Hi all, I have a setup of 4 FreeIPA servers, version 4.6.5, all on CentOS 7.
I've discovered that #4 is not syncing a new "video" group I created, while the other 3 all have the group. When looking at dirsrv error log, I am seeing the following after running an ipactl stop / ipactl start: [27/Jan/2022:11:35:55.158724429 -0600] - ERR - set_krb5_creds - Could not get initial credentials for principal [ldap/freeipa4.clus...@us.ep.corp.LOCAL] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [27/Jan/2022:11:35:55.169790450 -0600] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [27/Jan/2022:11:35:55.173079823 -0600] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [27/Jan/2022:11:35:55.175096801 -0600] - INFO - slapd_daemon - Listening on /var/run/slapd-US-EP-CORP-LOCAL.socket for LDAPI requests [27/Jan/2022:11:35:55.235218894 -0600] - ERR - schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds! [27/Jan/2022:11:35:58.368835716 -0600] - ERR - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=meTofreeipa.us.ep.corp.local" (freeipa:389) - Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) () I am unsure what the issue is or how to resolve this. Could I get some assistance with being pointed in the right direction? Thank you!
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
