On Mon, Apr 15, 2013 at 02:29:18PM -0400, Rob Crittenden wrote: > There are some odd errors in ldap_child.log but it seems to cover a > later period than the other logs (not being able to bind using its > keytab is a bad thing). > > I think what you'll want to do, and this may be relatively tough, is > try to correlate these failures with the 389-ds access log and the > KDC logs to see if there are equivalent failures at around the same > times.
I agree, the ldap_child failing usually indicates an issue with the keytab and/or the KDC. The ldap_child functionality is roughly equivalent to "kinit -k". _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
