Christian Hernandez wrote:
Looks like I've narrowed it down to...something...

[r...@ipa1.la3.4over.com <mailto:r...@ipa1.la3.4over.com> ~]#
ipa-replica-manage list ipa1.gln.4over.com <http://ipa1.gln.4over.com>
Failed to get data from 'ipa1.gln.4over.com
<http://ipa1.gln.4over.com>': Invalid credentials SASL(-13):
authentication failure: GSSAPI Failure: gss_accept_sec_context
[r...@ipa1.la3.4over.com <mailto:r...@ipa1.la3.4over.com> ~]#
ipa-replica-manage list ipa1.da2.4over.com <http://ipa1.da2.4over.com>
ipa1.gln.4over.com <http://ipa1.gln.4over.com>: replica
ipa1.la3.4over.com <http://ipa1.la3.4over.com>: replica
[r...@ipa1.la3.4over.com <mailto:r...@ipa1.la3.4over.com> ~]#
ipa-replica-manage list $(hostname)
ipa1.da2.4over.com <http://ipa1.da2.4over.com>: replica
ipa1.gln.4over.com <http://ipa1.gln.4over.com>: replica
[r...@ipa1.la3.4over.com <mailto:r...@ipa1.la3.4over.com> ~]# rpm -qa
|egrep '389|ipa'
ipa-admintools-3.0.0-26.el6_4.2.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-python-3.0.0-26.el6_4.2.x86_64
libipa_hbac-python-1.9.2-82.4.el6_4.x86_64
389-ds-base-libs-1.2.11.15-12.el6_4.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-server-selinux-3.0.0-26.el6_4.2.x86_64
libipa_hbac-1.9.2-82.4.el6_4.x86_64
ipa-client-3.0.0-26.el6_4.2.x86_64
389-ds-base-1.2.11.15-12.el6_4.x86_64
ipa-server-3.0.0-26.el6_4.2.x86_64

Although when I try to remove the replication agreement...I can't =\

[r...@ipa1.la3.4over.com <mailto:r...@ipa1.la3.4over.com> ~]#
ipa-replica-manage disconnect $(hostname) ipa1.gln.4over.com
<http://ipa1.gln.4over.com>
Failed to get list of agreements from 'ipa1.gln.4over.com
<http://ipa1.gln.4over.com>': Invalid credentials SASL(-13):
authentication failure: GSSAPI Failure: gss_accept_sec_context

A couple of things to try:

- Check the KDC logs on the various hosts to see what error it is logging trying to get a ticket. - kdestroy and let ipa-replica-manage prompt you for the DM password, or pass it via -p on the command-line

The first might tell you why you are seeing an auth failure, the second should show the status of replication and let you run other commands. I'm not sure that disconnecting is going to fix anything though. I'm not sure what it is you're trying to do there.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to