This stays out quite long and I faced absolutely the same behavior
adding 4.10.1 replica to 4.8.7.
Fiddled almost a week with that so posting my solution here in order to
(hopefully) save someone's time.
Problem was with password encryption scheme: 4.8.7 on an older CentOS
did not support PBKDF2-SHA512 used by 4.10.1 on FC37 so password
verification on older OS failed simply due to missing mechs. Logs did
not help to find the problem.
Switching to PBKDF2_SHA256 (not PBKDF2-SHA256) with
dsconf -D "cn=Directory Manager" -W ldaps://auth01.infra.ipa.local
config replace passwordStorageScheme=PBKDF2_SHA256
on FC37 made it work.
Use
dsconf -D "cn=Directory Manager" -W ldaps://auth01.infra.ipa.local
plugin list
to compare available mechs on master and new-added replica.
--
BR,
Oleg
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
