Jakub, After doing some more troubleshooting I agree that there is no problem with having multiple kdc servers.However, having more than one non-functional master_kdc is what's causing the failure. server1 and server2 are down. server3 is up this works.
kdc=server1kdc=server2kdc=server3master_kdc=server1#master_kdc=server2master_kdc=server3 this will fail: kdc=server1kdc=server2kdc=server3master_kdc=server1master_kdc=server2master_kdc=server3 I've provided the log KRB5_TRACE output and it doesn't seem like kinit is even attempting to reach server3 if it sees that the first two master_kdc are down.
_______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org