[Freeipa-users] Directory Manager password is correct but IPA-replica-prepare command fails with Invalid Credentials
Shiela Spaleta
shiela at securitycompass.com
Fri Mar 24 21:31:11 UTC 2017
I can successfully bind as the Directory Manager, but when I use the same
password to create a replica prep file I get an "Invalid Credentials"
error. How is this possible?
I'm running FreeIPA v3.0 on Centos 6 and created replica's successfully in
the past.
I tested the Directory Manager password by using it change the admin user's
password:
ldappasswd -D 'cn=directory manager' -W -S uid=admin,cn=users,cn=accounts
,dc=domain,dc=com
and that was successful (tested by getting a ticket as admin user with new
pwd).
But when I try to create a replica file:
# ipa-replica-prepare ipa2.shiela.com
Preparing replica for ipa2.shiela.com from ipa1.shiela.com
preparation of replica failed: Insufficient access: Invalid credentials
Insufficient access: Invalid credentials
File "/usr/sbin/ipa-replica-prepare", line 529, in <module>
main()
File "/usr/sbin/ipa-replica-prepare", line 391, in main
update_pki_admin_password(dirman_password)
File "/usr/sbin/ipa-replica-prepare", line 247, in
update_pki_admin_password
bind_pw=dirman_password
File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in
connect
conn = self.create_connection(*args, **kw)
File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line
846, in create_connection
self.handle_errors(e)
File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line
712, in handle_errors
raise errors.ACIError(info="%s %s" % (info, desc))
If anyone can shed light on this I would be grateful. I've checked
/var/log/dirsrv/PKI-IPA but it has not been any more helpful.
Shiela
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170324/3598bda2/attachment.htm>
More information about the Freeipa-users
mailing list