On Mon, 2012-05-07 at 20:38 -0700, David Copperfield wrote: > I have a IPA replica server with disk problems, and then it is > reimaged and rebuild. But when the IPA replica function is rebuilt, it > reports the following problem: > > > [root@ipareplica02 ipa]# ipa-replica-install > --no-ntp /var/lib/ipa/replica-info-ipareplica02.example.com.gpg > > ... > [21/29]: setting up initial replication > Starting replication, please wait until this has completed. > [ipamaster.example.com] reports: Update failed! Status: [49 - LDAP > error: Invalid credentials] > ... > > > Before I run the replica rebuilding step on IPA replica, I already run > 'ipa-replica-manage disconn ipareplica01.example.com' on IPA master, > and delete the host entry for ipareplica02 as well. > > > Did I missed any steps above? Please help. Thanks.
Due to the way kerberos ticket are built you need to restart the master this replica was replicating to before you rebuild a replica with the exact same name. This is because krb tickets are cached but you will change the long term key with a full reinstall, so the current master will have a ticket the replica cannot decrypt. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
