Terry Soucy wrote:
I have the keytab with the oldest version number shown in the kvno command, but when I put that into place, I get no joy.
A lot more details are required. Did you change or renew the keytab? Did it suddenly stop working, and when?
Logs? /var/log/dirsrv/slapd-REALM/error and access. /var/log/krb5kdc.log. rob
Terry On Wed, Nov 20, 2013 at 4:05 PM, Terry Soucy <[email protected] <mailto:[email protected]>> wrote: The service principal ldap/serverB was exported but not put into place at /etc/dirsrv/ds.keytab. Replication started failing, dns couldn't connect, the work generally started coming to an end. I've re-exported the service principal to a keytab file. If I export from serverA using the ipa-getkeytab file, I get one version number. If I export from server B, I get an older version number. When I use the kvno command, I get an even older number. Terry On Wed, Nov 20, 2013 at 3:56 PM, Rich Megginson <[email protected] <mailto:[email protected]>> wrote: On 11/20/2013 12:37 PM, Terry Soucy wrote:I am currently having the following issue. Running Redhat IPA on RHEL6.3 (ipa-server-3.0.0.25) in a basic two server multimaster setup. Servers A is running fine, but Server B is out of sync. More specifically, the ldap service principal is out of sync between the two servers, which is leading to no replication, etc, etc. I need to sync the ldap/serverB service principal on Server A with the ldap/serverB service principal on Server B. Is there a way to do that, or am I looking at a re-init of server B?I'm not sure what you mean by "the ldap service principal is out of sync between the two servers"?Terry -- Terry Soucy - Systems Engineer Salesforce MarketingCloud - http://www.salesforce.com (o) 506.631.7445 <tel:506.631.7445> (c) 506.609.3247 <tel:506.609.3247> | (e) [email protected] <mailto:[email protected]> _______________________________________________ Freeipa-users mailing list [email protected] <mailto:[email protected]> https://www.redhat.com/mailman/listinfo/freeipa-users-- Terry Soucy - Systems Engineer Salesforce MarketingCloud - http://www.salesforce.com (o) 506.631.7445 <tel:506.631.7445> (c) 506.609.3247 <tel:506.609.3247> | (e) [email protected] <mailto:[email protected]> -- Terry Soucy - Systems Engineer Salesforce MarketingCloud - http://www.salesforce.com (o) 506.631.7445 (c) 506.609.3247 | (e) [email protected] <mailto:[email protected]> _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
