On Wed, 2018-04-11 at 10:47 -0400, Dave Jablonski via FreeIPA-users
> One of the FreeIPA replicas are not able to use the GSSAPI authentication
> to connect to ldap server on itself or any other FreeIPA server. I'm not
> sure why. I added example.com to just replace the actual domains, we're
> not using that. I really don't fully understand how the krbprincipalname
> is used but as a thought I think maybe we have 2 ldap/ krbbprincipal names
> for this host/service and it's using the wrong one for the mapping.
Have you tried to install two servers with the same name at the same time by
I do not see how else you'd get a duplicate entry in ldap woth the keytab.
Either that or you reinstalled a server while the topology had replication
issues that got resolved after the second reinstall.
Sr. Principal Software Engineer
Red Hat, Inc
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org