On Fri, Jul 28, 2017 at 02:05:05AM -0000, pgb 205 via FreeIPA-users wrote:
> Here is the log that I sent in yesterday. With
> server1 and server2 down, but server3 up.
> 
> kdc=server1
> kdc=server2
> kdc=server3
> kdc_master=server1
> kdc_master=server2
> kdc_master=server3
> 
> kinit tries server1 and server2 but never even attempts server3
> KRB5_TRACE=/dev/stdout kinit user(a)test.domain 
> [12536] 1501112935.251721: Getting initial credentials for user(a)test.domain 
> [12536] 1501112935.251917: Sending request (181 bytes) to test.domain
> [12536] 1501112935.251956: Resolving hostname server1
> [12536] 1501112935.252875: Sending initial UDP request to dgram server1_ip:88
> [12536] 1501112936.253962: Resolving hostname server2
> [12536] 1501112936.255680: Retrying AS request with master KDC
> [12536] 1501112936.255699: Getting initial credentials for user(a)test.domain
> [12536] 1501112936.255763: Sending request (181 bytes) to test.domain (master)
> [12536] 1501112936.255779: Resolving hostname server1
> [12536] 1501112936.256379: Sending initial UDP request to dgram server1_ip:88
> [12536] 1501112937.257451: Resolving hostname server2
> kinit: Invalid argument while getting initial credentials
> 
> kinit with following configuration will work, however.
> kdc=server1
> kdc=server2
> kdc=server3
> kdc_master=server1
> # kdc_master=server2
> kdc_master=server3

Interesting, but I admit I'm getting out of my depth here..

Perhaps some of the kerberos maintainers would like to chime in here?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to