[Freeipa-users] Cleanly removing replication agreement
Dominik Korittki
d.korittki at mittwald.de
Fri Oct 16 13:43:19 UTC 2015
Oh yes, you are right.
Makes sense to me as dirsrv is trying to get a
kerberos ticket for replication but Kerberos can't read it's database
from dirsrv yet, as dirsrv is still starting. I've read that in the rhel
documentation. Feeling kind of dump but I guess I have never looked that
critical in the logs to notice this messages.
Thanks for your answer, have a nice weekend.
- Dominik
Am 14.10.2015 um 15:42 schrieb Mark Reynolds:
>
>
> On 10/14/2015 04:55 AM, Dominik Korittki wrote:
>> [11/Oct/2015:17:17:53 +0200] NSMMReplicationPlugin -
>> agmt="cn=meToipa01.internal" (ipa01:389): Replication bind with GSSAPI
>> auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure:
>> GSSAPI Error: Unspecified GSS failure. Minor code may provide more
>> information (No Kerberos credentials available))
>> [11/Oct/2015:17:17:56 +0200] NSMMReplicationPlugin -
>> agmt="cn=meToipa01.internal" (ipa01:389): *Replication bind with
>> GSSAPI auth resumed*
> This last line implies that replication authentication finally did
> succeed - so replication should be working.
>
More information about the Freeipa-users
mailing list