[Freeipa-users] LDAP/DNS replication, IPA server service principal key issue
Fil Di Noto
fdinoto at gmail.com
Fri Oct 7 19:14:17 UTC 2016
I'm trying to interpret these log messages. It seems like server ipa03
has no principal for the DNS service and is not able to replicate LDAP
to the other 3 IPA servers. If that is correct:
1. Is "DNS" the service principal it should be using?
2. How do I correct this?
(what concerns me is that ipa03 is the server I designated as
the server where administrative changes are made in case manual
replication is needed)
Oct 7 18:38:47 ipa02.example.com named-pkcs11[4959]: connection to
the LDAP server was lost
Oct 7 18:38:47 ipa02.example.com named-pkcs11[4959]: Failed to get
initial credentials (TGT) using principal 'DNS/ipa03.example.com' and
keytab 'FILE:/etc/named.keytab' (Keytab contains no suitable keys for
DNS/ipa03.example.com at EXAMPLE.COM)
Oct 7 18:38:47 ipa02.example.com named-pkcs11[4959]: ldap_syncrepl
will reconnect in 60 seconds
Oct 7 18:39:00 ipa04.example.com named-pkcs11[4537]: connection to
the LDAP server was lost
Oct 7 18:39:00 ipa04.example.com named-pkcs11[4537]: Failed to get
initial credentials (TGT) using principal 'DNS/ipa03.example.com' and
keytab 'FILE:/etc/named.keytab' (Keytab contains no suitable keys for
DNS/ipa03.example.com at EXAMPLE.COM)
Oct 7 18:39:00 ipa04.example.com named-pkcs11[4537]: ldap_syncrepl
will reconnect in 60 seconds
Oct 7 18:39:16 ipa01.example.com named-pkcs11[15697]: connection to
the LDAP server was lost
Oct 7 18:39:16 ipa01.example.com named-pkcs11[15697]: Failed to get
initial credentials (TGT) using principal 'DNS/ipa03.example.com' and
keytab 'FILE:/etc/named.keytab' (Keytab contains no suitable keys for
DNS/ipa03.example.com at EXAMPLE.COM)
Oct 7 18:39:16 ipa01.example.com named-pkcs11[15697]: ldap_syncrepl
will reconnect in 60 seconds
More information about the Freeipa-users
mailing list