On 01/17/2014 01:12 PM, Petr Spacek wrote:
On 17.1.2014 12:44, Thomas Sailer wrote:
# ldapsearch -Y GSSAPI \*
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure.  Minor code may provide more information (Server
krbtgt/localdom...@xxxx.com not found in Kerberos database)

The LOCALDOMAIN part should equal to the REALM (after @). Is it the same and the difference came from your obfuscation or not?

No it's not my obfuscation, it's really LOCALDOMAIN.

It turned out that:

URI ldap://localhost

instead of URI ldaps://replica.xxxx.com


Urgh embarassing. Indeed, it turned out that I need to open port 8080 on the master (it is connected by the replica).

Port 8080 doesn't feature on the list in the above blog post, so I posted a comment...

> Replicas will be equal if you install CA to all servers.

Great to hear!

Have a nice day!

Thank you, and same to you!

Freeipa-users mailing list

Reply via email to