Simo Sorce wrote:
On Mon, 2012-05-07 at 20:38 -0700, David Copperfield wrote:
I have a IPA replica server with disk problems, and then it is
reimaged and rebuild. But when the IPA replica function is rebuilt, it
reports the following problem:
[root@ipareplica02 ipa]# ipa-replica-install
--no-ntp /var/lib/ipa/replica-info-ipareplica02.example.com.gpg
...
[21/29]: setting up initial replication
Starting replication, please wait until this has completed.
[ipamaster.example.com] reports: Update failed! Status: [49 - LDAP
error: Invalid credentials]
...
Before I run the replica rebuilding step on IPA replica, I already run
'ipa-replica-manage disconn ipareplica01.example.com' on IPA master,
and delete the host entry for ipareplica02 as well.
Did I missed any steps above? Please help. Thanks.
Due to the way kerberos ticket are built you need to restart the master
this replica was replicating to before you rebuild a replica with the
exact same name.
This is because krb tickets are cached but you will change the long term
key with a full reinstall, so the current master will have a ticket the
replica cannot decrypt.
Simo.
The connect/disconnect commands for ipa-replica-manage are used to
manage the replication agreements between masters. To completely remove
a master you want the delete command. We improved the man page
documentation of this a bit in the 2.2. release.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
