Hello, I have experienced some odd connectivity issues using MMR with FreeIPA (all systems CentOS 6.3). I have 2 ipa servers (ipaserver / ipaserver2) setup using MMR.
[root@ipaserver ~]#ipa-replica-manage list ipaserver.mpls.local: master ipaserver2.mpls.local: master [root@ipaserver ~]# rpm -qa|grep ipa libipa_hbac-1.8.0-32.el6.x86_64 ipa-admintools-2.2.0-16.el6.x86_64 ipa-server-2.2.0-16.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch libipa_hbac-python-1.8.0-32.el6.x86_64 ipa-client-2.2.0-16.el6.x86_64 ipa-server-selinux-2.2.0-16.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch python-iniparse-0.3.1-2.1.el6.noarch ipa-python-2.2.0-16.el6.x86_64 [root@ipaserver2 ~]#ipa-replica-manage list ipaserver.mpls.local: master ipaserver2.mpls.local: master [root@ipaserver2 ~]# rpm -qa|grep ipa ipa-client-2.2.0-16.el6.x86_64 ipa-server-2.2.0-16.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-python-2.2.0-16.el6.x86_64 libipa_hbac-1.8.0-32.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch libipa_hbac-python-1.8.0-32.el6.x86_64 ipa-admintools-2.2.0-16.el6.x86_64 ipa-server-selinux-2.2.0-16.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch [mike@ipaclient ~]$ rpm -qa|grep ipa ipa-admintools-2.2.0-16.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch ipa-python-2.2.0-16.el6.x86_64 libipa_hbac-python-1.8.0-32.el6.x86_64 ipa-client-2.2.0-16.el6.x86_64 libipa_hbac-1.8.0-32.el6.x86_64 I have a webserver (zenoss) using kerberos authentication. [root@zenoss ~]# rpm -qa|grep ipa libipa_hbac-1.8.0-32.el6.x86_64 libipa_hbac-python-1.8.0-32.el6.x86_64 ipa-python-2.2.0-16.el6.x86_64 ipa-client-2.2.0-16.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch ipa-admintools-2.2.0-16.el6.x86_64 <Location /> SSLRequireSSL AuthType Kerberos AuthName "Kerberos Login" KrbMethodK5Passwd Off KrbAuthRealms MPLS.LOCAL KrbSaveCredentials on KrbServiceName HTTP Krb5KeyTab /etc/http/conf.d/http.keytab AuthLDAPUrl "ldap://ipaserver.mpls.local ipaserver2.mpls.local/dc=mpls,dc=local?krbPrincipalName" RequestHeader set X_REMOTE_USER %{remoteUser}e require ldap-group cn=zenuser,cn=groups,cn=accounts,dc=mpls,dc=local </Location> With both ipaserver and ipaserver2 'up', if I connect to https://zenoss.mpls.local from ipaclient using firefox, I am successfully connected. If on ipaserver I do a 'ifdown eth0' and attempt another connection, it fails. I have also noticed the following: 1. I am unable to use the ipaserver2 management interface when ipaserver is unavailable. 2. It takes a longer period of time to do a kinit If the I then perform: [root@ipaserver ~]#ifup eth0 [root@ipaserver2 ~]#ifdown eth0 [mike@ipaclient ~]$kinit kinit: Cannot contact any KDC for realm 'MPLS.LOCAL' while getting initial credentials [root@ipaserver2 ~]#ifup eth0 [mike@ipaclient ~]$ kinit Password for mike@MPLS.LOCAL: [mike@ipaclient ~]$ [root@ipaserver2 ~]#ifdown eth0 ... wait number of minutes ipaclient screen locks - type password - after a short delay (~7 seconds) screen unlock compeletes [mike@ipaclient ~]$kinit Password for mike@MPLS.LOCAL: [mike@ipaclient ~]$ Any ideas? Thanks, Mike _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
