Weird, when I do kdestroy it prompts me for a password to do the ipa-replica-manage list command and I supply the password but it states invaloud crednetials. When I do kinit and supply the password it works. They use the same account/password don't they?
From: [email protected] [mailto:[email protected]] On Behalf Of Mark Heslin Sent: Monday, July 28, 2014 3:27 PM To: [email protected] Subject: EXTERNAL: Re: [Freeipa-users] IPA Replica Issues On 07/28/2014 02:12 PM, Mark Heslin wrote: On 07/28/2014 12:46 PM, Joseph, Matthew (EXP) wrote: Hello, I'm currently running into some issues with my replica server. I noticed it wasn't getting any updates from the master server so I tried to do a force-sync but it states that it is an "invalid password" which I know it is not the case. I tried doing an ipa-replica-manager list replica_server but it gives me the SASL(-13) authentication failure: GSSAPI Failure: gss_accept_sec_context, 'desc' Invalid Credentials I've tried doing a kdestroy and have it prompt me for the password but again, same error. Any idea what this would be? Thanks, Matt Joe, Are you actually getting a valid Kerberos ticket - on the surface it would not appear so. Also, the command is 'ipa-replica-manage list': Example: # ipa-replica-manage list idm-srv1.example.com: master idm-srv2.example.com: master -m Joe, I forgot to add, you should be able to do this without a Kerberos ticket but you'll need to specify the Directory Mnager password: Example: # ipa-replica-manage list Directory Manager password: ******** idm-srv1.example.com: master idm-srv2.example.com: master # klist klist: No credentials cache found (ticket cache KEYRING:persistent:0:0) I'm runnning RHEL 7 - not sure whether or not this behavior is different on earlier versions. -m
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
