On Wed, 2018-04-11 at 10:47 -0400, Dave Jablonski via FreeIPA-users
> One of the FreeIPA replicas are not able to use the GSSAPI authentication
> to connect to ldap server on itself or any other FreeIPA server.  I'm not
> sure why.  I added example.com to just replace the actual domains, we're
> not using that.  I really don't fully understand how the krbprincipalname
> is used but as a thought I think maybe we have 2 ldap/ krbbprincipal names
> for this host/service and it's using the wrong one for the mapping.

Have you tried to install two servers with the same name at the same time by
chance ?
I do not see how else you'd get a duplicate entry in ldap woth the keytab.
Either that or you reinstalled a server while the topology had replication
issues that got resolved after the second reinstall.


Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to