On 04/15/2013 08:41 PM, Christian Hernandez wrote: > Yup, looks like replication is broken =\ > > [[email protected] <mailto:[email protected]> ipa]# > ipa-replica-manage disconnect ipa1.la3.4over.com > <http://ipa1.la3.4over.com> > Failed to get list of agreements from 'ipa1.la3.4over.com > <http://ipa1.la3.4over.com>': Invalid credentials SASL(-13): > authentication failure: GSSAPI Failure: gss_accept_sec_context > > [[email protected] <mailto:[email protected]> ipa]# > ipa-replica-manage list ipa1.la3.4over.com <http://ipa1.la3.4over.com> > Failed to get data from 'ipa1.la3.4over.com > <http://ipa1.la3.4over.com>': Invalid credentials SASL(-13): > authentication failure: GSSAPI Failure: gss_accept_sec_context > > [[email protected] <mailto:[email protected]> ipa]# > ipa-replica-manage list > ipa1.la3.4over.com <http://ipa1.la3.4over.com>: master > ipa1.gln.4over.com <http://ipa1.gln.4over.com>: master > ipa1.da2.4over.com <http://ipa1.da2.4over.com>: master
Do the machines resolve each other correctly? > > > Thank you, > > Christian Hernandez > 1225 Los Angeles Street > Glendale, CA 91204 > Phone: 877-782-2737 ext. 4566 > Fax: 818-265-3152 > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > www.4over.com <http://www.4over.com/> <http://www.4over.com > <http://www.4over.com/>> > > > On Mon, Apr 15, 2013 at 4:58 PM, Christian Hernandez > <[email protected] <mailto:[email protected]>> wrote: > > Okay, > > So I tried to update to the newest version. Update went okay and > users can authenticate (as far as I can tell)... > > But I think may be replication broke? > > [[email protected] <mailto:[email protected]> log]# > ipa-replica-manage force-sync --from=ipa1.gln.4over.com > <http://ipa1.gln.4over.com> > Invalid password > > Any ideas? > > > Thank you, > > Christian Hernandez > 1225 Los Angeles Street > Glendale, CA 91204 > Phone: 877-782-2737 ext. 4566 > Fax: 818-265-3152 > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > www.4over.com <http://www.4over.com/> <http://www.4over.com > <http://www.4over.com/>> > > > On Mon, Apr 15, 2013 at 4:19 PM, Jakub Hrozek <[email protected] > <mailto:[email protected]>> wrote: > > On Mon, Apr 15, 2013 at 02:29:18PM -0400, Rob Crittenden wrote: > > There are some odd errors in ldap_child.log but it seems to > cover a > > later period than the other logs (not being able to bind > using its > > keytab is a bad thing). > > > > I think what you'll want to do, and this may be relatively > tough, is > > try to correlate these failures with the 389-ds access log > and the > > KDC logs to see if there are equivalent failures at around > the same > > times. > > I agree, the ldap_child failing usually indicates an issue > with the > keytab and/or the KDC. The ldap_child functionality is roughly > equivalent to > "kinit -k". > > _______________________________________________ > Freeipa-users mailing list > [email protected] <mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
