled from scratch, using an old
> replica-info file
> I had on the primary. Im not sure if this is a good thing to do, but I
> would appreciate
> if you could point me to the logs you'd be interested in seeing.
> I had to reinstall the replica without CA before it would complete, too.
>
> Thanks again for your precious time.
It depends what component you are actually fighting with. There is a separate
log for LDAP server, KDC server, Apache and PKI servers.
Most directions are specific here
http://www.freeipa.org/page/Troubleshooting
We need to know first what specific error you are dealing with right now, to
point you to right direction.
Martin
>
> On Mon, May 18, 2015 at 10:15 AM, Martin Kosek <mkosek at redhat.com> wrote:
>> On 05/16/2015 12:19 PM, Sina Owolabi wrote:
>>> Please help me. I am in dire straits, this is the linchpin of our
>>> network and we are suffering.
>>
>> I am sorry for delay in answering, but not many people here show up on the
>> weekend. Comments below.
>>
>>> On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi <notify.sina at gmail.com> wrote:
>>>> Hi!
>>>>
>>>> I am running an IPA domain with two servers, one is a replica. Red Hat 6.6,
>>>> with the following versions:
>>>> libipa_hbac-1.11.6-30.el6_6.4.x86_64
>>>> ipa-server-selinux-3.0.0-42.el6.x86_64
>>>> libipa_hbac-python-1.11.6-30.el6_6.4.x86_64
>>>> ipa-admintools-3.0.0-42.el6.x86_64
>>>> python-iniparse-0.3.1-2.1.el6.noarch
>>>> ipa-client-3.0.0-42.el6.x86_64
>>>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>>>> device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64
>>>> device-mapper-multipath-0.4.9-80.el6_6.3.x86_64
>>>> ipa-server-3.0.0-42.el6.x86_64
>>>> ipa-python-3.0.0-42.el6.x86_64
>>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>>>> sssd-ipa-1.11.6-30.el6_6.4.x86_64
>>>>
>>>>
>>>> I noticed the replica did not seem to be in sync with the primary IPA
>>>> server, as login requests to ipa clients using the replica for domain
>>>> authentication failed with
>>>> "Too many authentication failures for user UNKNOWN".
>>>> I forced a sync with the primary server and rebooted the replica afterwards.
>>>> Now the replica is back up, but when I run "ipactl status", only
>>>> dirsrv is running:
>>>> # ipactl status
>>>> Directory Service: RUNNING
>>
>> This is strange, try
>>
>> # ipactl restart
>>
>> see which services fail to start and see the logs they produce.
>>
>>>> No other service shows up. I also tried editing /etc/krb5.conf to
>>>> change the [realms] information to point to the primary server, but
>>>> while I can now kinit admin,
>>>> nothing else works.
>>>>
>>>> Please how can I fix this problem?
>>>>
>>>> Please what can I do fix this?
>>
>> First things first. You need to first see if all service start and operate
>> properly, if not, we need to see their logs in order to help or advise.
>>
>> Martin
More information about the Freeipa-users
mailing list